Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Redirects after infection [Solved]


  • This topic is locked This topic is locked

#1
mkarl1

mkarl1

    Member

  • Member
  • PipPip
  • 10 posts
I picked up a virus while searching for a torrent for an ebook. I was getting miltiple pages opening in firefox and popups all over and fake restarts and blue screens of death.I ran the microsoft stand alone sys tool disk and then my spybot, afterwards pcmatic. The problem is much improved only occasional second screen when browsing but seems much slower. I ran the highjack this program, seems like I need to eliminate a bunch of stuff but what?

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:13:59 PM, on 11/21/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\dgrpencx.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\vsnpstd3.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\PCPitstop\Info Center\InfoCenter.exe
C:\Program Files\Sprint\Sprint SmartView\RDVCHG.exe
C:\WINDOWS\Temp\_ex-68.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\PCPitstop\Download Nitro\pcpitstop-nitro.exe
C:\WINDOWS\system32\spider.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\System32\ping.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = drpepper.tonservices.com:3128
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Info Center] C:\Program Files\PCPitstop\Info Center\InfoCenter.exe
O4 - HKLM\..\Run: [Sprint SmartView] "C:\Program Files\Sprint\Sprint SmartView\SprintSV.exe" -a
O4 - HKLM\..\Run: [RDVCHG] "C:\Program Files\Sprint\Sprint SmartView\RDVCHG.exe"
O4 - HKLM\..\Run: [MozillaAgent] C:\WINDOWS\Temp\_ex-68.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\kmatheson\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\kmatheson\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Download Nitro] "C:\Program Files\PCPitstop\Download Nitro\pcpitstop-nitro.exe" -autorun
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://utilities.pcp...ols/pcmatic.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = toncorp.tonservices.com
O17 - HKLM\Software\..\Telephony: DomainName = toncorp.tonservices.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = toncorp.tonservices.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = toncorp.tonservices.com,fjcomm.com,flyingj.com,fjcomm.com,flyingj.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = toncorp.tonservices.com,fjcomm.com,flyingj.com,fjcomm.com,flyingj.com
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Digi RealPort Network Service (DgRpEncx) - Digi International Inc. - C:\WINDOWS\system32\dgrpencx.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (file missing)
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
O23 - Service: NovaCore SDK Service (NvtlService) - Unknown owner - C:\Program Files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
O23 - Service: PCPitstop Scheduling - PC Pitstop LLC - C:\Program Files\PCPitstop\PCPitstopScheduleService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: Sprint RcAppSvc (SprintRcAppSvc) - SmithMicro Inc. - C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

--
End of file - 8694 bytes


Here is the OTL log

OTL logfile created on: 11/21/2011 9:10:49 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\kmatheson\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.05 Gb Available Physical Memory | 52.84% Memory free
3.84 Gb Paging File | 3.10 Gb Available in Paging File | 80.80% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 7.51 Gb Free Space | 10.08% Space Free | Partition Type: NTFS
Drive D: | 219.68 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive E: | 975.53 Mb Total Space | 892.27 Mb Free Space | 91.46% Space Free | Partition Type: FAT32

Computer Name: KARLITO | User Name: kmatheson | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/21 20:55:11 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\kmatheson\Desktop\OTL.exe
PRC - [2011/11/20 12:03:02 | 000,885,248 | ---- | M] (mIRC Co. Ltd.) -- C:\WINDOWS\Temp\_ex-68.exe
PRC - [2011/08/03 11:16:48 | 000,024,216 | ---- | M] (PC Pitstop LLC) -- C:\Program Files\PCPitstop\Info Center\InfoCenter.exe
PRC - [2011/06/30 04:01:40 | 003,597,520 | ---- | M] (PC Pitstop, LLC) -- C:\Program Files\PCPitstop\Download Nitro\pcpitstop-nitro.exe
PRC - [2011/05/31 09:20:22 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\real\realplayer\Update\realsched.exe
PRC - [2010/12/15 14:54:44 | 000,316,736 | ---- | M] (C-motech Co.,Ltd) -- C:\Program Files\Sprint\Sprint SmartView\RDVCHG.exe
PRC - [2010/03/25 18:42:36 | 000,388,096 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
PRC - [2010/01/11 14:10:52 | 000,082,944 | ---- | M] () -- C:\Program Files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
PRC - [2009/06/18 10:12:40 | 001,025,512 | ---- | M] (Digi International Inc.) -- C:\WINDOWS\system32\dgrpencx.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/23 00:46:56 | 000,431,472 | ---- | M] (Juniper Networks) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
PRC - [2008/04/13 17:12:36 | 000,538,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spider.exe
PRC - [2008/04/13 17:12:31 | 000,017,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ping.exe
PRC - [2008/04/13 17:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/09/19 08:07:28 | 000,827,392 | ---- | M] () -- C:\WINDOWS\vsnpstd3.exe


