Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Suspected Trojan

Started by Anderwolf , May 10 2011 03:20 PM

Please log in to reply

#1
Anderwolf

Posted 10 May 2011 - 03:20 PM

Member

Member
89 posts

Hello, about a week ago my computer starting randomly shutting down out of no where while playing video games. No warning or anything, just shuts down as if it were unplugged. I am fairly positive that it has only happened while playing games. That being the case, I assumed that it had something to do with the graphics card or something. But yesterday I noticed that I was getting pop ups while surfing the web, and that there always seems to be a few instances of Firefox.exe running in the task manager even when it's not open. I read somewhere that this could be symptoms of the PoinsenIvy Trojan, but I did some searching and none of the files that come with PoisenIvy are present on my machine. Anyway, I'm almost positive that there is some kind of virus/trojan here but I can not for the life of me find out what it is. Any help is greatly appreciated!!

Thanks
Anderwolf

#2
Cold Titanium

Posted 11 May 2011 - 06:09 PM

Trusted Helper

Malware Removal
1,735 posts

Hello Anderwolf and welcome to G2G!

My name is Cold Titanium :unsure:

, and I will be assisting you with your problem.

Please follow all of my instructions without skipping anything. Also, please refrain from experimenting around whilst I am helping you. At times some of the things I tell you to do may seem unnecessary and frustrating, but just stick to it and we'll get through :yes:

Note: Please save these instructions in a file or print them out, as the internet may not be available while we are fixing the system.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Let's get some logs

Step #1

Download OTL to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top make sure it is set to Standard Output.
Ensure the Use SafeList is selected for Extra Registry
Under the Custom Scans/Fixes box at the bottom, paste in the following

msconfig
safebootminimal
safebootnetwork
activex
netsvcs
drivers32 /all
%SYSTEMDRIVE%\*.*
%systemroot%\system32\*.wt
%systemroot%\system32\*.ruy
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
%systemroot%\system32\ws2help.dll /md5
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
hklm\software\clients\startmenuinternet|command /rs
Click the Run Scan button. Do not change any settings unless otherwise told to do so.
When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Step #2

Download GMER to your desktop
Right-Click and extract it to the desktop
Double-Click gmer.exe
If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
- IAT/EAT
- Drives/Partition other than Systemdrive (typically C:\)
- Show All (don't miss this one)
Then click the Scan button & wait for it to finish. (Please be patient as it can take some time to complete)

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

After it finishes scanning

Click on the [Save..] button, and in the File name area, type in "ark.txt"
Save it to your desktop

Post ark.txt in your next reply

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I'd like to see OTL.txt, Extras.txt, and ark.txt in your next reply...

#3
Anderwolf

Posted 13 May 2011 - 02:43 PM

Member

Topic Starter
Member
89 posts

Hello and thank you for getting back to me. The first scan went fine but the second one gave me an error message upon completion. It doesn't seem to have affected the scan though. Here is what the error message said:

"Windows was unable to save all the data for the file \$Directory. The data has been lost. This error may be caused by a failure of your computer hardware or network connection. Please try to save this file elsewhere"

Like I said though, doesn't seem to have caused any problems. Here are the logs you asked for.

Edited by Anderwolf, 13 May 2011 - 02:44 PM.

#4
Anderwolf

Posted 13 May 2011 - 02:44 PM

Member

Topic Starter
Member
89 posts

OTL Extras logfile created on: 5/13/2011 10:18:40 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 80.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 228.79 Gb Total Space | 5.88 Gb Free Space | 2.57% Space Free | Partition Type: NTFS
Drive D: | 4.09 Gb Total Space | 2.00 Gb Free Space | 48.97% Space Free | Partition Type: FAT32
Drive F: | 5.57 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: ANDERWOLF | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
.js [@ = JSFile] -- C:\Program Files\Panda Software\Panda Internet Security 2007\PAVSCRIP.EXE (Panda Software International)
.jse [@ = JSEFile] -- C:\Program Files\Panda Software\Panda Internet Security 2007\PAVSCRIP.EXE (Panda Software International)
.vbe [@ = VBEFile] -- C:\Program Files\Panda Software\Panda Internet Security 2007\PAVSCRIP.EXE (Panda Software International)
.vbs [@ = VBSFile] -- C:\Program Files\Panda Software\Panda Internet Security 2007\PAVSCRIP.EXE (Panda Software International)
.wsf [@ = WSFFile] -- C:\Program Files\Panda Software\Panda Internet Security 2007\PAVSCRIP.EXE (Panda Software International)
.wsh [@ = WSHFile] -- C:\Program Files\Panda Software\Panda Internet Security 2007\PAVSCRIP.EXE (Panda Software International)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [print] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1"
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1"
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
jsfile [open] -- C:\PROGRA~1\PANDAS~1\PANDAI~1\PAVSCRIP.EXE "%1" %* (Panda Software International)
jsefile [open] -- C:\PROGRA~1\PANDAS~1\PANDAI~1\PAVSCRIP.EXE "%1" %* (Panda Software International)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
vbefile [open] -- C:\PROGRA~1\PANDAS~1\PANDAI~1\PAVSCRIP.EXE "%1" %* (Panda Software International)
vbsfile [open] -- C:\PROGRA~1\PANDAS~1\PANDAI~1\PAVSCRIP.EXE "%1" %* (Panda Software International)
wsffile [open] -- C:\PROGRA~1\PANDAS~1\PANDAI~1\PAVSCRIP.EXE "%1" %* (Panda Software International)
wshfile [open] -- C:\PROGRA~1\PANDAS~1\PANDAI~1\PAVSCRIP.EXE "%1" %* (Panda Software International)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Add to playlist] -- "C:\Program Files\Sonique\Sonique.exe" -appendonly "%1" (Terra Lycos)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"16881:TCP" = 16881:TCP:*:Enabled:= Bittorrent
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster
"C:\Program Files\Dragon Age 2\bin_ship\DragonAge2.exe" = C:\Program Files\Dragon Age 2\bin_ship\DragonAge2.exe:*:Enabled:Dragon Age II -- (BioWare)
"C:\Program Files\Dragon Age 2\DragonAge2Launcher.exe" = C:\Program Files\Dragon Age 2\DragonAge2Launcher.exe:*:Enabled:Dragon Age II Launcher -- (BioWare)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\StubInstaller.exe" = C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer -- (LimeWire)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\Starcraft\StarCraft.exe" = C:\Program Files\Starcraft\StarCraft.exe:*:Enabled:Starcraft -- (Blizzard Entertainment)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
"C:\Program Files\BitLord\BitLord.exe" = C:\Program Files\BitLord\BitLord.exe:*:Enabled:BitLord
"C:\Program Files\Common Files\AOL\1156570191\ee\aim6.exe" = C:\Program Files\Common Files\AOL\1156570191\ee\aim6.exe:*:Enabled:AIM
"C:\Program Files\Total War\Medieval - Total War\Medieval_TW.exe" = C:\Program Files\Total War\Medieval - Total War\Medieval_TW.exe:*:Enabled:Medieval_TW
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe" = C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Disabled:AOL
"C:\Program Files\Common Files\AOL\System Information\sinf.exe" = C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Disabled:AOL
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Disabled:AOL
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Disabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Disabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Disabled:AOL
"C:\Program Files\Common Files\AOL\1139337279\EE\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1139337279\EE\AOLServiceHost.exe:*:Disabled:AOL
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Disabled:AOL
"C:\Program Files\Common Files\AOL\1156570191\ee\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1156570191\ee\aolsoftware.exe:*:Disabled:AOL Services
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Disabled:AOLTopSpeed
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Disabled:AOLTsMon
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\Common Files\AOL\1157781736\ee\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1157781736\ee\aolsoftware.exe:*:Enabled:AOL Services
"C:\Program Files\Common Files\AOL\1157781736\ee\aim6.exe" = C:\Program Files\Common Files\AOL\1157781736\ee\aim6.exe:*:Enabled:AIM
"C:\Program Files\World of Warcraft\WoW-1.12.0-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-1.12.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-1.12.0.5595-to-1.12.1.5875-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-1.12.0.5595-to-1.12.1.5875-enUS-downloader.exe:*:Enabled:Blizzard Downloader
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer
"C:\Program Files\Sierra\FEAR\fpupdate.exe" = C:\Program Files\Sierra\FEAR\fpupdate.exe:*:Enabled:fpupdate
"C:\Program Files\World of Warcraft\BackgroundDownloader.exe" = C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader
"C:\Program Files\World of Warcraft\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe" = C:\Program Files\World of Warcraft\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-2.0.3-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-2.0.3-enUS-downloader.exe:*:Enabled:Blizzard Downloader
"C:\Program Files\World of Warcraft\WoW-2.0.3.6299-to-2.0.5.6320-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-2.0.3.6299-to-2.0.5.6320-enUS-downloader.exe:*:Enabled:Blizzard Downloader
"C:\Program Files\World of Warcraft\WoW-2.0.5.6320-to-2.0.6.6337-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-2.0.5.6320-to-2.0.6.6337-enUS-downloader.exe:*:Enabled:Blizzard Downloader
"C:\Program Files\Azureus\Azureus.exe" = C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus -- (Azureus, Inc)
"C:\Program Files\World of Warcraft\WoW-2.0.6.6337-to-2.0.7.6383-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-2.0.6.6337-to-2.0.7.6383-enUS-downloader.exe:*:Enabled:Blizzard Downloader
"C:\Program Files\World of Warcraft\WoW-2.0.7.6383-to-2.0.8.6403-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-2.0.7.6383-to-2.0.8.6403-enUS-downloader.exe:*:Enabled:Blizzard Downloader
"C:\Program Files\World of Warcraft\WoW-2.0.8.6403-to-2.0.10.6448-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-2.0.8.6403-to-2.0.10.6448-enUS-downloader.exe:*:Enabled:Blizzard Downloader
"C:\Program Files\Electronic Arts\Command & Conquer 3\RetailExe\1.0\cnc3game.dat" = C:\Program Files\Electronic Arts\Command & Conquer 3\RetailExe\1.0\cnc3game.dat:*:Enabled:Command & Conquer 3 Tiberium Wars
"C:\Documents and Settings\Owner\Local Settings\Temp\ElectronicArts_Patcher_000.exe" = C:\Documents and Settings\Owner\Local Settings\Temp\ElectronicArts_Patcher_000.exe:*:Enabled:ElectronicArts_Patcher_000
"C:\Program Files\Electronic Arts\Command & Conquer 3\RetailExe\1.4\cnc3game.dat" = C:\Program Files\Electronic Arts\Command & Conquer 3\RetailExe\1.4\cnc3game.dat:*:Enabled:Command & Conquer 3 Tiberium Wars
"F:\gangsters2.exe" = F:\gangsters2.exe:*:Enabled:Gangsters 2
"C:\Program Files\Eidos Interactive\Hothouse Creations\Gangsters 2\Gangsters2.exe" = C:\Program Files\Eidos Interactive\Hothouse Creations\Gangsters 2\Gangsters2.exe:*:Enabled:Gangsters 2
"C:\Program Files\Atari\Neverwinter Nights 2\nwn2main.exe" = C:\Program Files\Atari\Neverwinter Nights 2\nwn2main.exe:*:Enabled:Neverwinter Nights 2 Main
"C:\Program Files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe" = C:\Program Files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:*:Enabled:Neverwinter Nights 2 AMD
"C:\Program Files\Atari\Neverwinter Nights 2\nwupdate.exe" = C:\Program Files\Atari\Neverwinter Nights 2\nwupdate.exe:*:Enabled:Neverwinter Nights 2 Updater
"C:\Program Files\Atari\Neverwinter Nights 2\nwn2server.exe" = C:\Program Files\Atari\Neverwinter Nights 2\nwn2server.exe:*:Enabled:Neverwinter Nights 2 Server
"C:\Program Files\Atari\Test Drive Unlimited\TestDriveUnlimited.exe" = C:\Program Files\Atari\Test Drive Unlimited\TestDriveUnlimited.exe:*:Enabled:Test Drive Unlimited
"C:\Program Files\EA GAMES\American McGee's Alice\alice.exe" = C:\Program Files\EA GAMES\American McGee's Alice\alice.exe:*:Enabled:American McGee's Alice -- (Rogue Entertainment)
"C:\Program Files\Hamachi\hamachi.exe" = C:\Program Files\Hamachi\hamachi.exe:*:Enabled:Hamachi Client -- (LogMeIn Inc.)
"C:\WINDOWS\system32\dplaysvr.exe" = C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper -- (Microsoft Corporation)
"C:\Program Files\Black Isle\Baldur's Gate\BGMain.exe" = C:\Program Files\Black Isle\Baldur's Gate\BGMain.exe:*:Enabled:Baldur's Gate, the Game
"C:\NeverwinterNights\NWN\nwmain.exe" = C:\NeverwinterNights\NWN\nwmain.exe:*:Enabled:Neverwinter Nights
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent
"C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- ()
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- (AOL LLC)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster
"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus / Vuze -- (Vuze Inc.)
"C:\Program Files\Steam\steamapps\common\test drive unlimited 2\UpLauncher.exe" = C:\Program Files\Steam\steamapps\common\test drive unlimited 2\UpLauncher.exe:*:Enabled:Test Drive Unlimited 2 -- (Eden Games)
"C:\Program Files\Steam\steamapps\common\magic the gathering - duels of the planeswalkers\DotP.exe" = C:\Program Files\Steam\steamapps\common\magic the gathering - duels of the planeswalkers\DotP.exe:*:Enabled:Magic: The Gathering - Duels of the Planeswalkers -- ()