========== Modules (No Company Name) ==========

MOD - [2010/11/18 12:28:54 | 000,061,440 | ---- | M] () -- C:\Program Files\PCPitstop\Download Nitro\iefdmdm.dll
MOD - [2010/02/08 18:34:32 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\7c743462baccf29b3567b0e3ec9ac134\System.Configuration.ni.dll
MOD - [2010/02/08 14:56:00 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\5913d3f81e77194ec833991b1047a532\System.Xml.ni.dll
MOD - [2010/02/08 14:55:52 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d2ea8d76f015817db1607075812b555f\System.Windows.Forms.ni.dll
MOD - [2010/02/08 14:55:35 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\abb2ac7e08bee026f857d8fa36f9fe6f\System.Drawing.ni.dll
MOD - [2010/02/08 14:53:55 | 007,868,416 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\3de5bd01124463d7862bd173af90bc83\System.ni.dll
MOD - [2010/02/08 14:53:44 | 011,486,720 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\7124a40b9998f7b63c86bd1a2125ce26\mscorlib.ni.dll
MOD - [2010/01/11 14:10:52 | 000,082,944 | ---- | M] () -- C:\Program Files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
MOD - [2008/06/20 10:46:57 | 000,245,248 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll
MOD - [2008/06/20 10:46:57 | 000,245,248 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll
MOD - [2006/09/19 08:07:28 | 000,827,392 | ---- | M] () -- C:\WINDOWS\vsnpstd3.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (IDriverT)
SRV - [2011/08/03 11:18:06 | 000,091,304 | ---- | M] (PC Pitstop LLC) [On_Demand | Stopped] -- C:\Program Files\PCPitstop\PCPitstopScheduleService.exe -- (PCPitstop Scheduling)
SRV - [2010/12/15 14:54:44 | 000,120,128 | ---- | M] (SmithMicro Inc.) [On_Demand | Stopped] -- C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe -- (SprintRcAppSvc)
SRV - [2010/09/27 13:47:14 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Stopped] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2010/06/25 10:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2010/02/19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/11 14:10:52 | 000,082,944 | ---- | M] () [Auto | Running] -- C:\Program Files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe -- (NvtlService)
SRV - [2009/09/28 02:15:06 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2009/06/18 10:12:40 | 001,025,512 | ---- | M] (Digi International Inc.) [On_Demand | Running] -- C:\WINDOWS\system32\dgrpencx.exe -- (DgRpEncx)
SRV - [2009/01/23 00:46:56 | 000,431,472 | ---- | M] (Juniper Networks) [On_Demand | Running] -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)
SRV - [2008/04/13 17:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)
SRV - [2008/04/13 17:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP)
SRV - [2008/04/13 17:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (MSFtpsvc)
SRV - [2008/04/13 17:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2006/01/04 23:06:02 | 000,163,840 | ---- | M] (Alex Feinman) [On_Demand | Stopped] -- C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe -- (Imapi Helper)