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03A26689-82BB-6FF9-1FDA-93B18547C8C8}" = Catalyst Control Center Graphics Full New
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{15377C3E-9655-400F-B441-E69F0A6BEAFE}" = Recovery Software Suite Gateway
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21BC2871-0B96-9EC1-6CBF-A0B9BCBC0D89}" = Skins
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{25613C10-27D2-410B-942B-D922D5C3A7BE}" = Interlok driver setup x32
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 21
"{27F0B084-8305-4891-B9FD-4F2E3EDF98D4}" = iLok Client Helper x32x64
"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2B5A75F0-FD85-4094-AB00-94902398D192}" = Sony Media Manager 2.2
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3BB2CF34-1FC8-46E2-9D64-4A8D1D577549}" = Digidesign Pro Tools Creative Collection 8.0
"{3CBBEE47-C8F4-316A-92FF-ED7E3DFAE41E}" = ccc-core-static
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{409A13BD-5F3E-442B-BA7B-A1E32B2D8927}" = Digidesign Pro Tools LE 8.0
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 4.0
"{410DB4DE-354D-F472-F66D-FCFF345A8960}" = Catalyst Control Center Graphics Previews Common
"{41C12350-7819-4DF6-9B05-C9B2C88F9BA3}" = microKONTROL Librarian
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AC55A61-BA20-4DF5-ABFF-8F4819E0C875}" = Digital Media Reader
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5D95AD35-368F-47D5-B63A-A082DDF00111}" = Microsoft Digital Image Starter Edition 2006 Editor
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F49D1B0-D558-F251-715E-A46CD0A30FED}" = ccc-utility
"{61BA2A5B-881D-EEF7-F5D2-5EFAF7CCBDA9}" = Catalyst Control Center Graphics Light
"{651E5E05-3416-E761-B919-37EF1F4272F9}" = Catalyst Control Center Core Implementation
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{691F4068-81BF-49E3-B32E-FE3E16400111}" = Microsoft Digital Image Starter Edition 2006 Library
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A136B9A-1895-436F-83F8-30D9C68BB6EA}" = Rhapsody Player Engine
"{7191C910-3F72-B2CA-0FA5-F0E78F5F8FD2}" = CCC Help English
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77B5AD60-8F14-11D4-9BC9-0050041A1090}" = American McGee's Alice™
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7EACD785-823D-4D1B-9A5E-85FACAF5DFB3}_is1" = Oxin's Style! 3D Sexvilla 2.055.001
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8BBF6DFD-0AD9-43A7-9FBD-BF065E3866AE}" = URGE
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{9847FD75-A390-4AD0-8BC3-3B0131A254FB}_is1" = 3D SexVilla Oxin's Style!
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F1D8E17-2AE6-4608-901D-42146D7D9C68}" = Digidesign Audio Drivers 8.0
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A24C2C43-4312-493E-96B3-5D1DCE24DEBF}" = Free DigiRack Plug-Ins 8.0
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A70900000002}" = Adobe Reader 7.0.9
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C325F588-D6B1-4A7F-B6A2-914C75DDA348}" = Morrowind
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D3550190-88C4-4576-AA50-83359844EB9A}" = Auto-Tune EFX RTAS
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{DB3C800B-081B-4146-B4E3-EFB5B77AA913}" = TES Construction Set
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
"{E0F252A6-DE85-4E93-A93B-DFC3537B3965}" = WG111v2 Configuration Utility
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{EC33A4E0-A500-D4A2-C1F8-DCA04496B053}" = Catalyst Control Center Graphics Full Existing
"{ECE80888-45E5-46FD-8E0C-FEF3648847BB}" = Sibelius Scorch (all browsers)
"{EEBA9416-3207-47E0-9022-116440599DBC}" = Panda Internet Security 2007
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F2E23139-3404-4E3C-9855-7724415D62A5}" = Dragon Age II
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"15b35190-c6f9-11d9-9669-0800200c9a66_is1" = Dungeons & Dragons Online ®: Eberron Unlimited ™ v01.11.00.812
"53F13DB4D9611FD63BE580F06F0729BF236ABE68" = Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
"8461-7759-5462-8226" = Vuze
"Ad-Aware SE Personal" = Ad-Aware SE Personal
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"AIM_6" = AIM 6
"AlienGUIse Theme Manager" = AlienGUIse Theme Manager
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"Audacity_is1" = Audacity 1.2.6
"AviSynth" = AviSynth 2.5
"Azureus" = Azureus
"Battle.net" = Battle.net
"BigFix" = BigFix
"BootSkin" = BootSkin
"Carmageddon 2 Carpocalypse Now" = Carmageddon 2 Carpocalypse Now
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1" = Soft Data Fax Modem with SmartCP
"Collab" = Collab
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2007-07-22
"CursorXP" = CursorXP
"Diablo" = Diablo
"DivX Setup.divx.com" = DivX Setup
"DreamWorks Interactive: Neverhood" = The Neverhood
"FL Studio 6" = FL Studio 6
"HaaliMkx" = Haali Media Splitter
"Hamachi" = Hamachi 1.0.2.2
"HentaII 3D Oxin's Style!_is1" = HentaII 3D Oxin's Style!
"HijackThis" = HijackThis 1.99.1
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{27F0B084-8305-4891-B9FD-4F2E3EDF98D4}" = iLok Client Helper x32x64
"InstallShield_{4AC55A61-BA20-4DF5-ABFF-8F4819E0C875}" = Digital Media Reader
"InterActual Player" = InterActual Player
"IrfanView" = IrfanView (remove only)
"KLiteCodecPack_is1" = K-Lite Codec Pack 2.80 Basic
"LimeWire" = LimeWire 5.5.8
"LiveUpdate" = LiveUpdate 3.0 (Symantec Corporation)
"LogonStudio" = LogonStudio
"Mafia II_is1" = Mafia II
"Magic ISO Maker v5.4 (build 0247)" = Magic ISO Maker v5.4 (build 0247)
"Magicka_is1" = Magicka
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Money2006b" = Microsoft Money 2006
"Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
"Mplayer.com" = Mplayer.com
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"Panda ActiveScan" = Panda ActiveScan
"PC Wizard 2010_is1" = PC Wizard 2010.1.96
"PictureItSuiteTrial_v11" = Microsoft Digital Image Starter Edition 2006
"PowerISO" = PowerISO
"Reason4_is1" = Reason 4.0
"ReCycle_is1" = ReCycle 2.1
"RivaTuner" = RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Sonique15" = Sonique
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4
"Starcraft" = Starcraft
"StarCraft II" = StarCraft II
"Steam App 49400" = Magic: The Gathering - Duels of the Planeswalkers
"Steam App 9930" = Test Drive Unlimited 2
"Theme Manager" = Theme Manager
"Video Strip Poker" = Video Strip Poker
"VirtuallyJenna Oxin's Style!_is1" = VirtuallyJenna Oxin's Style!
"VLC media player" = VideoLAN VLC media player 0.8.6c
"WindowBlinds" = WindowBlinds
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xbox_360_CC_Driver" = Xbox 360 Controller for Windows
"Xfire" = Xfire (remove only)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/10/2011 03:18:17 PM | Computer Name = ANDERWOLF | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module ntdll.dll, version 5.1.2600.6055, fault address 0x00022235.

Error - 5/11/2011 04:04:10 AM | Computer Name = ANDERWOLF | Source = MsiInstaller | ID = 1024
Description = Product: Microsoft Office Professional Edition 2003 - Update '{CA93C194-87EF-4A2C-B2DE-99F3AF4CD36A}'
could not be installed. Error code 1635. Windows Installer can create logs to help
troubleshoot issues with installing software packages. Use the following link for
instructions on turning on logging support: http://go.microsoft....k/?LinkId=23127

Error - 5/11/2011 11:28:48 AM | Computer Name = ANDERWOLF | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 5/11/2011 11:28:48 AM | Computer Name = ANDERWOLF | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1985

Error - 5/11/2011 11:28:48 AM | Computer Name = ANDERWOLF | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1985

Error - 5/11/2011 07:54:21 PM | Computer Name = ANDERWOLF | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 5/11/2011 07:54:21 PM | Computer Name = ANDERWOLF | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 30335547

Error - 5/11/2011 07:54:21 PM | Computer Name = ANDERWOLF | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 30335547

Error - 5/12/2011 03:47:16 AM | Computer Name = ANDERWOLF | Source = MsiInstaller | ID = 1024
Description = Product: Microsoft Office Professional Edition 2003 - Update '{CA93C194-87EF-4A2C-B2DE-99F3AF4CD36A}'
could not be installed. Error code 1635. Windows Installer can create logs to help
troubleshoot issues with installing software packages. Use the following link for
instructions on turning on logging support: http://go.microsoft....k/?LinkId=23127

Error - 5/12/2011 12:42:24 PM | Computer Name = ANDERWOLF | Source = MsiInstaller | ID = 1024
Description = Product: Microsoft Office Professional Edition 2003 - Update '{CA93C194-87EF-4A2C-B2DE-99F3AF4CD36A}'
could not be installed. Error code 1635. Windows Installer can create logs to help
troubleshoot issues with installing software packages. Use the following link for
instructions on turning on logging support: http://go.microsoft....k/?LinkId=23127

[ System Events ]
Error - 5/12/2011 12:44:05 PM | Computer Name = ANDERWOLF | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070663: Security Update for Microsoft Office Word 2003 (KB2344911).

Error - 5/12/2011 12:44:05 PM | Computer Name = ANDERWOLF | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070663: Security Update for Microsoft Office 2003 (KB2509503).

Error - 5/12/2011 12:44:05 PM | Computer Name = ANDERWOLF | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070663: Security Update for Microsoft Office Web Components (KB947319).

Error - 5/12/2011 12:44:05 PM | Computer Name = ANDERWOLF | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070663: Security Update for Microsoft Office 2003 (KB974554).

Error - 5/12/2011 12:44:05 PM | Computer Name = ANDERWOLF | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070663: Security Update for Microsoft Office 2003 (KB975051).

Error - 5/12/2011 12:44:05 PM | Computer Name = ANDERWOLF | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070663: Security Update for Microsoft Office Excel 2003 (KB2502786).

Error - 5/12/2011 12:44:05 PM | Computer Name = ANDERWOLF | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070663: Update for Microsoft Office Outlook 2003 (KB2449798).

Error - 5/12/2011 12:44:05 PM | Computer Name = ANDERWOLF | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070663: Security Update for Microsoft Office Outlook 2003 (KB980373).

Error - 5/12/2011 12:44:05 PM | Computer Name = ANDERWOLF | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070663: Security Update for Microsoft Office 2003 (KB976382).

Error - 5/12/2011 12:44:05 PM | Computer Name = ANDERWOLF | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070663: Security Update for Microsoft Office Outlook 2003 (KB2293428).

< End of report >

#5
Anderwolf

Posted 13 May 2011 - 02:45 PM

Member

Topic Starter
Member
89 posts

Edited by Anderwolf, 13 May 2011 - 02:46 PM.

#6
Anderwolf

Posted 13 May 2011 - 02:45 PM

Member

Topic Starter
Member
89 posts

GMER 1.0.15.15627 - http://www.gmer.net
Rootkit scan 2011-05-13 15:27:48
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort1 HDT722525DLAT80 rev.V44OA96A
Running: gmer.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\kwryypow.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS (PandaShield driver/Panda Software) ZwCreateKey [0xBA4221BA]
SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS (PandaShield driver/Panda Software) ZwDeleteKey [0xBA4222D6]
SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS (PandaShield driver/Panda Software) ZwDeleteValueKey [0xBA42242A]
SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS (PandaShield driver/Panda Software) ZwEnumerateKey [0xBA4223B2]
SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS (PandaShield driver/Panda Software) ZwEnumerateValueKey [0xBA42258A]
SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS (PandaShield driver/Panda Software) ZwOpenKey [0xBA422264]
SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS (PandaShield driver/Panda Software) ZwQueryKey [0xBA42233E]
SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS (PandaShield driver/Panda Software) ZwQueryValueKey [0xBA422512]
SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS (PandaShield driver/Panda Software) ZwSetValueKey [0xBA422498]
SSDT \??\C:\WINDOWS\system32\DRIVERS\PavProc.sys (Panda Process Protection driver/Panda Software) ZwTerminateProcess [0x9A3DF4E8]
SSDT \??\C:\WINDOWS\system32\DRIVERS\PavProc.sys (Panda Process Protection driver/Panda Software) ZwTerminateThread [0x9A3DED72]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2FE8 80504884 8 Bytes CALL F2EA867D
? C:\WINDOWS\system32\drivers\sptd.sys The process cannot access the file because it is being used by another process.
? System32\Drivers\ahwkd4kq.SYS The system cannot find the path specified. !
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB8527000, 0x1985C4, 0xE8000020]
.text USBPORT.SYS!DllUnload AB36C8AC 5 Bytes JMP 83FC91C8
.text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0x9A860300, 0x3AE88, 0xE8000020]
.text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xB2B13300, 0x1B7E, 0xE8000020]
? C:\WINDOWS\system32\DRIVERS\COMFiltr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[1332] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00401410 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\WINDOWS\Explorer.EXE[1880] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00DD000A
.text C:\WINDOWS\Explorer.EXE[1880] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00DE000A
.text C:\WINDOWS\Explorer.EXE[1880] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B7000C
.text C:\WINDOWS\Explorer.EXE[1880] USER32.dll!GetCursor 7E42A91B 5 Bytes JMP 01391080 C:\Program Files\CursorXP\CurXP0.dll (CursorXP control panel/ )
.text C:\WINDOWS\Explorer.EXE[1880] USER32.dll!DrawIconEx 7E42CB84 5 Bytes JMP 01391120 C:\Program Files\CursorXP\CurXP0.dll (CursorXP control panel/ )
.text C:\WINDOWS\Explorer.EXE[1880] USER32.dll!GetIconInfo 7E42D427 5 Bytes JMP 01391030 C:\Program Files\CursorXP\CurXP0.dll (CursorXP control panel/ )
.text C:\WINDOWS\system32\wuauclt.exe[3116] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00BA000A
.text C:\WINDOWS\system32\wuauclt.exe[3116] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00BB000A
.text C:\WINDOWS\system32\wuauclt.exe[3116] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B9000C
.text C:\Program Files\Panda Software\Panda Internet Security 2007\apvxdwin.exe[3772] USER32.dll!GetCursor 7E42A91B 5 Bytes JMP 00B01080 C:\Program Files\CursorXP\CurXP0.dll (CursorXP control panel/ )
.text C:\Program Files\Panda Software\Panda Internet Security 2007\apvxdwin.exe[3772] USER32.dll!DrawIconEx 7E42CB84 5 Bytes JMP 00B01120 C:\Program Files\CursorXP\CurXP0.dll (CursorXP control panel/ )
.text C:\Program Files\Panda Software\Panda Internet Security 2007\apvxdwin.exe[3772] USER32.dll!GetIconInfo 7E42D427 5 Bytes JMP 00B01030 C:\Program Files\CursorXP\CurXP0.dll (CursorXP control panel/ )
.text C:\Documents and Settings\Owner\Desktop\gmer.exe[5148] USER32.dll!GetCursor 7E42A91B 5 Bytes JMP 01291080 C:\Program Files\CursorXP\CurXP0.dll (CursorXP control panel/ )
.text C:\Documents and Settings\Owner\Desktop\gmer.exe[5148] USER32.dll!DrawIconEx 7E42CB84 5 Bytes JMP 01291120 C:\Program Files\CursorXP\CurXP0.dll (CursorXP control panel/ )
.text C:\Documents and Settings\Owner\Desktop\gmer.exe[5148] USER32.dll!GetIconInfo 7E42D427 5 Bytes JMP 01291030 C:\Program Files\CursorXP\CurXP0.dll (CursorXP control panel/ )

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs ShldDrv.SYS (PandaShield driver/Panda Software)
Device \FileSystem\Ntfs \Ntfs 843361E8

AttachedDevice \FileSystem\Ntfs \Ntfs pavdrv51.sys (AntiMalware Filter Driver for Windows XP/2003/Panda Software International)

Device \FileSystem\Fastfat \FatCdrom 82D1B1E8

AttachedDevice \Driver\Tcpip \Device\Ip NETFLTDI.SYS (Panda TDI Filter/Panda Software)

Device \Driver\usbohci \Device\USBPDO-0 83ED6790
Device \Driver\dmio \Device\DmControl\DmIoDaemon 843C21E8
Device \Driver\dmio \Device\DmControl\DmConfig 843C21E8
Device \Driver\dmio \Device\DmControl\DmPnP 843C21E8
Device \Driver\dmio \Device\DmControl\DmInfo 843C21E8
Device \Driver\usbehci \Device\USBPDO-1 83ED7590

AttachedDevice \Driver\Tcpip \Device\Tcp NETFLTDI.SYS (Panda TDI Filter/Panda Software)

Device \Driver\Ftdisk \Device\HarddiskVolume1 843511E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 843511E8
Device \Driver\Cdrom \Device\CdRom0 83EE61E8
Device \Driver\usbstor \Device\000000b0 83E7B610
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 8428833B
Device \Driver\atapi \Device\Ide\IdePort0 [B9DEAB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 8428833B
Device \Driver\atapi \Device\Ide\IdePort1 [B9DEAB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort2 8428833B
Device \Driver\atapi \Device\Ide\IdePort2 [B9DEAB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort3 8428833B
Device \Driver\atapi \Device\Ide\IdePort3 [B9DEAB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort4 8428833B
Device \Driver\atapi \Device\Ide\IdePort4 [B9DEAB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP1T0L0-3 8428833B
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-3 [B9DEAB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP0T1L0-1f 8428833B
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-1f [B9DEAB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP2T0L0-12 8428833B
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-12 [B9DEAB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\Cdrom \Device\CdRom1 83EE61E8
Device \Driver\usbstor \Device\000000b2 83E7B610
Device \Driver\Cdrom \Device\CdRom2 83EE61E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{5646A873-7588-4EE4-A716-40ED900FF0C1} 830811E8
Device \Driver\usbstor \Device\000000b3 83E7B610
Device \Driver\usbstor \Device\000000b4 83E7B610
Device \Driver\usbstor \Device\000000b5 83E7B610
Device \Driver\NetBT \Device\NetBt_Wins_Export 830811E8
Device \Driver\NetBT \Device\NetbiosSmb 830811E8
Device \Driver\PCI_NTPNP7542 \Device\00000086 sptd.sys
Device \Driver\PCI_NTPNP7542 \Device\00000087 sptd.sys

AttachedDevice \Driver\Tcpip \Device\Udp NETFLTDI.SYS (Panda TDI Filter/Panda Software)
AttachedDevice \Driver\Tcpip \Device\RawIp NETFLTDI.SYS (Panda TDI Filter/Panda Software)

Device \Driver\usbohci \Device\USBFDO-0 83ED6790
Device \Driver\usbehci \Device\USBFDO-1 83ED7590
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 82ED91E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 82ED91E8
Device \Driver\Ftdisk \Device\FtControl 843511E8
Device \Driver\ahwkd4kq \Device\Scsi\ahwkd4kq1 840561E8
Device \Driver\ahwkd4kq \Device\Scsi\ahwkd4kq1Port5Path0Target0Lun0 840561E8
Device \FileSystem\Fastfat \Fat 82D1B1E8

AttachedDevice \FileSystem\Fastfat \Fat pavdrv51.sys (AntiMalware Filter Driver for Windows XP/2003/Panda Software International)

Device \FileSystem\Cdfs \Cdfs 83E64480

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 1848199765
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 -1873092195
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x16 0xB6 0x7D 0xFF ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xD5 0xFE 0x58 0xD7 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x6D 0x25 0xA2 0x78 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@hdf12 0xDE 0x98 0x5B 0x27 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0@hdf12 0x43 0x2E 0xCB 0x7F ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq1@hdf12 0x1D 0x9F 0xAD 0x76 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x63 0x40 0x82 0x73 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x16 0xB6 0x7D 0xFF ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xD5 0xFE 0x58 0xD7 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x78 0x20 0x87 0x25 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@hdf12 0xDE 0x98 0x5B 0x27 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0@hdf12 0x43 0x2E 0xCB 0x7F ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq1@hdf12 0x1D 0x9F 0xAD 0x76 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x63 0x40 0x82 0x73 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x16 0xB6 0x7D 0xFF ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xD5 0xFE 0x58 0xD7 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x6D 0x9B 0x22 0xC0 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@hdf12 0x92 0x77 0xEC 0xB5 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0@hdf12 0xD3 0xB5 0xCC 0xB2 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq1@hdf12 0x9F 0x32 0x67 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x78 0x12 0x71 0x01 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xD2 0x85 0xFD 0x8A ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x7B 0x7B 0x47 0x9F ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{1B8C62C1-8A4B-AED8-C751-912A26E92366}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E325944E-42CC-FA90-2274-DEB16F4B95C1}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E325944E-42CC-FA90-2274-DEB16F4B95C1}@iabfhapocchoehmlbn 0x6A 0x61 0x6C 0x68 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E325944E-42CC-FA90-2274-DEB16F4B95C1}@hahenaofjigboinn 0x6B 0x61 0x67 0x69 ...

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 MBR read error
Disk \Device\Harddisk0\DR0 MBR BIOS signature not found 0

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\Owner\Desktop\Stuff\Programs\OpenOffice.org 3.1 (en-US) Installation Files\instmsia.exe 1708856 bytes executable
File C:\Documents and Settings\Owner\Desktop\Stuff\Programs\OpenOffice.org 3.1 (en-US) Installation Files\instmsiw.exe 1822520 bytes executable
File C:\Documents and Settings\Owner\Desktop\Stuff\Programs\OpenOffice.org 3.1 (en-US) Installation Files\java 0 bytes
File C:\Documents and Settings\Owner\Desktop\Stuff\Programs\OpenOffice.org 3.1 (en-US) Installation Files\java\jre-windows-i586.exe 16283032 bytes
File C:\Documents and Settings\Owner\Desktop\Stuff\Programs\OpenOffice.org 3.1 (en-US) Installation Files\licenses 0 bytes
File C:\Documents and Settings\Owner\Desktop\Stuff\Programs\OpenOffice.org 3.1 (en-US) Installation Files\licenses\license_en-US.html 44719 bytes
File C:\Documents and Settings\Owner\Desktop\Stuff\Programs\OpenOffice.org 3.1 (en-US) Installation Files\licenses\license_en-US.txt 44560 bytes
File C:\Documents and Settings\Owner\Desktop\Stuff\Programs\OpenOffice.org 3.1 (en-US) Installation Files\openofficeorg1.cab 133492859 bytes
File C:\Documents and Settings\Owner\Desktop\Stuff\Programs\OpenOffice.org 3.1 (en-US) Installation Files\openofficeorg31.msi 9815040 bytes
File C:\Documents and Settings\Owner\Desktop\Stuff\Programs\OpenOffice.org 3.1 (en-US) Installation Files\readmes 0 bytes
File C:\Documents and Settings\Owner\Desktop\Stuff\Programs\OpenOffice.org 3.1 (en-US) Installation Files\readmes\readme_en-US.html 12407 bytes
File C:\Documents and Settings\Owner\Desktop\Stuff\Programs\OpenOffice.org 3.1 (en-US) Installation Files\readmes\readme_en-US.txt 12997 bytes
File C:\Documents and Settings\Owner\Desktop\Stuff\Programs\OpenOffice.org 3.1 (en-US) Installation Files\redist 0 bytes
File C:\Documents and Settings\Owner\Desktop\Stuff\Programs\OpenOffice.org 3.1 (en-US) Installation Files\redist\vcredist_x86.exe 1821192 bytes executable
File C:\Documents and Settings\Owner\Desktop\Stuff\Programs\OpenOffice.org 3.1 (en-US) Installation Files\setup.exe 451928 bytes executable
File C:\Documents and Settings\Owner\Desktop\Stuff\Programs\OpenOffice.org 3.1 (en-US) Installation Files\setup.ini 336 bytes
File C:\Documents and Settings\Owner\Desktop\Stuff\REASON STUFF\New Reason 0 bytes
File C:\Documents and Settings\Owner\Desktop\Stuff\REASON STUFF\New Reason\New Songs From Eleanore .rns 342062 bytes
File C:\Documents and Settings\Owner\Desktop\Stuff\REASON STUFF\New Reason\adfasdfadfasf.rns 93576 bytes
File C:\Documents and Settings\Owner\Desktop\Stuff\REASON STUFF\New Reason\andy reason patches 0 bytes
File C:\Documents and Settings\Owner\Desktop\Stuff\REASON STUFF\New Reason\andy reason patches\cool loops patch.sxt 1450 bytes
File C:\Documents and Settings\Owner\Desktop\Stuff\REASON STUFF\New Reason\Class Song First Demo SPECIAL EFFECTS3.rps 84130 bytes
File C:\Documents and Settings\Owner\Desktop\Stuff\REASON STUFF\New Reason\CLASS SONG PIANO FINAL VERSION.rns 239152 bytes
File C:\Documents and Settings\Owner\Desktop\Stuff\REASON STUFF\New Reason\CLASS SONG WELCOME CHINA =) FINAL VERSION.rns 182330 bytes
File C:\Documents and Settings\Owner\Desktop\Stuff\REASON STUFF\New Reason\creepy.rns 183046 bytes
File C:\Documents and Settings\Owner\Desktop\Stuff\REASON STUFF\New Reason\demo.wav 10584058 bytes
File C:\Documents and Settings\Owner\Desktop\Stuff\REASON STUFF\New Reason\in the mix sample.wav 2028658 bytes
File C:\Documents and Settings\Owner\Desktop\Stuff\REASON STUFF\New Reason\MAKE THIS A SONG =).wav 6713842 bytes
File C:\Documents and Settings\Owner\Desktop\Stuff\REASON STUFF\New Reason\New Reason Projects 0 bytes
File C:\Documents and Settings\Owner\Desktop\Stuff\REASON STUFF\New Reason\New Reason Projects\Ambient 0 bytes
File C:\Documents and Settings\Owner\Desktop\Stuff\REASON STUFF\New Reason\New Reason Projects\Ambient\Abient Ambulence Starting New Before changes.rns 277088 bytes
File C:\Documents and Settings\Owner\Desktop\Stuff\REASON STUFF\New Reason\New Reason Projects\Ambient\Abient Ambulence Starting New.rns 274144 bytes
File C:\Documents and Settings\Owner\Desktop\Stuff\REASON STUFF\New Reason\New Reason Projects\Ambient\Ambient Ambulance Project 0 bytes
File C:\Documents and Settings\Owner\Desktop\Stuff\REASON STUFF\New Reason\New Reason Projects\Ambient\Ambient Ambulance Project\Patches 0 bytes
File C:\Documents and Settings\Owner\Desktop\Stuff\REASON STUFF\New Reason\New Reason Projects\Ambient\Ambient Ambulance Project\Patches\drum kit patch.drp 9402 bytes
File C:\Documents and Settings\Owner\Desktop\Stuff\REASON STUFF\New Reason\New Reason Projects\Ambient\Ambient Ambulance Project\Patches\effect patch.sxt 15430 bytes
File C:\Documents and Settings\Owner\Desktop\Stuff\REASON STUFF\New Reason\New Reason Projects\Ambient\Ambient Ambulance Project\Patches\PIANO EFFECT.cmb 66844 bytes
File C:\Documents and Settings\Owner\Desktop\Stuff\REASON STUFF\New Reason\New Reason Projects\Ambient\Ambient Ambulance Project\Patches\PIANO.cmb 41472 bytes
File C:\Documents and Settings\Owner\Desktop\Stuff\REASON STUFF\New Reason\New Reason Projects\Ambient\Ambient Ambulance Project\Patches\violin patch.sxt 16754 bytes
File C:\Documents and Settings\Owner\Desktop\Stuff\REASON STUFF\New Reason\New Reason Projects\Ambient\AMBIENT AMBULENCE FIRST DEMO.mp3 4796254 bytes
File C:\Documents and Settings\Owner\Desktop\Stuff\REASON STUFF\New Reason\New Reason Projects\Ambient\AMBIENT AMBULENCE FIRST DEMO.rns 362696 bytes
File C:\Documents and Settings\Owner\Desktop\Stuff\REASON STUFF\New Reason\New Reason Projects\Ambient\AMBIENT AMBULENCE FIRST DEMO1.rns 436556 bytes
File C:\Documents and Settings\Owner\Desktop\Stuff\REASON STUFF\New Reason\New Reason Projects\Ambient\AMBIENT AMBULENCE FIRST DEMO2 KEN CHANGE NOTES.rns 436558 bytes
File C:\Documents and Settings\Owner\Desktop\Stuff\REASON STUFF\New Reason\New Reason Projects\Ambient\Ambient Ambulence.rns 231772 bytes
File C:\Documents and Settings\Owner\Desktop\Stuff\REASON STUFF\New Reason\New Reason Projects\Ambient\Ambient Ambulence2.rns 230968 bytes
File C:\Documents and Settings\Owner\Desktop\Stuff\REASON STUFF\New Reason\New Reason Projects\Ambient\Ambient Ambulence3.mp3 4796254 bytes
File C:\Documents and Settings\Owner\Desktop\Stuff\REASON STUFF\New Reason\New Reason Projects\Ambient\Ambient Ambulence3.rns 276040 bytes
File C:\Documents and Settings\Owner\Desktop\Stuff\REASON STUFF\New Reason\New Reason Projects\Constance 0 bytes
File C:\Documents and Settings\Owner\Desktop\Stuff\REASON STUFF\New Reason\New Reason Projects\Constance\CONSTANCE FLANGY PIANO ^^.rns 476672 bytes
File C:\Documents and Settings\Owner\Desktop\Stuff\REASON STUFF\New Reason\New Reason Projects\Constance\constance.rns 470620 bytes
File C:\Documents and Settings\Owner\Desktop\Stuff\REASON STUFF\New Reason\New Reason Projects\Constance\constance2.mp3 4796254 bytes
File C:\Documents and Settings\Owner\Desktop\Stuff\REASON STUFF\New Reason\New Reason Projects\Constance\constance2.rns 474170 bytes
File C:\Documents and Settings\Owner\Desktop\Stuff\REASON STUFF\New Reason\New Reason Projects\Constance\constance2.wav 35280088 bytes
File C:\Documents and Settings\Owner\Desktop\Stuff\REASON STUFF\New Reason\New Reason Projects\Constance\NEW CONSTANCE 7-28-09 =).rns 474174 bytes
File C:\Documents and Settings\Owner\Desktop\Stuff\REASON STUFF\New Reason\New Reason Projects\piano samples.rns 684190 bytes
File C:\Documents and Settings\Owner\Desktop\Stuff\REASON STUFF\New Reason\New Reason Projects\Rap 0 bytes
File C:\Documents and Settings\Owner\Desktop\Stuff\REASON STUFF\New Reason\New Reason Projects\Rap\All Fly Project 0 bytes
File C:\Documents and Settings\Owner\Desktop\Stuff\REASON STUFF\New Reason\New Reason Projects\Rap\All Fly Project\All Fly 2.mp3 6187852 bytes
File C:\Documents and Settings\Owner\Desktop\Stuff\REASON STUFF\New Reason\New Reason Projects\Rap\All Fly Project\all fly edited (auxs and eqs).rns 219110 bytes
File C:\Documents and Settings\Owner\Desktop\Stuff\REASON STUFF\New Reason\New Reason Projects\Rap\All Fly Project\All Fly Good Edit.rns 230050 bytes
File C:\Documents and Settings\Owner\Desktop\Stuff\REASON STUFF\New Reason\New Reason Projects\Rap\All Fly Project\All Fly.mp3 6187852 bytes
File C:\Documents and Settings\Owner\Desktop\Stuff\REASON STUFF\New Reason\New Reason Projects\Rap\All Fly Project\all fly.rns 218770 bytes
File C:\Documents and Settings\Owner\Desktop\Stuff\REASON STUFF\New Reason\New Reason Projects\Rap\boomboomboom.mp3 3969934 bytes
File C:\Documents and Settings\Owner\Desktop\Stuff\REASON STUFF\New Reason\New Reason Projects\Rap\Gangsta Love Project 0 bytes
File C:\Documents and Settings\Owner\Desktop\Stuff\REASON STUFF\New Reason\New Reason Projects\Rap\Gangsta Love Project\GANGSTA LOVE FIRST SAVE.rns 165508 bytes
File C:\Documents and Settings\Owner\Desktop\Stuff\REASON STUFF\New Reason\New Reason Projects\Rap\Gangsta Love Project\ggangstaa love.mp3 1440894 bytes
File C:\Documents and Settings\Owner\Desktop\Stuff\REASON STUFF\New Reason\New Reason Projects\Rap\Gangsta Love Project\ggangstaa love.wav 10584058 bytes
File C:\Documents and Settings\Owner\Desktop\Stuff\REASON STUFF\New Reason\New Reason Projects\Rap\HipHOP4josh02.rns 50426 bytes
File C:\Documents and Settings\Owner\Desktop\Stuff\REASON STUFF\New Reason\New Reason Projects\Rap\HippityHop.rns 0 bytes
File C:\Documents and Settings\Owner\Desktop\Stuff\REASON STUFF\New Reason\New Reason Projects\Rap\random hip hop beats.rns 0 bytes
File C:\Documents and Settings\Owner\Desktop\Stuff\REASON STUFF\New Reason\New Reason Projects\Rap\RAP SAMPLES FOR USE.rns 0 bytes
File C:\Documents and Settings\Owner\Desktop\Stuff\REASON STUFF\New Reason\New Reason Projects\School Stuff 0 bytes
File C:\Documents and Settings\Owner\Desktop\Stuff\REASON STUFF\New Reason\New Reason Projects\Techno 0 bytes
File C:\Documents and Settings\Owner\Desktop\Stuff\REASON STUFF\Old Reason 0 bytes
File C:\Documents and Settings\Owner\Desktop\Stuff\REASON STUFF\Piano solo.wav 0 bytes

---- EOF - GMER 1.0.15 ----

#7
Cold Titanium

Posted 13 May 2011 - 05:21 PM

Trusted Helper

Malware Removal
1,735 posts

I had something come up so replies may be a bit slow..

You posted the Extras.txt twice, I need to see OTL.txt

Step #1

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Please post OTL.txt and the aswMBR report

#8
Anderwolf

Posted 13 May 2011 - 09:36 PM

Member

Topic Starter
Member
89 posts

Sorry about that no idea how that happened. I am having trouble posting the OTL log. It give me some kind of page load error every time I click post reply. It only happens with the OTL log though... what the heck?! Not really sure what to do about that, but here is the MBR log for now:

aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software
Run date: 2011-05-13 22:29:02
-----------------------------
22:29:02.421 OS Version: Windows 5.1.2600 Service Pack 3
22:29:02.421 Number of processors: 2 586 0x2B01
22:29:02.421 ComputerName: ANDERWOLF UserName: Owner
22:29:07.718 Initialize success
22:29:15.421 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-3
22:29:15.421 Disk 0 Vendor: HDT722525DLAT80 V44OA96A Size: 238475MB BusType: 3
22:29:15.421 Device \Driver\atapi -> DriverStartIo 842fe33b
22:29:15.421 Disk 0 MBR read error 0
22:29:15.421 Disk 0 MBR scan
22:29:15.421 Disk 0 unknown MBR code
22:29:15.421 MBR BIOS signature not found 0
22:29:15.437 Disk 0 scanning sectors +488392065
22:29:15.437 Disk 0 scanning C:\WINDOWS\system32\drivers
22:29:24.781 Service scanning
22:29:26.546 Disk 0 trace - called modules:
22:29:26.546 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x842fe4f0]<<
22:29:26.546 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8429e290]
22:29:26.546 3 CLASSPNP.SYS[ba168fd7] -> nt!IofCallDriver -> \Device\000000a7[0x8430f510]
22:29:26.546 5 ACPI.sys[b9e55620] -> nt!IofCallDriver -> [0x8420b940]
22:29:26.546 \Driver\atapi[0x8429c788] -> IRP_MJ_CREATE -> 0x842fe4f0
22:29:26.546 Scan finished successfully
22:29:54.875 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"
22:29:54.875 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt"

#9
Cold Titanium

Posted 15 May 2011 - 12:16 PM

Trusted Helper

Malware Removal
1,735 posts

I think your MBR may be infected, but I want to make double sure before I reset it

Please visit VirusTotal and click

Browse
Select MBR.dat on your desktop
Click Send File

A virus scan will be run on MBR.dat. If the page hangs, refresh it.

Tell me if any of the scanners detected something and post what they found.

#10
Anderwolf

Posted 15 May 2011 - 05:51 PM

Member

Topic Starter
Member
89 posts

I tried to submit the file and it gave me a message saying that the file had already been submitted in the past. So I clicked reanalyze and it didn't seem to do much. It took me to another page where it said the status was "queued" and there were some user comments underneath. Not even sure what the page intended for..

Anyway, meanwhile yesterday I had another problem pop up out of no where. It was one of those fake virus programs. Had a process in the backround running called qrb or qlb or something and I had to do a system restore to get rid of it because it was even present in safe mode. But it appears to have gone away and now I have a few programs in msconfig on startup that are just square boxes for the title. So I disabled them and now I get a bunch of error messages when booting up about the missing files but they are still just square boxes. like the ASCii codes or whatever. Anyway this seems to be a new problem so I just wanted to let you know. Awaiting your reply as to what to do next.

Thanks

#11
Cold Titanium

Posted 16 May 2011 - 03:09 PM

Trusted Helper

Malware Removal
1,735 posts

I want to try something first. My replies should start speeding up now. Sorry about that.

Please read carefully and follow these steps.

Download TDSSKiller and save it to your Desktop.
Extract its contents to your desktop.
Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

#12
Anderwolf

Posted 17 May 2011 - 10:54 AM

Member

Topic Starter
Member
89 posts

Not a problem, I appreciate your help. Here is the log you requested.

Thanks

2011/05/17 11:42:01.0296 4616 TDSS rootkit removing tool 2.5.1.0 May 13 2011 13:20:29
2011/05/17 11:42:02.0906 4616 ================================================================================
2011/05/17 11:42:02.0906 4616 SystemInfo:
2011/05/17 11:42:02.0906 4616
2011/05/17 11:42:02.0906 4616 OS Version: 5.1.2600 ServicePack: 3.0
2011/05/17 11:42:02.0906 4616 Product type: Workstation
2011/05/17 11:42:02.0906 4616 ComputerName: ANDERWOLF
2011/05/17 11:42:02.0906 4616 UserName: Owner
2011/05/17 11:42:02.0906 4616 Windows directory: C:\WINDOWS
2011/05/17 11:42:02.0906 4616 System windows directory: C:\WINDOWS
2011/05/17 11:42:02.0906 4616 Processor architecture: Intel x86
2011/05/17 11:42:02.0906 4616 Number of processors: 2
2011/05/17 11:42:02.0906 4616 Page size: 0x1000
2011/05/17 11:42:02.0906 4616 Boot type: Normal boot
2011/05/17 11:42:02.0906 4616 ================================================================================
2011/05/17 11:42:03.0328 4616 Initialize success
2011/05/17 11:42:07.0453 5416 ================================================================================
2011/05/17 11:42:07.0453 5416 Scan started
2011/05/17 11:42:07.0453 5416 Mode: Manual;
2011/05/17 11:42:07.0453 5416 ================================================================================
2011/05/17 11:42:09.0140 5416 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/05/17 11:42:09.0281 5416 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/05/17 11:42:09.0328 5416 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/05/17 11:42:09.0375 5416 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/05/17 11:42:09.0406 5416 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/05/17 11:42:09.0562 5416 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
2011/05/17 11:42:09.0625 5416 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/05/17 11:42:09.0640 5416 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/05/17 11:42:09.0671 5416 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/05/17 11:42:09.0718 5416 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/05/17 11:42:09.0734 5416 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/05/17 11:42:09.0921 5416 ALCXWDM (92ae420be14b0d97d14dac4aba22a702) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2011/05/17 11:42:10.0140 5416 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/05/17 11:42:10.0203 5416 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/05/17 11:42:10.0218 5416 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/05/17 11:42:10.0296 5416 AmdK8 (efbb0956baed786e137351b5ca272aef) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
2011/05/17 11:42:10.0328 5416 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/05/17 11:42:10.0375 5416 APPFLT (c5b7a13349fc7f0e0fcd71b2506902c8) C:\WINDOWS\system32\Drivers\APPFLT.SYS
2011/05/17 11:42:10.0625 5416 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/05/17 11:42:10.0687 5416 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/05/17 11:42:10.0703 5416 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/05/17 11:42:10.0750 5416 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/05/17 11:42:10.0796 5416 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/05/17 11:42:10.0828 5416 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/05/17 11:42:11.0031 5416 ati2mtag (3e70faa23844e60111b21014bd8069ea) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/05/17 11:42:11.0281 5416 atksgt (3c4b9850a2631c2263507400d029057b) C:\WINDOWS\system32\DRIVERS\atksgt.sys
2011/05/17 11:42:11.0359 5416 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/05/17 11:42:11.0406 5416 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/05/17 11:42:11.0468 5416 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/05/17 11:42:11.0562 5416 BootScreen (3c6f5a708ebd7aca560ffad950f9f5da) C:\WINDOWS\System32\drivers\vidstub.sys
2011/05/17 11:42:11.0718 5416 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/05/17 11:42:11.0750 5416 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/05/17 11:42:11.0765 5416 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/05/17 11:42:11.0796 5416 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/05/17 11:42:11.0859 5416 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/05/17 11:42:11.0953 5416 Cdr4_xp (bf79e659c506674c0497cc9c61f1a165) C:\WINDOWS\system32\drivers\Cdr4_xp.sys
2011/05/17 11:42:12.0000 5416 Cdralw2k (2c41cd49d82d5fd85c72d57b6ca25471) C:\WINDOWS\system32\drivers\Cdralw2k.sys
2011/05/17 11:42:12.0046 5416 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/05/17 11:42:12.0140 5416 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/05/17 11:42:12.0234 5416 cpoint (263fde4feea292b5586389afb2858506) C:\WINDOWS\system32\Drivers\cpoint.sys
2011/05/17 11:42:12.0343 5416 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/05/17 11:42:12.0468 5416 cpuz134 (75fa19142531cbf490770c2988a7db64) C:\Program Files\CPUID\PC Wizard 2010\pcwiz_x32.sys
2011/05/17 11:42:12.0531 5416 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/05/17 11:42:12.0546 5416 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/05/17 11:42:12.0640 5416 dalwdmservice (0732328832de5d31a5ffaf3ba99b9db7) C:\WINDOWS\system32\drivers\dalwdm.sys
2011/05/17 11:42:12.0734 5416 DigiNet (e70ac14f6addcc9589cf513af725178c) C:\WINDOWS\system32\DRIVERS\diginet.sys
2011/05/17 11:42:12.0812 5416 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/05/17 11:42:12.0921 5416 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/05/17 11:42:12.0968 5416 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/05/17 11:42:12.0984 5416 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/05/17 11:42:13.0046 5416 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/05/17 11:42:13.0125 5416 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/05/17 11:42:13.0187 5416 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/05/17 11:42:13.0250 5416 DSAFLT (452a6a6680c4fb1deb954e9e81dabfe0) C:\WINDOWS\system32\Drivers\DSAFLT.SYS
2011/05/17 11:42:13.0328 5416 EAPPkt (efacd8d57a42a93e244a0dbd357e8cb8) C:\WINDOWS\system32\DRIVERS\EAPPkt.sys
2011/05/17 11:42:13.0421 5416 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/05/17 11:42:13.0500 5416 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/05/17 11:42:13.0625 5416 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/05/17 11:42:13.0656 5416 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/05/17 11:42:13.0671 5416 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/05/17 11:42:13.0718 5416 FNETMON (95a094f79aa55765b09fba05ebc33493) C:\WINDOWS\system32\Drivers\fnetmon.SYS
2011/05/17 11:42:13.0812 5416 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/05/17 11:42:13.0890 5416 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/05/17 11:42:13.0953 5416 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2011/05/17 11:42:14.0015 5416 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/05/17 11:42:14.0093 5416 hamachi (64b48a0d899deca24c424a2cac3ecffa) C:\WINDOWS\system32\DRIVERS\hamachi.sys
2011/05/17 11:42:14.0203 5416 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/05/17 11:42:14.0281 5416 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/05/17 11:42:14.0343 5416 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/05/17 11:42:14.0421 5416 HSFHWBS2 (c02dc9d4358e43d088f2061c2b2bf30e) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
2011/05/17 11:42:14.0531 5416 HSF_DPV (cbf6831420a97e8fbb91e5f52b707ef7) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
2011/05/17 11:42:14.0656 5416 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/05/17 11:42:14.0718 5416 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/05/17 11:42:14.0796 5416 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/05/17 11:42:14.0828 5416 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/05/17 11:42:14.0890 5416 IDSFLT (e56a7c95f2e7683539e97e88cc0c71da) C:\WINDOWS\system32\Drivers\IDSFLT.SYS
2011/05/17 11:42:14.0984 5416 iLokDrvr (e6a446d82c5c3d7c2f4e4ab02ea1409b) C:\WINDOWS\system32\DRIVERS\iLokDrvr.sys
2011/05/17 11:42:15.0046 5416 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/05/17 11:42:15.0171 5416 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/05/17 11:42:15.0203 5416 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/05/17 11:42:15.0250 5416 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/05/17 11:42:15.0343 5416 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/05/17 11:42:15.0375 5416 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/05/17 11:42:15.0468 5416 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/05/17 11:42:15.0500 5416 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/05/17 11:42:15.0562 5416 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/05/17 11:42:15.0640 5416 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/05/17 11:42:15.0671 5416 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/05/17 11:42:15.0781 5416 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/05/17 11:42:15.0859 5416 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/05/17 11:42:15.0921 5416 KORGUMDS (9364ada3a74142099f09b9af180394c9) C:\WINDOWS\system32\Drivers\KORGUMDS.SYS
2011/05/17 11:42:16.0000 5416 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/05/17 11:42:16.0156 5416 lirsgt (4127e8b6ddb4090e815c1f8852c277d3) C:\WINDOWS\system32\DRIVERS\lirsgt.sys
2011/05/17 11:42:16.0265 5416 MBX2DFU (64753fe65431b92d6fb64cc338757e32) C:\WINDOWS\system32\DRIVERS\MBX2DFU.sys
2011/05/17 11:42:16.0328 5416 MBX2MIDK (0f110335ddbe99a683e6646812d23c43) C:\WINDOWS\system32\drivers\mbx2midk.sys
2011/05/17 11:42:16.0453 5416 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/05/17 11:42:16.0515 5416 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
2011/05/17 11:42:16.0562 5416 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/05/17 11:42:16.0640 5416 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/05/17 11:42:16.0718 5416 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/05/17 11:42:16.0796 5416 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/05/17 11:42:16.0828 5416 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/05/17 11:42:16.0890 5416 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/05/17 11:42:16.0921 5416 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/05/17 11:42:17.0046 5416 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/05/17 11:42:17.0109 5416 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/05/17 11:42:17.0156 5416 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/05/17 11:42:17.0218 5416 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/05/17 11:42:17.0234 5416 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/05/17 11:42:17.0281 5416 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/05/17 11:42:17.0375 5416 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/05/17 11:42:17.0421 5416 mxnic (e1cdf20697d992cf83ff86dd04df1285) C:\WINDOWS\system32\DRIVERS\mxnic.sys
2011/05/17 11:42:17.0484 5416 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/05/17 11:42:17.0515 5416 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/05/17 11:42:17.0593 5416 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/05/17 11:42:17.0671 5416 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/05/17 11:42:17.0750 5416 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/05/17 11:42:17.0781 5416 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/05/17 11:42:17.0812 5416 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/05/17 11:42:17.0859 5416 netflt (3aee3bcb6fb3b17e827b7d3d7ccba32b) C:\WINDOWS\system32\Drivers\NETFLT.SYS
2011/05/17 11:42:17.0906 5416 NETFLTDI (2c1afcfee83398fad9ed69ade847eb84) C:\WINDOWS\system32\Drivers\NETFLTDI.SYS
2011/05/17 11:42:18.0062 5416 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/05/17 11:42:18.0156 5416 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/05/17 11:42:18.0203 5416 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/05/17 11:42:18.0296 5416 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/05/17 11:42:18.0453 5416 nv (84c65aa58ae1ede93716439267a23d40) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/05/17 11:42:18.0671 5416 NVENETFD (2a7a2c6ab9631028b6e3a4159aa65705) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
2011/05/17 11:42:18.0703 5416 nvnetbus (20526a8827dc0956b5526aebcb6751a0) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
2011/05/17 11:42:18.0765 5416 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/05/17 11:42:18.0781 5416 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/05/17 11:42:18.0843 5416 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/05/17 11:42:18.0968 5416 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys
2011/05/17 11:42:19.0031 5416 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/05/17 11:42:19.0062 5416 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/05/17 11:42:19.0109 5416 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/05/17 11:42:19.0140 5416 PAVDRV (7900ea032d6ed4f9adc9959c3beb5f43) C:\WINDOWS\system32\DRIVERS\pavdrv51.sys
2011/05/17 11:42:19.0203 5416 PavProc (4d575c14fce1ec32c45ec8ceefbafa3a) C:\WINDOWS\system32\DRIVERS\PavProc.sys
2011/05/17 11:42:19.0328 5416 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/05/17 11:42:19.0484 5416 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/05/17 11:42:19.0546 5416 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/05/17 11:42:19.0718 5416 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/05/17 11:42:19.0750 5416 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/05/17 11:42:19.0828 5416 PnkBstrK (8292465b89d95eb4f78c46709b7a9888) C:\WINDOWS\system32\drivers\PnkBstrK.sys
2011/05/17 11:42:20.0000 5416 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/05/17 11:42:20.0093 5416 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/05/17 11:42:20.0156 5416 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/05/17 11:42:20.0218 5416 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/05/17 11:42:20.0250 5416 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/05/17 11:42:20.0296 5416 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/05/17 11:42:20.0406 5416 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/05/17 11:42:20.0437 5416 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/05/17 11:42:20.0453 5416 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/05/17 11:42:20.0500 5416 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/05/17 11:42:20.0562 5416 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/05/17 11:42:20.0625 5416 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/05/17 11:42:20.0750 5416 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/05/17 11:42:20.0781 5416 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/05/17 11:42:20.0812 5416 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/05/17 11:42:20.0875 5416 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/05/17 11:42:20.0921 5416 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/05/17 11:42:21.0109 5416 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/05/17 11:42:21.0171 5416 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/05/17 11:42:21.0312 5416 RivaTuner32 (c0c8909be3ecc9df8089112bf9be954e) C:\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner32.sys
2011/05/17 11:42:21.0406 5416 RTLWUSB (691db86b09e13ca5d3e8881141738cc5) C:\WINDOWS\system32\DRIVERS\wg111v2.sys
2011/05/17 11:42:21.0546 5416 sbp2port (b244960e5a1db8e9d5d17086de37c1e4) C:\WINDOWS\system32\DRIVERS\sbp2port.sys
2011/05/17 11:42:21.0625 5416 SCDEmu (46b50c07abfda51d9b22212eaeb82d2b) C:\WINDOWS\system32\drivers\SCDEmu.sys
2011/05/17 11:42:21.0718 5416 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/05/17 11:42:21.0828 5416 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2011/05/17 11:42:21.0921 5416 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/05/17 11:42:21.0984 5416 ShldDrv (00deba8b42eeb9658ac59bdca025607f) C:\WINDOWS\system32\drivers\ShldDrv.sys
2011/05/17 11:42:22.0125 5416 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/05/17 11:42:22.0187 5416 SMSFLT (5ff7370a83ac6f163cfba43d053b3e92) C:\WINDOWS\system32\Drivers\SMSFLT.SYS
2011/05/17 11:42:22.0250 5416 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/05/17 11:42:22.0359 5416 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/05/17 11:42:22.0468 5416 sptd (d390675b8ce45e5fb359338e5e649329) C:\WINDOWS\system32\Drivers\sptd.sys
2011/05/17 11:42:22.0468 5416 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: d390675b8ce45e5fb359338e5e649329
2011/05/17 11:42:22.0484 5416 sptd - detected LockedFile.Multi.Generic (1)
2011/05/17 11:42:22.0515 5416 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/05/17 11:42:22.0562 5416 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/05/17 11:42:22.0625 5416 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/05/17 11:42:22.0734 5416 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/05/17 11:42:22.0828 5416 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/05/17 11:42:22.0843 5416 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/05/17 11:42:22.0890 5416 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/05/17 11:42:22.0906 5416 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/05/17 11:42:23.0000 5416 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/05/17 11:42:23.0109 5416 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/05/17 11:42:23.0156 5416 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/05/17 11:42:23.0187 5416 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/05/17 11:42:23.0312 5416 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/05/17 11:42:23.0406 5416 tmcomm (4dc436421c9d745d7e8c37f956701c78) C:\WINDOWS\system32\drivers\tmcomm.sys
2011/05/17 11:42:23.0468 5416 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/05/17 11:42:23.0531 5416 TPkd (409a577fd5781c717e55a28717514c58) C:\WINDOWS\system32\drivers\TPkd.sys
2011/05/17 11:42:23.0671 5416 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/05/17 11:42:23.0765 5416 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/05/17 11:42:23.0859 5416 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/05/17 11:42:23.0937 5416 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/05/17 11:42:24.0031 5416 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/05/17 11:42:24.0109 5416 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/05/17 11:42:24.0187 5416 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/05/17 11:42:24.0218 5416 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/05/17 11:42:24.0265 5416 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/05/17 11:42:24.0343 5416 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/05/17 11:42:24.0390 5416 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/05/17 11:42:24.0453 5416 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/05/17 11:42:24.0484 5416 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/05/17 11:42:24.0593 5416 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/05/17 11:42:24.0656 5416 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/05/17 11:42:24.0718 5416 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/05/17 11:42:24.0765 5416 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/05/17 11:42:24.0843 5416 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/05/17 11:42:24.0937 5416 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
2011/05/17 11:42:25.0046 5416 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/05/17 11:42:25.0156 5416 winachsf (59d043485a6eda2ed2685c81489ae5bd) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/05/17 11:42:25.0312 5416 WNMFLT (68fd64a36ae9dbe3a8ec177d8353f6af) C:\WINDOWS\system32\Drivers\WNMFLT.SYS
2011/05/17 11:42:25.0375 5416 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2011/05/17 11:42:25.0437 5416 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/05/17 11:42:25.0531 5416 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/05/17 11:42:25.0593 5416 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/05/17 11:42:25.0656 5416 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/05/17 11:42:25.0671 5416 ================================================================================
2011/05/17 11:42:25.0671 5416 Scan finished
2011/05/17 11:42:25.0671 5416 ================================================================================
2011/05/17 11:42:25.0687 5336 Detected object count: 2
2011/05/17 11:44:14.0171 5336 LockedFile.Multi.Generic(sptd) - User select action: Skip
2011/05/17 11:44:14.0203 5336 \HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/05/17 11:44:14.0203 5336 \HardDisk0 - ok
2011/05/17 11:44:14.0203 5336 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2011/05/17 11:44:23.0250 5284 Deinitialize success

#13
Cold Titanium

Posted 18 May 2011 - 10:29 AM

Trusted Helper

Malware Removal
1,735 posts

Let's try to get the OTL log this time

Step #1

Re-Run OTL
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top make sure it is set to Standard Output.
Ensure the None is selected for Extra Registry
Under the Custom Scans/Fixes box at the bottom, paste in the following

msconfig
safebootminimal
safebootnetwork
activex
netsvcs
drivers32 /all
%SYSTEMDRIVE%\*.*
%systemroot%\system32\*.wt
%systemroot%\system32\*.ruy
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
%systemroot%\system32\ws2help.dll /md5
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
hklm\software\clients\startmenuinternet|command /rs
Click the Run Scan button. Do not change any settings unless otherwise told to do so.
Please copy and paste OTL.txt here

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Step #2

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

On completion of the scan click save log, save it to your desktop and post in your next reply

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Step #3

Please repeat the TDSSKiller steps above. I want to check something

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Please post OTL.txt, TDSSKiller log, and the aswMBR report

#14
Anderwolf

Posted 22 May 2011 - 09:17 AM

Member

Topic Starter
Member
89 posts

Hello and sorry for the delay, busy weekend. Here are the new requested logs.

OTL logfile created on: 5/22/2011 09:58:57 AM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Owner\Desktop\Geeks2Go
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 60.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 228.79 Gb Total Space | 5.52 Gb Free Space | 2.41% Space Free | Partition Type: NTFS
Drive D: | 4.09 Gb Total Space | 2.00 Gb Free Space | 48.99% Space Free | Partition Type: FAT32
Drive F: | 5.57 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: ANDERWOLF | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/13 10:14:04 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\Geeks2Go\OTL.exe
PRC - [2011/05/02 12:13:47 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/11/21 15:35:16 | 000,494,592 | ---- | M] (CPUID) -- C:\Program Files\CPUID\PC Wizard 2010\pcwizard.dll
PRC - [2008/12/03 23:12:16 | 000,077,824 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) -- C:\Program Files\Digidesign\Drivers\MMERefresh.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/10/11 12:09:16 | 000,364,544 | ---- | M] (Panda Software International) -- C:\Program Files\Panda Software\Panda Internet Security 2007\apvxdwin.exe
PRC - [2006/10/09 16:15:38 | 000,348,160 | ---- | M] (Panda Software) -- C:\Program Files\Panda Software\Panda Internet Security 2007\TPSrv.exe
PRC - [2006/08/08 18:26:18 | 000,151,552 | ---- | M] (Panda Software International) -- C:\Program Files\Panda Software\Panda Internet Security 2007\PAVSRV51.EXE
PRC - [2006/08/08 18:25:32 | 000,106,496 | ---- | M] (Panda Software International) -- C:\Program Files\Panda Software\Panda Internet Security 2007\AVENGINE.EXE
PRC - [2006/08/02 14:05:54 | 000,811,008 | ---- | M] (Panda Software International) -- c:\Program Files\Panda Software\Panda Internet Security 2007\FIREWALL\PNmSrv.exe
PRC - [2006/07/25 18:03:42 | 000,100,032 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2006/07/21 12:22:32 | 000,159,744 | ---- | M] (Panda Software International) -- C:\Program Files\Panda Software\Panda Internet Security 2007\PAVFNSVR.EXE
PRC - [2006/07/04 14:25:34 | 000,102,400 | ---- | M] (Panda Software) -- C:\Program Files\Panda Software\Panda Internet Security 2007\PsImSvc.exe
PRC - [2006/06/29 11:04:42 | 000,069,632 | ---- | M] (Panda Software International) -- c:\Program Files\Panda Software\Panda Internet Security 2007\WebProxy.exe
PRC - [2006/03/31 14:50:52 | 000,411,096 | ---- | M] (Panda Software International) -- C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
PRC - [2006/02/07 13:38:01 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
PRC - [2006/01/31 16:42:04 | 000,073,728 | ---- | M] (Panda Software International) -- C:\Program Files\Panda Software\Panda Internet Security 2007\SrvLoad.exe
PRC - [2005/07/25 02:02:22 | 000,032,768 | ---- | M] (Panda Software) -- C:\Program Files\Common Files\Panda Software\PavShld\PavPrSrv.exe
PRC - [2005/01/22 18:42:16 | 000,440,832 | ---- | M] (Stardock Systems, Inc) -- C:\Program Files\AlienGUIse\wbload.exe
PRC - [2005/01/19 17:34:16 | 000,128,000 | ---- | M] ( ) -- C:\Program Files\CursorXP\CursorXP.exe

========== Modules (SafeList) ==========

MOD - [2011/05/13 10:14:04 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\Geeks2Go\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2006/09/26 16:26:44 | 000,245,760 | ---- | M] (Panda Software) -- C:\WINDOWS\system32\PavSHook.dll
MOD - [2006/07/21 14:35:28 | 000,139,264 | ---- | M] (Panda Software) -- C:\WINDOWS\system32\TpUtil.dll
MOD - [2006/06/27 19:36:40 | 000,101,888 | ---- | M] (Panda Software) -- C:\WINDOWS\system32\SYSTOOLS.DLL
MOD - [2006/06/16 14:44:34 | 000,057,344 | ---- | M] (Panda Software) -- C:\WINDOWS\system32\pavipc.dll
MOD - [2006/03/06 18:08:00 | 000,102,400 | ---- | M] (Panda Software International) -- C:\Program Files\Panda Software\Panda Internet Security 2007\pavoepl.dll
MOD - [2005/01/24 21:48:46 | 000,498,232 | ---- | M] (Stardock.Net, Inc) -- C:\Program Files\AlienGUIse\wblind.dll
MOD - [2005/01/19 17:34:24 | 000,014,848 | ---- | M] ( ) -- C:\Program Files\CursorXP\CurXP0.dll
MOD - [2004/09/18 15:37:00 | 000,028,740 | ---- | M] (Stardock.Net, Inc) -- C:\Program Files\AlienGUIse\wbhelp.dll
MOD - [2000/04/03 18:33:36 | 000,028,160 | ---- | M] (Neil Banfield) -- C:\Program Files\AlienGUIse\anim.dll

========== Win32 Services (SafeList) ==========

SRV - [2008/12/03 23:12:16 | 000,077,824 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Auto | Running] -- C:\Program Files\Digidesign\Drivers\MMERefresh.exe -- (DigiRefresh)
SRV - [2008/12/03 22:25:10 | 000,159,744 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [On_Demand | Stopped] -- C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe -- (digiSPTIService)
SRV - [2006/10/09 16:15:38 | 000,348,160 | ---- | M] (Panda Software) [Auto | Running] -- C:\Program Files\Panda Software\Panda Internet Security 2007\TPSrv.exe -- (TPSrv)
SRV - [2006/08/08 18:26:18 | 000,151,552 | ---- | M] (Panda Software International) [Auto | Running] -- C:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exe -- (PAVSRV)
SRV - [2006/08/02 14:05:54 | 000,811,008 | ---- | M] (Panda Software International) [Auto | Running] -- c:\program files\panda software\panda internet security 2007\firewall\PNMSRV.EXE -- (PNMSRV)
SRV - [2006/07/25 18:03:42 | 002,119,360 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate)
SRV - [2006/07/25 18:03:42 | 000,100,032 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2006/07/21 12:22:32 | 000,159,744 | ---- | M] (Panda Software International) [Auto | Running] -- C:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr.exe -- (PAVFNSVR)
SRV - [2006/07/04 14:25:34 | 000,102,400 | ---- | M] (Panda Software) [Auto | Running] -- C:\Program Files\Panda Software\Panda Internet Security 2007\PsImSvc.exe -- (PSIMSVC)
SRV - [2006/03/31 14:50:52 | 000,411,096 | ---- | M] (Panda Software International) [Auto | Running] -- C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe -- (pmshellsrv)
SRV - [2006/02/07 13:38:01 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Running] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
SRV - [2005/07/25 02:02:22 | 000,032,768 | ---- | M] (Panda Software) [Auto | Running] -- C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe -- (PavPrSrv)
SRV - [2002/12/17 18:26:22 | 007,520,337 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -- (MSSQL$SONY_MEDIAMGR)
SRV - [2002/12/17 18:23:30 | 000,311,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE -- (SQLAgent$SONY_MEDIAMGR)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (PavTPK.sys)
DRV - File not found [Kernel | On_Demand | Running] -- -- (ComFiltr)
DRV - File not found [File_System | On_Demand | Running] -- -- (AvFlt)
DRV - [2010/09/30 11:19:11 | 000,054,328 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iLokDrvr.sys -- (iLokDrvr)
DRV - [2010/07/09 12:18:56 | 000,020,328 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Program Files\CPUID\PC Wizard 2010\pcwiz_x32.sys -- (cpuz134)
DRV - [2009/12/23 11:32:26 | 000,086,016 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\TPkd.sys -- (TPkd)
DRV - [2009/08/22 13:25:00 | 000,009,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner32.sys -- (RivaTuner32)
DRV - [2009/01/31 12:47:36 | 000,163,712 | ---- | M] () [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\vidstub.sys -- (BootScreen)
DRV - [2009/01/29 23:22:46 | 000,137,992 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PnkBstrK.sys -- (PnkBstrK)
DRV - [2008/12/04 03:02:08 | 000,021,904 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbx2midk.sys -- (MBX2MIDK)
DRV - [2008/12/04 03:02:04 | 000,021,648 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbx2dfu.sys -- (MBX2DFU)
DRV - [2008/12/04 03:02:02 | 000,016,400 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\diginet.sys -- (DigiNet)
DRV - [2008/12/04 03:01:50 | 000,097,808 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Dalwdm.sys -- (dalwdmservice)
DRV - [2008/05/14 21:48:17 | 003,098,112 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007/12/20 03:31:12 | 000,278,984 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2007/09/06 14:55:18 | 000,025,416 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2007/09/06 14:42:55 | 000,685,816 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2007/05/27 00:44:32 | 000,025,544 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2007/02/25 21:55:19 | 000,076,560 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2007/01/20 02:11:07 | 000,031,644 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2006/10/10 16:02:46 | 000,141,312 | ---- | M] (Panda Software International) [NDIS Layer] [Kernel | Boot | Running] -- C:\WINDOWS\system32\Drivers\NETFLT.SYS -- (netflt)
DRV - [2006/09/28 15:58:26 | 000,016,256 | ---- | M] (Panda Software International) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\wnmflt.sys -- (WNMFLT)
DRV - [2006/08/24 22:47:00 | 000,002,560 | ---- | M] (Sonic Solutions) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2006/08/24 22:47:00 | 000,002,432 | ---- | M] (Sonic Solutions) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2006/08/03 16:37:56 | 000,044,544 | ---- | M] (Panda Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\APPFLT.SYS -- (APPFLT)
DRV - [2006/08/02 14:15:48 | 000,023,296 | ---- | M] (Panda Software International) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\smsflt.sys -- (SMSFLT)
DRV - [2006/08/02 14:10:18 | 000,185,472 | ---- | M] (Panda Software International) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\idsflt.sys -- (IDSFLT)
DRV - [2006/08/02 14:08:48 | 000,036,864 | ---- | M] (Panda Software International) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dsaflt.sys -- (DSAFLT)
DRV - [2006/07/01 23:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/06/29 22:50:46 | 000,009,216 | ---- | M] (Panda Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fnetmon.sys -- (FNETMON)
DRV - [2006/05/11 22:26:48 | 000,103,936 | ---- | M] (Panda Software) [TDI Layer] [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\netfltdi.sys -- (NETFLTDI)
DRV - [2006/04/25 10:02:48 | 000,165,120 | ---- | M] (Panda Software) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PavProc.sys -- (PavProc)
DRV - [2006/03/27 18:53:28 | 000,167,808 | ---- | M] (NETGEAR Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wg111v2.sys -- (RTLWUSB)
DRV - [2006/02/22 03:43:34 | 000,071,552 | ---- | M] (Panda Software International) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\pavdrv51.sys -- (PAVDRV)
DRV - [2005/09/26 18:07:00 | 003,644,800 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/08/29 07:23:30 | 000,026,752 | ---- | M] (Panda Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\ShldDrv.sys -- (ShldDrv)
DRV - [2005/08/12 14:36:56 | 000,016,640 | ---- | M] (Panda Software) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpoint.sys -- (cpoint)
DRV - [2005/07/29 20:11:04 | 000,012,928 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2005/07/29 20:11:02 | 000,034,048 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005/03/17 11:51:16 | 001,033,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/03/17 11:50:36 | 000,221,440 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2005/03/17 11:50:32 | 000,705,280 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/20 20:02:00 | 000,012,544 | R--- | M] (KORG Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\KORGUMDS.SYS -- (KORGUMDS)
DRV - [2003/01/10 16:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/08/17 15:49:32 | 000,019,968 | ---- | M] (Macronix International Co., Ltd. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxnic.sys -- (mxnic)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect...fftrie7&query="
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "google.com"
FF - prefs.js..extensions.enabledItems: {c2f863cd-0429-48c7-bb54-db756a951760}:5.20.1.1
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.071303000006
FF - prefs.js..extensions.enabledItems: {45501068-1DB2-4B37-A104-9C301A4F02A4}:1.9.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:3.6.7
FF - prefs.js..extensions.enabledItems: {7694c49c-9fbd-11dc-8314-0800200c9a66}:3.6.7

FF - HKLM\software\mozilla\Firefox\extensions\\{45501068-1DB2-4B37-A104-9C301A4F02A4}: C:\Documents and Settings\Owner\Local Settings\Application Data\{45501068-1DB2-4B37-A104-9C301A4F02A4} [2010/01/15 00:58:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/02 12:13:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/14 00:02:40 | 000,000,000 | ---D | M]

[2010/05/25 13:59:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2010/05/25 13:59:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\[email protected]
[2011/05/15 10:30:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\g18onkhq.default\extensions
[2010/07/23 11:31:24 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\g18onkhq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/01/22 10:27:32 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\g18onkhq.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/03/10 00:48:09 | 000,000,000 | ---D | M] (Aquatint Black) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\g18onkhq.default\extensions\{7694c49c-9fbd-11dc-8314-0800200c9a66}
[2011/03/10 00:48:16 | 000,000,000 | ---D | M] (Virtus Search Opt-in) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\g18onkhq.default\extensions\[email protected]
[2009/11/17 13:58:08 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\g18onkhq.default\extensions\[email protected]
[2011/03/10 00:48:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\g18onkhq.default\extensions\[email protected]\chrome
[2011/03/10 00:48:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\g18onkhq.default\extensions\[email protected]\defaults
[2011/03/10 00:48:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\g18onkhq.default\extensions\{7694c49c-9fbd-11dc-8314-0800200c9a66}\chrome\win\mozapps\extensions
[2009/03/23 17:53:46 | 000,001,739 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\g18onkhq.default\searchplugins\aim-search.xml
[2010/06/29 16:03:58 | 000,002,425 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\g18onkhq.default\searchplugins\askcom.xml
[2011/03/25 20:14:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2007/06/09 16:08:37 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/05/02 16:25:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/07/30 16:23:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\G18ONKHQ.DEFAULT\EXTENSIONS\{0545B830-F0AA-4D7E-8820-50A4629A56FE}.XPI
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\G18ONKHQ.DEFAULT\EXTENSIONS\[email protected]
[2009/08/05 16:07:49 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/05/02 12:13:46 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/08/09 02:11:22 | 010,437,264 | ---- | M] (PDFTron Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\PDFNetC.dll
[2009/08/09 02:30:36 | 000,107,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\ScorchPDFWrapper.dll
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

Hosts file not found
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: [APVXDWIN] C:\Program Files\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE (Panda Software International)
O4 - HKLM..\Run: [BootSkin Startup Jobs] C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe ()
O4 - HKLM..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe (Digidesign, A Division of Avid Technology, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RivaTunerStartupDaemon] C:\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner.exe ()
O4 - HKLM..\Run: [SCANINICIO] C:\Program Files\Panda Software\Panda Internet Security 2007\Inicio.exe (Panda Software International)
O4 - HKLM..\Run: [SunJavaUpdateSched] File not found
O4 - HKCU..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe ( )
O4 - HKCU..\Run: [DAEMON Tools Pro Agent] C:\Program Files\DAEMON Tools Pro\DTProAgent.exe (DT Soft Ltd.)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil10k_Plugin.exe (Adobe Systems, Inc.)
F3 - HKCU WinNT: Load - () - File not found
F3 - HKCU WinNT: Run - () - File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_21.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - c:\program files\panda software\panda internet security 2007\pavlsp.dll (Panda Software International)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - c:\program files\panda software\panda internet security 2007\pavlsp.dll (Panda Software International)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - c:\program files\panda software\panda internet security 2007\pavlsp.dll (Panda Software International)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - c:\program files\panda software\panda internet security 2007\pavlsp.dll (Panda Software International)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://housecall65.t...ivex/hcImpl.cab (Trend Micro ActiveX Scan Agent 6.6)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} http://acs.pandasoft...free/asinst.cab (ActiveScan Installer Class)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.196.64.53 68.113.206.10 24.178.162.3
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avldr: DllName - avldr.dll - C:\WINDOWS\System32\avldr.dll (Panda Software)
O20 - Winlogon\Notify\WB: DllName - C:\PROGRA~1\ALIENG~1\fastload.dll - C:\Program Files\AlienGUIse\fastload.dll (Stardock)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O29 - HKLM SecurityProviders - (digeste.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/01/09 20:13:09 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/09/13 12:15:24 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2010/08/24 09:48:06 | 000,000,058 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{314c8792-b0e2-11dc-b9ad-0015583757e9}\Shell - "" = AutoRun
O33 - MountPoints2\{314c8792-b0e2-11dc-b9ad-0015583757e9}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{314c8792-b0e2-11dc-b9ad-0015583757e9}\Shell\AutoRun\command - "" = F:\Setup.exe -- [2010/08/24 09:48:06 | 000,604,075 | R--- | M] (2K Games )
O33 - MountPoints2\{55ab965b-980d-11da-921b-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{55ab965b-980d-11da-921b-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{55ab965b-980d-11da-921b-806d6172696f}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480
O33 - MountPoints2\{a2986cfd-a9f1-11dd-ba55-0015583757e9}\Shell - "" = AutoRun
O33 - MountPoints2\{a2986cfd-a9f1-11dd-ba55-0015583757e9}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a2986cfd-a9f1-11dd-ba55-0015583757e9}\Shell\AutoRun\command - "" = N:\LaunchU3.exe -a
O33 - MountPoints2\{b04c7287-aed2-11dc-b9ac-0015583757e9}\Shell - "" = AutoRun
O33 - MountPoints2\{b04c7287-aed2-11dc-b9ac-0015583757e9}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b04c7287-aed2-11dc-b9ac-0015583757e9}\Shell\AutoRun\command - "" = L:\Autorun.exe
O33 - MountPoints2\{b04c7289-aed2-11dc-b9ac-0015583757e9}\Shell - "" = AutoRun
O33 - MountPoints2\{b04c7289-aed2-11dc-b9ac-0015583757e9}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b04c7289-aed2-11dc-b9ac-0015583757e9}\Shell\AutoRun\command - "" = N:\Autorun.exe
O33 - MountPoints2\{f94ae581-9805-11da-b621-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{f94ae581-9805-11da-b621-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f94ae581-9805-11da-b621-806d6172696f}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\D\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe - (Adobe Systems, Inc.)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe - (Adobe Systems Incorporated)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk - C:\Program Files\BigFix\bigfix.exe - (BigFix Inc.)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe - (Microsoft Corporation)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WG111v2 Smart Wizard Wireless Setting.lnk - C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe - ()
MsConfig - StartUpFolder: C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Alienware Dock.lnk - C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe - (Stardock)
MsConfig - StartUpFolder: C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Neverwinter Nights_ Platinum Edition Registration.lnk - - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^Owner^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe - ()
MsConfig - StartUpFolder: C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Pro Tools 8 Registration.lnk - C:\Program Files\Digidesign\Pro Tools\DigidesignRegistration.exe - (Leader Technologies / Digidesign)
MsConfig - StartUpFolder: C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Registration .LNK - - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^Owner^Start Menu^Programs^Startup^ZooskMessenger.lnk - - File not found
MsConfig - StartUpReg: !AVG Anti-Spyware - hkey= - key= - File not found
MsConfig - StartUpReg: 344b23c3 - hkey= - key= - File not found
MsConfig - StartUpReg: Aim6 - hkey= - key= - C:\Program Files\AIM6\aim6.exe (AOL LLC)
MsConfig - StartUpReg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - hkey= - key= - File not found
MsConfig - StartUpReg: BitTorrent - hkey= - key= - File not found
MsConfig - StartUpReg: BootSkin Startup Jobs - hkey= - key= - C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe ()
MsConfig - StartUpReg: ctfmon.exe - hkey= - key= - File not found
MsConfig - StartUpReg: CursorXP - hkey= - key= - C:\Program Files\CursorXP\CursorXP.exe ( )
MsConfig - StartUpReg: DAEMON Tools - hkey= - key= - File not found
MsConfig - StartUpReg: DAEMON Tools Pro Agent - hkey= - key= - C:\Program Files\DAEMON Tools Pro\DTProAgent.exe (DT Soft Ltd.)
MsConfig - StartUpReg: Dancer - hkey= - key= - C:\Program Files\Windows Plus\Dancer\Dancer.exe (Microsoft Corporation)
MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MsConfig - StartUpReg: EA Core - hkey= - key= - File not found
MsConfig - StartUpReg: ehTray - hkey= - key= - C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
MsConfig - StartUpReg: Google Desktop Search - hkey= - key= - File not found
MsConfig - StartUpReg: HostManager - hkey= - key= - File not found
MsConfig - StartUpReg: Hsawokitubalikoq - hkey= - key= - File not found
MsConfig - StartUpReg: IPHSend - hkey= - key= - File not found
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: KernelFaultCheck - hkey= - key= - File not found
MsConfig - StartUpReg: Load - hkey= - key= - File not found
MsConfig - StartUpReg: LogonStudio - hkey= - key= - C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe (Stardock and Luca Saggese)
MsConfig - StartUpReg: MCAgentExe - hkey= - key= - File not found
MsConfig - StartUpReg: MCUpdateExe - hkey= - key= - File not found
MsConfig - StartUpReg: MPFExe - hkey= - key= - File not found
MsConfig - StartUpReg: mscfgx_rnd - hkey= - key= - File not found
MsConfig - StartUpReg: MSKAGENTEXE - hkey= - key= - File not found
MsConfig - StartUpReg: MSKDetectorExe - hkey= - key= - C:\Program Files\McAfee\SpamKiller\MSKDetct.exe (McAfee, Inc.)
MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig - StartUpReg: MySpaceIM - hkey= - key= - File not found
MsConfig - StartUpReg: NBKeyScan - hkey= - key= - File not found
MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - File not found
MsConfig - StartUpReg: nwiz - hkey= - key= - File not found
MsConfig - StartUpReg: OASClnt - hkey= - key= - File not found
MsConfig - StartUpReg: Pando Media Booster - hkey= - key= - File not found
MsConfig - StartUpReg: PWRISOVM.EXE - hkey= - key= - C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: readericon - hkey= - key= - C:\Program Files\Digital Media Reader\readericon45G.exe (Alcor Micro, Corp.)
MsConfig - StartUpReg: Recguard - hkey= - key= - C:\WINDOWS\SMINST\Recguard.exe ()
MsConfig - StartUpReg: ReCycle Patch - hkey= - key= - File not found
MsConfig - StartUpReg: Reminder - hkey= - key= - C:\WINDOWS\creator\Remind_XP.exe (SoftThinks)
MsConfig - StartUpReg: Run - hkey= - key= - File not found
MsConfig - StartUpReg: SfKg6wIP - hkey= - key= - File not found
MsConfig - StartUpReg: SkinClock - hkey= - key= - File not found
MsConfig - StartUpReg: smss32.exe - hkey= - key= - File not found
MsConfig - StartUpReg: SoniqueQuickStart - hkey= - key= - C:\Program Files\Sonique\sqstart.exe ()
MsConfig - StartUpReg: SoundMan - hkey= - key= - File not found
MsConfig - StartUpReg: StartCCC - hkey= - key= - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
MsConfig - StartUpReg: Steam - hkey= - key= - File not found
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - File not found
MsConfig - StartUpReg: SUPERAntiSpyware - hkey= - key= - File not found
MsConfig - StartUpReg: swg - hkey= - key= - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
MsConfig - StartUpReg: updateMgr - hkey= - key= - C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: VirusScan Online - hkey= - key= - File not found
MsConfig - StartUpReg: VSOCheckTask - hkey= - key= - File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {1a3e09be-1e45-494b-9174-d7385b45bbf5} - Reg Error: Value error.
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {11A5D88F-962E-4911-4803-F0EBB23311D4} - Viewpoint Media Player
ActiveX: {1BC46932-21B2-4130-86E0-B4EB4F7A7A7B} - Microsoft .NET Framework 1.0 Hotfix (KB887998)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.2
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {29E7D24F-BF30-45E7-8A40-AD27AFD8F5C6} - Microsoft .NET Framework 1.0 Hotfix (KB979904)
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.2
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {407408d4-94ed-4d86-ab69-a7f649d112ee} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {BDE0FA43-6952-4BA8-8C58-09AF690F88E1} - Microsoft .NET Framework 1.0 Hotfix (KB930494)
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E8EA5BD6-D931-4001-ABF6-81BAA500360A} - Microsoft .NET Framework 1.0 Hotfix (KB953295)
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EA29D410-CE41-4953-A862-2DE706A1DAD7} - Microsoft .NET Framework 1.0 Service Pack 3
ActiveX: {FDC11A6F-17D1-48f9-9EA3-9051954BAA24} - .NET Framework
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: ccc-core-static - msiexec /fums {3CBBEE47-C8F4-316A-92FF-ED7E3DFAE41E} /qb
ActiveX: KB910393 - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\EasyCDBlock.inf,PerUserInstall

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: aux - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux3 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux4 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux5 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux6 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: Midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: Midi1 - C:\WINDOWS\System32\KORGUMDD.DRV (KORG Inc.)
Drivers32: Midi2 - C:\WINDOWS\System32\mbx2midu.dll (Digidesign, A Division of Avid Technology, Inc.)
Drivers32: Midi3 - C:\WINDOWS\System32\Diomidi.DLL (Digidesign, A Division of Avid Technology, Inc.)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer3 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer4 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer5 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer6 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer7 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.clmp3enc - C:\Program Files\CyberLink\Power2Go\CLMP3Enc.ACM (CyberLink Corp.)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.vorbis - C:\WINDOWS\System32\vorbis.acm (HMS http://hp.vector.co....thors/VA012897/)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\system32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\system32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.iyuv - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.VP60 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP62 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: VIDC.XFR1 - C:\WINDOWS\System32\xfcodec.dll ()
Drivers32: vidc.yuy2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.yvu9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave3 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave4 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave5 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave6 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave7 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave8 - C:\WINDOWS\System32\Digi32.dll (Digidesign, A Division of Avid Technology, Inc.)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (71789729812578304)

========== Files/Folders - Created Within 30 Days ==========

[2011/05/18 12:03:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Phone Stuff
[2011/05/17 11:56:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Geeks2Go
[2011/05/14 20:57:15 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2011/05/14 20:57:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Combined Community Codec Pack
[2011/05/14 20:57:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Software Update Utility
[2011/05/14 00:10:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/05/12 11:49:31 | 000,114,176 | ---- | C] (CPUID) -- C:\WINDOWS\System32\PCWizard.cpl
[2011/05/12 11:49:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CPUID
[2011/05/12 11:49:27 | 000,000,000 | ---D | C] -- C:\Program Files\CPUID
[2011/05/12 02:47:42 | 000,000,000 | ---D | C] -- C:\1c80e9306499ed317d57f2b03d
[2011/05/12 02:21:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
[2011/05/12 02:20:53 | 000,000,000 | ---D | C] -- C:\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
[2011/05/11 09:53:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Owl City ---- Ocean Eyes --- Deluxe Edition
[2011/05/09 22:27:17 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2011/05/09 22:25:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\2K Games
[2011/05/09 22:22:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\2K Games
[2011/05/09 22:07:48 | 000,000,000 | ---D | C] -- C:\Program Files\2K Games
[2011/05/08 23:24:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Paradox Interactive
[2011/05/08 23:22:51 | 000,000,000 | ---D | C] -- C:\Program Files\Paradox Interactive
[2011/05/07 14:49:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\BioWare
[2011/05/07 14:47:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Dragon Age II
[2011/05/07 14:35:38 | 000,000,000 | ---D | C] -- C:\Program Files\Dragon Age 2
[2011/05/07 14:35:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\BioWare
[2011/04/24 18:59:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Mirrors.Edge-RELOADED
[2010/09/17 17:43:30 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Owner\Application Data\pcouffin.sys
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[18 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/18 12:10:20 | 000,092,672 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/17 11:49:33 | 000,807,652 | ---- | M] () -- C:\WINDOWS\System32\drivers\APPFCONT.DAT
[2011/05/17 11:49:33 | 000,001,132 | ---- | M] () -- C:\WINDOWS\System32\drivers\APPFLTR.CFG
[2011/05/17 11:48:33 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/17 11:46:54 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/17 11:46:49 | 2145,964,032 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/14 21:28:01 | 000,000,221 | RHS- | M] () -- C:\boot.ini
[2011/05/14 20:56:06 | 000,014,254 | -HS- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\qw0j6rj2eh126b41tbg4561cs4qy0b8ai286q3u8rph5
[2011/05/14 20:56:06 | 000,014,254 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\qw0j6rj2eh126b41tbg4561cs4qy0b8ai286q3u8rph5
[2011/05/13 11:22:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/05/12 14:54:48 | 004,734,976 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\www.fooxy.com_02.mpg
[2011/05/11 20:31:54 | 002,733,480 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\01.wmv
[2011/05/10 20:58:57 | 000,000,208 | -HS- | M] () -- C:\WINDOWS\setup_9.0.0.722_10.05.2011_23-44drv.spi
[2011/05/10 18:23:20 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Dqudebaxitiv.dat
[2011/05/10 12:33:20 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Kvenoqud.bin
[2011/05/09 22:22:22 | 000,001,720 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mafia II.lnk
[2011/05/08 23:36:03 | 000,001,754 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Magicka.lnk
[2011/05/08 23:16:09 | 000,000,023 | ---- | M] () -- C:\WINDOWS\BlendSettings.ini
[2011/05/08 22:10:36 | 000,001,805 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Oblivion.lnk
[2011/05/08 08:17:10 | 000,006,793 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Gander.jpg
[2011/04/29 20:00:43 | 000,471,289 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\EVERY SONG.wpl
[2011/04/27 19:14:15 | 005,318,321 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\KATIE COLE-GRAVITY .mp3
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[18 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/14 20:48:26 | 2145,964,032 | -HS- | C] () -- C:\hiberfil.sys
[2011/05/14 19:52:29 | 000,014,254 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\qw0j6rj2eh126b41tbg4561cs4qy0b8ai286q3u8rph5
[2011/05/14 19:52:29 | 000,014,254 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\qw0j6rj2eh126b41tbg4561cs4qy0b8ai286q3u8rph5
[2011/05/12 14:54:42 | 004,734,976 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\www.fooxy.com_02.mpg
[2011/05/11 20:31:51 | 002,733,480 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\01.wmv
[2011/05/10 20:58:57 | 000,000,208 | -HS- | C] () -- C:\WINDOWS\setup_9.0.0.722_10.05.2011_23-44drv.spi
[2011/05/09 22:22:22 | 000,001,720 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mafia II.lnk
[2011/05/08 23:24:43 | 000,001,754 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Magicka.lnk
[2011/05/08 22:10:36 | 000,001,805 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Oblivion.lnk
[2011/05/08 08:17:10 | 000,006,793 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Gander.jpg
[2011/04/27 19:14:06 | 005,318,321 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\KATIE COLE-GRAVITY .mp3
[2011/02/22 13:59:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2011/02/22 13:58:39 | 000,887,724 | R--- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2011/02/22 13:58:37 | 003,107,788 | R--- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2011/01/19 13:58:21 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\drivers\wnmsav.dat
[2011/01/09 22:40:34 | 000,000,260 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2010/12/06 22:47:20 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\sypfrq.sys
[2010/09/17 17:43:30 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\inst.exe
[2010/09/17 17:43:30 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\pcouffin.cat
[2010/09/17 17:43:30 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\pcouffin.inf
[2010/09/16 19:29:14 | 000,001,057 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\vso_ts_preview.xml
[2010/03/14 20:36:26 | 000,000,030 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/03/10 09:50:43 | 000,058,516 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/02/11 07:15:50 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/01/15 00:59:00 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Dqudebaxitiv.dat
[2010/01/15 00:59:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Kvenoqud.bin
[2009/08/31 18:24:57 | 000,000,054 | ---- | C] () -- C:\WINDOWS\Composer.INI
[2009/02/26 13:47:56 | 000,042,320 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2009/01/28 22:55:47 | 000,066,936 | -HS- | C] () -- C:\WINDOWS\dlinfo_0.drv
[2009/01/28 22:55:05 | 000,061,440 | ---- | C] () -- C:\WINDOWS\diabunin.exe
[2009/01/13 19:04:52 | 000,000,604 | ---- | C] () -- C:\WINDOWS\Thps3.INI
[2009/01/11 21:50:23 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2008/06/27 11:08:52 | 000,000,319 | ---- | C] () -- C:\WINDOWS\game.ini
[2008/06/05 06:32:13 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\AtomicAlarmClock.ini
[2008/06/05 06:32:13 | 000,000,525 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\alarms.ini
[2008/04/14 16:20:35 | 000,001,131 | ---- | C] () -- C:\WINDOWS\Monitor.ini
[2007/12/29 20:04:01 | 000,001,994 | ---- | C] () -- C:\WINDOWS\checkip.dat
[2007/12/20 03:59:31 | 000,009,728 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2007/12/03 01:54:33 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/11/13 23:22:10 | 000,137,992 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2007/11/13 23:22:05 | 000,201,816 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2007/11/13 23:21:58 | 000,066,872 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2007/11/02 14:05:51 | 000,086,528 | ---- | C] () -- C:\WINDOWS\bnetunin.exe
[2007/09/06 14:55:19 | 000,278,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2007/09/06 14:55:18 | 000,025,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2007/08/21 21:50:45 | 000,807,652 | ---- | C] () -- C:\WINDOWS\System32\drivers\APPFCONT.DAT
[2007/08/21 16:51:16 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe
[2007/08/21 14:36:12 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe
[2007/07/09 14:07:50 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/06/27 09:54:39 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\qtmlClient.dll
[2007/05/24 06:57:17 | 000,000,024 | ---- | C] () -- C:\WINDOWS\LogonStudio.ini
[2007/05/24 00:00:18 | 000,187,392 | ---- | C] () -- C:\WINDOWS\System32\JPGUtils.dll
[2007/04/29 13:26:13 | 000,000,471 | ---- | C] () -- C:\WINDOWS\vsp.ini
[2007/04/28 12:54:35 | 000,000,259 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Gangsters2Setup.lnk
[2007/04/11 21:09:27 | 000,001,366 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/03/23 09:26:48 | 000,001,441 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2007/02/18 07:12:49 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2007/02/02 14:40:11 | 003,107,788 | R--- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2007/01/31 19:39:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\CMMGR32.EXE
[2007/01/26 00:28:32 | 000,000,638 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2007/01/20 02:40:43 | 000,000,287 | ---- | C] () -- C:\WINDOWS\EReg072.dat
[2006/10/14 04:03:09 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat
[2006/10/14 01:13:58 | 000,000,118 | ---- | C] () -- C:\WINDOWS\wb.ini
[2006/10/01 12:14:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2006/09/28 01:13:48 | 000,000,067 | ---- | C] () -- C:\WINDOWS\AudioMidRecorder.INI
[2006/09/22 02:04:17 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2006/09/22 02:00:20 | 000,172,033 | R--- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2006/09/13 16:29:00 | 000,163,712 | ---- | C] () -- C:\WINDOWS\System32\drivers\vidstub.sys
[2006/09/07 03:41:52 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2006/09/07 00:57:38 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\ZPORT4AS.dll
[2006/09/06 14:42:53 | 000,000,004 | ---- | C] () -- C:\WINDOWS\info147.sys
[2006/08/26 03:33:22 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2006/08/26 03:33:22 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2006/08/26 03:33:22 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2006/08/26 00:27:58 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/08/22 04:28:09 | 000,092,672 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/08/19 20:27:19 | 000,034,027 | ---- | C] () -- C:\WINDOWS\scunin.dat
[2006/08/19 19:52:49 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/02/07 13:34:32 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/02/07 13:33:54 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2006/02/07 13:33:29 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2006/02/07 13:33:26 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006/02/07 13:33:11 | 000,000,004 | ---- | C] () -- C:\WINDOWS\Pix11.dat
[2006/02/07 13:27:53 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/02/07 13:06:56 | 001,519,616 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2006/02/07 13:06:55 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/02/07 13:06:55 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/02/07 13:06:53 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/02/07 13:06:51 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/02/07 13:06:51 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/02/07 13:06:51 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/02/07 13:06:50 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2006/02/07 13:06:47 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2006/02/07 13:06:47 | 000,393,216 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2006/02/07 13:06:47 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2005/08/06 00:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/01/12 12:38:00 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/01/12 11:51:23 | 000,352,256 | ---- | C] () -- C:\WINDOWS\System32\HotlineClient.exe
[2005/01/09 20:17:55 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/01/09 20:07:25 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/01/09 18:49:16 | 000,001,220 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/01/09 18:49:16 | 000,000,491 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2005/01/09 18:48:24 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/01/09 18:48:21 | 000,462,662 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/01/09 18:48:21 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2005/01/09 18:48:21 | 000,080,266 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/01/09 18:48:21 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2005/01/09 18:48:20 | 000,005,151 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005/01/09 18:48:18 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/01/09 18:48:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/01/09 18:48:07 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2005/01/09 18:48:07 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2005/01/09 18:48:01 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2005/01/09 18:47:52 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2005/01/09 12:00:34 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/01/09 11:59:39 | 001,564,640 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/01/07 18:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2006/02/07 13:33:56 | 000,000,189 | ---- | M] () -- C:\audio.log
[2005/01/09 20:13:09 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2007/05/19 00:53:58 | 000,000,222 | ---- | M] () -- C:\blackb.log
[2011/05/14 21:28:01 | 000,000,221 | RHS- | M] () -- C:\boot.ini
[2005/01/09 20:13:09 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2008/12/28 23:33:30 | 000,000,712 | ---- | M] () -- C:\drwtsn32.log
[2008/11/11 04:20:12 | 000,000,055 | ---- | M] () -- C:\DVDPATH.TXT
[2011/05/17 11:46:49 | 2145,964,032 | -HS- | M] () -- C:\hiberfil.sys
[2008/12/05 03:19:17 | 000,009,198 | ---- | M] () -- C:\install_Owner_01000005.ERR
[2005/01/09 20:13:09 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/02/07 15:28:03 | 000,003,441 | -H-- | M] () -- C:\IPH.PH
[2006/02/07 13:22:42 | 000,000,086 | ---- | M] () -- C:\lan.log
[2010/12/06 22:37:35 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2005/01/09 20:13:09 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/10 14:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/08/18 19:30:19 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2006/02/07 13:34:13 | 000,000,086 | ---- | M] () -- C:\nvida.log
[2011/05/17 11:46:42 | 1409,286,144 | -HS- | M] () -- C:\pagefile.sys
[2009/01/20 15:43:16 | 000,002,833 | ---- | M] () -- C:\rapport.txt
[1996/09/15 22:00:00 | 000,202,240 | -H-- | M] (DreamWorks Interactive) -- C:\setup95.exe
[2007/07/14 13:27:36 | 000,000,014 | ---- | M] () -- C:\shutdown.bat
[2005/10/31 10:56:00 | 000,700,416 | ---- | M] (LimeWire) -- C:\StubInstaller.exe
[2011/05/17 11:44:23 | 000,057,432 | ---- | M] () -- C:\TDSSKiller.2.5.1.0_17.05.2011_11.42.01_log.txt
[2006/11/16 02:53:36 | 000,002,721 | ---- | M] () -- C:\test.dat

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2005/01/09 20:12:07 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll
[2008/07/06 05:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.scr >
[2001/06/11 14:59:42 | 001,310,208 | ---- | M] () -- C:\WINDOWS\fire.scr
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >
[2011/01/13 18:36:22 | 000,001,794 | -H-- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\LastFlashConfig.WFC

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/04/13 19:11:51 | 001,267,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\comsvcs.dll
[18 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2005/01/09 11:58:49 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2005/01/09 11:58:49 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2005/01/09 11:58:49 | 000,868,352 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\user32.dll /md5 >
[2008/04/13 19:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll
[18 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\ws2_32.dll /md5 >
[2008/04/13 19:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll
[18 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\ws2help.dll /md5 >
[2008/04/13 19:12:10 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=9789E95E1D88EEB4B922BF3EA7779C28 -- C:\WINDOWS\system32\ws2help.dll
[18 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
"NoAutoRebootWithLoggedOnUsers" = 1

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-05-22 14:52:37

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/05/02 12:13:49 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/05/02 12:13:49 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/05/02 12:13:49 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/05/02 12:13:47 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/05/02 12:13:47 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/05/02 12:13:47 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/02/17 06:43:27 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/02/17 06:43:27 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/02/17 06:43:27 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2011/02/14 07:17:08 | 000,634,648 | ---- | M] (Microsoft Corporation)

========== Alternate Data Streams ==========

@Alternate Data Stream - 1333 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:FALBaEW5VBVdSc3MgQp0NqNmLfc
@Alternate Data Stream - 1331 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:KHRbNayPN9qMiv8unsOV1vEs
@Alternate Data Stream - 1299 bytes -> C:\Program Files\Common Files\Microsoft Shared:7zdMWE4a2FF0T79VFetKj3S9
@Alternate Data Stream - 1264 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:2AfbUooKmSk00Oa5eXnD0InqG
@Alternate Data Stream - 1258 bytes -> C:\Program Files\Common Files\System:Lucm28Ug5upzRvxprJOE
@Alternate Data Stream - 1242 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:hf3NxUKJRZPBfremE
@Alternate Data Stream - 1226 bytes -> C:\Documents and Settings\Owner\Local Settings\Application Data\6gQ9gkcse:QsIUr4NjTbFoOG3lN
@Alternate Data Stream - 1225 bytes -> C:\Documents and Settings\Owner\Local Settings\Application Data\6Pv3Ywnb:d0TE8h8aXsIQ47BkvGFhjNw
@Alternate Data Stream - 1215 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:uup9kfxfHHOEiNvH1C4r6aR9Q
@Alternate Data Stream - 1215 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:smbGWmk4j8dU8pnBiIVJWo
@Alternate Data Stream - 1209 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:IPe7FVclDGsgCtQ9Mt6sYTa2zzu
@Alternate Data Stream - 1203 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:n9Z2QUOg9Ggz0JaELnO0WxEEO
@Alternate Data Stream - 1184 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:AQDxTi4UD72gR8aUfxbpX1Df
@Alternate Data Stream - 1161 bytes -> C:\Program Files\WindowsUpdate:rK9WpcDj4LMB2iRF02lLHFsCD
@Alternate Data Stream - 1154 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:5fntgWxAbHQbrbjAYSslr7Q
@Alternate Data Stream - 1143 bytes -> C:\Program Files\Common Files\Microsoft Shared:cHzRzdGjzH1BCpo22eOlKHlyFQS
@Alternate Data Stream - 1113 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:lqzAt1YXfUtWNEVWMYDxKpyNhh5
@Alternate Data Stream - 1111 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:zAnjZntUxoPQtDlNqMh14KBC
@Alternate Data Stream - 1106 bytes -> C:\Documents and Settings\Owner\Cookies:IbjSD4byQVhbp0j1TAZRqvGkL

< End of report >

#15
Anderwolf

Posted 22 May 2011 - 09:18 AM

Member

Topic Starter
Member
89 posts

aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software
Run date: 2011-05-22 10:11:37
-----------------------------
10:11:37.187 OS Version: Windows 5.1.2600 Service Pack 3
10:11:37.187 Number of processors: 2 586 0x2B01
10:11:37.187 ComputerName: ANDERWOLF UserName: Owner
10:11:39.078 Initialize success
10:11:41.578 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-3
10:11:41.578 Disk 0 Vendor: HDT722525DLAT80 V44OA96A Size: 238475MB BusType: 3
10:11:41.578 Disk 0 MBR read error 0
10:11:41.578 Disk 0 MBR scan
10:11:41.578 Disk 0 unknown MBR code
10:11:41.578 MBR BIOS signature not found 0
10:11:41.578 Disk 0 scanning sectors +488392065
10:11:41.578 Disk 0 scanning C:\WINDOWS\system32\drivers
10:11:49.031 Service scanning
10:11:50.546 Disk 0 trace - called modules:
10:11:50.546 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys sptd.sys >>UNKNOWN [0x843728ac]<<
10:11:50.562 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8426c290]
10:11:50.562 3 CLASSPNP.SYS[ba168fd7] -> nt!IofCallDriver -> \Device\000000a7[0x842ef510]
10:11:50.578 5 ACPI.sys[b9e55620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-3[0x8423f940]
10:11:50.578 Scan finished successfully
10:12:08.625 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"
10:12:08.625 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt"

TDS

2011/05/22 10:14:14.0031 6064 TDSS rootkit removing tool 2.5.1.0 May 13 2011 13:20:29
2011/05/22 10:14:14.0578 6064 ================================================================================
2011/05/22 10:14:14.0578 6064 SystemInfo:
2011/05/22 10:14:14.0578 6064
2011/05/22 10:14:14.0578 6064 OS Version: 5.1.2600 ServicePack: 3.0
2011/05/22 10:14:14.0578 6064 Product type: Workstation
2011/05/22 10:14:14.0578 6064 ComputerName: ANDERWOLF
2011/05/22 10:14:14.0578 6064 UserName: Owner
2011/05/22 10:14:14.0578 6064 Windows directory: C:\WINDOWS
2011/05/22 10:14:14.0578 6064 System windows directory: C:\WINDOWS
2011/05/22 10:14:14.0578 6064 Processor architecture: Intel x86
2011/05/22 10:14:14.0578 6064 Number of processors: 2
2011/05/22 10:14:14.0578 6064 Page size: 0x1000
2011/05/22 10:14:14.0578 6064 Boot type: Normal boot
2011/05/22 10:14:14.0578 6064 ================================================================================
2011/05/22 10:14:14.0984 6064 Initialize success
2011/05/22 10:14:33.0484 5244 ================================================================================
2011/05/22 10:14:33.0484 5244 Scan started
2011/05/22 10:14:33.0484 5244 Mode: Manual;
2011/05/22 10:14:33.0484 5244 ================================================================================
2011/05/22 10:14:34.0734 5244 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/05/22 10:14:34.0781 5244 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/05/22 10:14:34.0828 5244 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/05/22 10:14:34.0875 5244 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/05/22 10:14:34.0937 5244 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/05/22 10:14:35.0000 5244 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
2011/05/22 10:14:35.0046 5244 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/05/22 10:14:35.0125 5244 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/05/22 10:14:35.0187 5244 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/05/22 10:14:35.0218 5244 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/05/22 10:14:35.0234 5244 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/05/22 10:14:35.0421 5244 ALCXWDM (92ae420be14b0d97d14dac4aba22a702) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2011/05/22 10:14:35.0687 5244 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/05/22 10:14:35.0750 5244 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/05/22 10:14:35.0765 5244 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/05/22 10:14:35.0843 5244 AmdK8 (efbb0956baed786e137351b5ca272aef) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
2011/05/22 10:14:35.0859 5244 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/05/22 10:14:35.0937 5244 APPFLT (c5b7a13349fc7f0e0fcd71b2506902c8) C:\WINDOWS\system32\Drivers\APPFLT.SYS
2011/05/22 10:14:36.0093 5244 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/05/22 10:14:36.0156 5244 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/05/22 10:14:36.0171 5244 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/05/22 10:14:36.0218 5244 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/05/22 10:14:36.0265 5244 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/05/22 10:14:36.0281 5244 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/05/22 10:14:36.0484 5244 ati2mtag (3e70faa23844e60111b21014bd8069ea) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/05/22 10:14:36.0703 5244 atksgt (3c4b9850a2631c2263507400d029057b) C:\WINDOWS\system32\DRIVERS\atksgt.sys
2011/05/22 10:14:36.0765 5244 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/05/22 10:14:37.0000 5244 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/05/22 10:14:37.0234 5244 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/05/22 10:14:37.0296 5244 BootScreen (3c6f5a708ebd7aca560ffad950f9f5da) C:\WINDOWS\System32\drivers\vidstub.sys
2011/05/22 10:14:37.0453 5244 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/05/22 10:14:37.0468 5244 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/05/22 10:14:37.0515 5244 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/05/22 10:14:37.0546 5244 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/05/22 10:14:37.0578 5244 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/05/22 10:14:37.0750 5244 Cdr4_xp (bf79e659c506674c0497cc9c61f1a165) C:\WINDOWS\system32\drivers\Cdr4_xp.sys
2011/05/22 10:14:37.0796 5244 Cdralw2k (2c41cd49d82d5fd85c72d57b6ca25471) C:\WINDOWS\system32\drivers\Cdralw2k.sys
2011/05/22 10:14:37.0828 5244 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/05/22 10:14:37.0937 5244 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/05/22 10:14:38.0015 5244 cpoint (263fde4feea292b5586389afb2858506) C:\WINDOWS\system32\Drivers\cpoint.sys
2011/05/22 10:14:38.0046 5244 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/05/22 10:14:38.0156 5244 cpuz134 (75fa19142531cbf490770c2988a7db64) C:\Program Files\CPUID\PC Wizard 2010\pcwiz_x32.sys
2011/05/22 10:14:38.0296 5244 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/05/22 10:14:38.0312 5244 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/05/22 10:14:38.0406 5244 dalwdmservice (0732328832de5d31a5ffaf3ba99b9db7) C:\WINDOWS\system32\drivers\dalwdm.sys
2011/05/22 10:14:38.0437 5244 DigiNet (e70ac14f6addcc9589cf513af725178c) C:\WINDOWS\system32\DRIVERS\diginet.sys
2011/05/22 10:14:38.0515 5244 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/05/22 10:14:38.0578 5244 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/05/22 10:14:38.0687 5244 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/05/22 10:14:38.0734 5244 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/05/22 10:14:38.0781 5244 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/05/22 10:14:38.0828 5244 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/05/22 10:14:38.0875 5244 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/05/22 10:14:38.0937 5244 DSAFLT (452a6a6680c4fb1deb954e9e81dabfe0) C:\WINDOWS\system32\Drivers\DSAFLT.SYS
2011/05/22 10:14:39.0000 5244 EAPPkt (efacd8d57a42a93e244a0dbd357e8cb8) C:\WINDOWS\system32\DRIVERS\EAPPkt.sys
2011/05/22 10:14:39.0171 5244 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/05/22 10:14:39.0234 5244 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/05/22 10:14:39.0250 5244 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/05/22 10:14:39.0281 5244 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/05/22 10:14:39.0328 5244 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/05/22 10:14:39.0343 5244 FNETMON (95a094f79aa55765b09fba05ebc33493) C:\WINDOWS\system32\Drivers\fnetmon.SYS
2011/05/22 10:14:39.0500 5244 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/05/22 10:14:39.0531 5244 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/05/22 10:14:39.0578 5244 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2011/05/22 10:14:39.0609 5244 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/05/22 10:14:39.0718 5244 hamachi (64b48a0d899deca24c424a2cac3ecffa) C:\WINDOWS\system32\DRIVERS\hamachi.sys
2011/05/22 10:14:39.0875 5244 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/05/22 10:14:39.0921 5244 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/05/22 10:14:39.0984 5244 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/05/22 10:14:40.0046 5244 HSFHWBS2 (c02dc9d4358e43d088f2061c2b2bf30e) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
2011/05/22 10:14:40.0109 5244 HSF_DPV (cbf6831420a97e8fbb91e5f52b707ef7) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
2011/05/22 10:14:40.0281 5244 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/05/22 10:14:40.0343 5244 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/05/22 10:14:40.0359 5244 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/05/22 10:14:40.0390 5244 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/05/22 10:14:40.0453 5244 IDSFLT (e56a7c95f2e7683539e97e88cc0c71da) C:\WINDOWS\system32\Drivers\IDSFLT.SYS
2011/05/22 10:14:40.0609 5244 iLokDrvr (e6a446d82c5c3d7c2f4e4ab02ea1409b) C:\WINDOWS\system32\DRIVERS\iLokDrvr.sys
2011/05/22 10:14:40.0640 5244 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/05/22 10:14:40.0718 5244 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/05/22 10:14:40.0750 5244 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/05/22 10:14:40.0796 5244 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/05/22 10:14:40.0828 5244 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/05/22 10:14:40.0953 5244 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/05/22 10:14:40.0984 5244 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/05/22 10:14:41.0015 5244 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/05/22 10:14:41.0078 5244 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/05/22 10:14:41.0187 5244 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/05/22 10:14:41.0234 5244 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/05/22 10:14:41.0296 5244 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/05/22 10:14:41.0343 5244 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/05/22 10:14:41.0421 5244 KORGUMDS (9364ada3a74142099f09b9af180394c9) C:\WINDOWS\system32\Drivers\KORGUMDS.SYS
2011/05/22 10:14:41.0562 5244 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/05/22 10:14:41.0671 5244 lirsgt (4127e8b6ddb4090e815c1f8852c277d3) C:\WINDOWS\system32\DRIVERS\lirsgt.sys
2011/05/22 10:14:41.0765 5244 MBX2DFU (64753fe65431b92d6fb64cc338757e32) C:\WINDOWS\system32\DRIVERS\MBX2DFU.sys
2011/05/22 10:14:41.0796 5244 MBX2MIDK (0f110335ddbe99a683e6646812d23c43) C:\WINDOWS\system32\drivers\mbx2midk.sys
2011/05/22 10:14:41.0859 5244 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/05/22 10:14:42.0000 5244 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
2011/05/22 10:14:42.0046 5244 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/05/22 10:14:42.0109 5244 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/05/22 10:14:42.0140 5244 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/05/22 10:14:42.0187 5244 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/05/22 10:14:42.0203 5244 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/05/22 10:14:42.0265 5244 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/05/22 10:14:42.0312 5244 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/05/22 10:14:42.0390 5244 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/05/22 10:14:42.0500 5244 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/05/22 10:14:42.0531 5244 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/05/22 10:14:42.0562 5244 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/05/22 10:14:42.0609 5244 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/05/22 10:14:42.0656 5244 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/05/22 10:14:42.0718 5244 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/05/22 10:14:42.0765 5244 mxnic (e1cdf20697d992cf83ff86dd04df1285) C:\WINDOWS\system32\DRIVERS\mxnic.sys
2011/05/22 10:14:42.0812 5244 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/05/22 10:14:42.0921 5244 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/05/22 10:14:42.0953 5244 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/05/22 10:14:42.0984 5244 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/05/22 10:14:43.0046 5244 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/05/22 10:14:43.0109 5244 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/05/22 10:14:43.0140 5244 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/05/22 10:14:43.0250 5244 netflt (3aee3bcb6fb3b17e827b7d3d7ccba32b) C:\WINDOWS\system32\Drivers\NETFLT.SYS
2011/05/22 10:14:43.0296 5244 NETFLTDI (2c1afcfee83398fad9ed69ade847eb84) C:\WINDOWS\system32\Drivers\NETFLTDI.SYS
2011/05/22 10:14:43.0375 5244 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/05/22 10:14:43.0406 5244 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/05/22 10:14:43.0453 5244 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/05/22 10:14:43.0562 5244 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/05/22 10:14:43.0734 5244 nv (84c65aa58ae1ede93716439267a23d40) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/05/22 10:14:43.0890 5244 NVENETFD (2a7a2c6ab9631028b6e3a4159aa65705) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
2011/05/22 10:14:43.0921 5244 nvnetbus (20526a8827dc0956b5526aebcb6751a0) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
2011/05/22 10:14:43.0984 5244 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/05/22 10:14:44.0015 5244 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/05/22 10:14:44.0062 5244 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/05/22 10:14:44.0187 5244 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys
2011/05/22 10:14:44.0218 5244 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/05/22 10:14:44.0234 5244 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/05/22 10:14:44.0296 5244 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/05/22 10:14:44.0343 5244 PAVDRV (7900ea032d6ed4f9adc9959c3beb5f43) C:\WINDOWS\system32\DRIVERS\pavdrv51.sys
2011/05/22 10:14:44.0406 5244 PavProc (4d575c14fce1ec32c45ec8ceefbafa3a) C:\WINDOWS\system32\DRIVERS\PavProc.sys
2011/05/22 10:14:44.0625 5244 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/05/22 10:14:44.0687 5244 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/05/22 10:14:44.0734 5244 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/05/22 10:14:44.0875 5244 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/05/22 10:14:44.0906 5244 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/05/22 10:14:45.0015 5244 PnkBstrK (8292465b89d95eb4f78c46709b7a9888) C:\WINDOWS\system32\drivers\PnkBstrK.sys
2011/05/22 10:14:45.0156 5244 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/05/22 10:14:45.0203 5244 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/05/22 10:14:45.0218 5244 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/05/22 10:14:45.0296 5244 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/05/22 10:14:45.0328 5244 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/05/22 10:14:45.0343 5244 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/05/22 10:14:45.0375 5244 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/05/22 10:14:45.0406 5244 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/05/22 10:14:45.0437 5244 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/05/22 10:14:45.0453 5244 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/05/22 10:14:45.0484 5244 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/05/22 10:14:45.0531 5244 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/05/22 10:14:45.0656 5244 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/05/22 10:14:45.0687 5244 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/05/22 10:14:45.0750 5244 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/05/22 10:14:45.0796 5244 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/05/22 10:14:45.0859 5244 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/05/22 10:14:46.0015 5244 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/05/22 10:14:46.0062 5244 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/05/22 10:14:46.0203 5244 RivaTuner32 (c0c8909be3ecc9df8089112bf9be954e) C:\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner32.sys
2011/05/22 10:14:46.0265 5244 RTLWUSB (691db86b09e13ca5d3e8881141738cc5) C:\WINDOWS\system32\DRIVERS\wg111v2.sys
2011/05/22 10:14:46.0421 5244 sbp2port (b244960e5a1db8e9d5d17086de37c1e4) C:\WINDOWS\system32\DRIVERS\sbp2port.sys
2011/05/22 10:14:46.0500 5244 SCDEmu (46b50c07abfda51d9b22212eaeb82d2b) C:\WINDOWS\system32\drivers\SCDEmu.sys
2011/05/22 10:14:46.0609 5244 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/05/22 10:14:46.0718 5244 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2011/05/22 10:14:46.0812 5244 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/05/22 10:14:46.0890 5244 ShldDrv (00deba8b42eeb9658ac59bdca025607f) C:\WINDOWS\system32\drivers\ShldDrv.sys
2011/05/22 10:14:46.0968 5244 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/05/22 10:14:47.0031 5244 SMSFLT (5ff7370a83ac6f163cfba43d053b3e92) C:\WINDOWS\system32\Drivers\SMSFLT.SYS
2011/05/22 10:14:47.0078 5244 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/05/22 10:14:47.0156 5244 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/05/22 10:14:47.0234 5244 sptd (d390675b8ce45e5fb359338e5e649329) C:\WINDOWS\system32\Drivers\sptd.sys
2011/05/22 10:14:47.0234 5244 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: d390675b8ce45e5fb359338e5e649329
2011/05/22 10:14:47.0250 5244 sptd - detected LockedFile.Multi.Generic (1)
2011/05/22 10:14:47.0296 5244 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/05/22 10:14:47.0390 5244 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/05/22 10:14:47.0500 5244 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/05/22 10:14:47.0531 5244 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/05/22 10:14:47.0625 5244 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/05/22 10:14:47.0656 5244 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/05/22 10:14:47.0687 5244 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/05/22 10:14:47.0718 5244 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/05/22 10:14:47.0765 5244 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/05/22 10:14:47.0859 5244 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/05/22 10:14:47.0921 5244 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/05/22 10:14:47.0984 5244 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/05/22 10:14:48.0078 5244 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/05/22 10:14:48.0156 5244 tmcomm (4dc436421c9d745d7e8c37f956701c78) C:\WINDOWS\system32\drivers\tmcomm.sys
2011/05/22 10:14:48.0218 5244 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/05/22 10:14:48.0281 5244 TPkd (409a577fd5781c717e55a28717514c58) C:\WINDOWS\system32\drivers\TPkd.sys
2011/05/22 10:14:48.0343 5244 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/05/22 10:14:48.0421 5244 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/05/22 10:14:48.0500 5244 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/05/22 10:14:48.0609 5244 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/05/22 10:14:48.0671 5244 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/05/22 10:14:48.0718 5244 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/05/22 10:14:48.0812 5244 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/05/22 10:14:48.0843 5244 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/05/22 10:14:48.0906 5244 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/05/22 10:14:48.0953 5244 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/05/22 10:14:49.0000 5244 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/05/22 10:14:49.0031 5244 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/05/22 10:14:49.0125 5244 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/05/22 10:14:49.0156 5244 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/05/22 10:14:49.0281 5244 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/05/22 10:14:49.0296 5244 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/05/22 10:14:49.0328 5244 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/05/22 10:14:49.0375 5244 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/05/22 10:14:49.0437 5244 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
2011/05/22 10:14:49.0500 5244 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/05/22 10:14:49.0640 5244 winachsf (59d043485a6eda2ed2685c81489ae5bd) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/05/22 10:14:49.0796 5244 WNMFLT (68fd64a36ae9dbe3a8ec177d8353f6af) C:\WINDOWS\system32\Drivers\WNMFLT.SYS
2011/05/22 10:14:49.0843 5244 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2011/05/22 10:14:49.0875 5244 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/05/22 10:14:49.0953 5244 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/05/22 10:14:50.0062 5244 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/05/22 10:14:50.0140 5244 ================================================================================
2011/05/22 10:14:50.0140 5244 Scan finished
2011/05/22 10:14:50.0140 5244 ================================================================================
2011/05/22 10:14:50.0171 5048 Detected object count: 1
2011/05/22 10:15:13.0781 5048 LockedFile.Multi.Generic(sptd) - User select action: Skip