========== Driver Services (SafeList) ==========

DRV - [2010/12/15 14:38:22 | 000,229,376 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2010/12/15 14:38:14 | 000,018,816 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\tcpipBM.sys -- (tcpipBM)
DRV - [2010/12/15 14:38:10 | 000,038,680 | ---- | M] (PCTEL Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctnullport.sys -- (Nmea)
DRV - [2010/12/15 14:35:56 | 000,032,408 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCTINDIS5.sys -- (PCTINDIS5)
DRV - [2010/09/27 13:50:44 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2010/06/25 10:07:14 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2010/06/01 01:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/05/04 11:50:36 | 000,105,544 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DIFMNET.sys -- (DIFMNET)
DRV - [2010/04/28 12:03:02 | 000,164,552 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DIFMVsp.sys -- (DIFMVsp)
DRV - [2010/04/28 12:03:00 | 000,164,552 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DIFMNVsp.sys -- (DIFMNVsp)
DRV - [2010/04/28 12:03:00 | 000,164,552 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DIFMMdm.sys -- (DIFMMdm)
DRV - [2010/04/28 12:03:00 | 000,164,552 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DIFMCVsp.sys -- (DIFMCVsp)
DRV - [2010/04/28 12:03:00 | 000,056,392 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DIFMBUS.sys -- (DIFMBUS)
DRV - [2010/03/26 21:07:28 | 000,319,488 | ---- | M] (Beceem communications pvt ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\drxvi314.sys -- (bcm)
DRV - [2010/03/26 20:04:24 | 000,051,456 | ---- | M] (Beceem communications pvt ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BcmBusCtr.sys -- (bcmbusctr)
DRV - [2010/01/11 14:11:46 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2009/06/18 10:12:40 | 000,152,376 | ---- | M] (Digi International Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\digirlpt.sys -- (DIGIRPS)
DRV - [2009/01/23 00:27:22 | 000,023,552 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dsNcAdpt.sys -- (dsNcAdpt)
DRV - [2008/12/01 18:39:34 | 000,005,152 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\io.sys -- (io.sys)
DRV - [2008/07/24 17:46:10 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008/06/02 10:42:52 | 001,287,552 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2008/04/13 11:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2007/12/23 16:18:48 | 000,068,696 | ---- | M] (O2Micro) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\oz776.sys -- (guardian2)
DRV - [2007/05/28 11:10:38 | 000,156,416 | ---- | M] (Lumenera Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lucam09e.sys -- (USBLucam09e) Lumenera Camera (09e)
DRV - [2007/05/28 11:10:14 | 000,017,408 | ---- | M] (Lumenera Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\luldr09e.sys -- (luldr09e) Lumenera USB Loader Driver (luldr09e.sys)
DRV - [2007/05/10 09:24:34 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/03/27 17:19:36 | 010,252,544 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\snpstd3.sys -- (SNPSTD3) USB PC Camera (SNPSTD3)
DRV - [2005/10/26 09:01:02 | 000,142,720 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2005/09/28 19:57:18 | 000,113,847 | R--- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2005/09/26 09:44:14 | 000,018,124 | ---- | M] (SofTec Microsystems) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\sftdrv01.sys -- (uDART01)
DRV - [2005/09/02 14:06:35 | 000,042,240 | R--- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2plms.sys -- (ser2plms)
DRV - [2005/08/18 18:22:30 | 000,110,080 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2005/08/10 08:48:28 | 000,329,072 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\windrvr6.sys -- (WinDriver6)
DRV - [2005/05/17 03:51:34 | 000,005,315 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2004/06/04 12:12:10 | 000,379,488 | ---- | M] (NETGEAR, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wg111nd5.sys -- (wg111nd5)
DRV - [2004/03/23 19:12:34 | 000,017,280 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\nsndis5.sys -- (NSNDIS5)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.bing.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = drpepper.tonservices.com:3128

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "TV Bar 1.4 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.startup.homepage: "http://google.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\kmatheson\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\kmatheson\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/05/31 09:20:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/12 18:50:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/21 14:59:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/05/31 09:20:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011/06/21 14:59:09 | 000,000,000 | ---D | M]

[2008/09/26 22:34:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\kmatheson\Application Data\Mozilla\Extensions
[2011/11/12 18:50:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\kmatheson\Application Data\Mozilla\Firefox\Profiles\pbi9mty2.default\extensions
[2011/11/12 18:50:26 | 000,000,000 | ---D | M] (FireShot) -- C:\Documents and Settings\kmatheson\Application Data\Mozilla\Firefox\Profiles\pbi9mty2.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2010/07/09 19:23:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\kmatheson\Application Data\Mozilla\Firefox\Profiles\pbi9mty2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/08/05 11:30:24 | 000,000,000 | ---D | M] (20-20 3D Viewer - IKEA) -- C:\Documents and Settings\kmatheson\Application Data\Mozilla\Firefox\Profiles\pbi9mty2.default\extensions\[email protected]
[2011/11/12 18:50:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/11/12 18:50:20 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/05/26 23:04:02 | 000,155,648 | ---- | M] (Dassault Systèmes SolidWorks Corp.) -- C:\Program Files\mozilla firefox\plugins\npEModelPlugin.dll
[2011/10/03 19:55:45 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/12 18:50:20 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Yahoo! (Enabled)
CHR - default_search_provider: search_url = http://search.yahoo....p={searchTerms}
CHR - default_search_provider: suggest_url = http://ff.search.yah...d={searchTerms}
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\kmatheson\Local Settings\Application Data\Google\Chrome\Application\9.0.597.107\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Documents and Settings\kmatheson\Local Settings\Application Data\Google\Chrome\Application\9.0.597.107\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\kmatheson\Local Settings\Application Data\Google\Chrome\Application\9.0.597.107\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: EModel scriptable Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npEModelPlugin.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\kmatheson\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Documents and Settings\kmatheson\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.50917.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Entanglement = C:\Documents and Settings\kmatheson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.1.1_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\kmatheson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.3_0\
CHR - Extension: Poppit = C:\Documents and Settings\kmatheson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\

O1 HOSTS File: ([2010/11/10 21:40:53 | 000,424,689 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14637 more lines...
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Info Center] C:\Program Files\PCPitstop\Info Center\InfoCenter.exe (PC Pitstop LLC)
O4 - HKLM..\Run: [MozillaAgent] C:\WINDOWS\Temp\_ex-68.exe (mIRC Co. Ltd.)
O4 - HKLM..\Run: [RDVCHG] C:\Program Files\Sprint\Sprint SmartView\RDVCHG.exe (C-motech Co.,Ltd)
O4 - HKLM..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe ()
O4 - HKLM..\Run: [Sprint SmartView] C:\Program Files\Sprint\Sprint SmartView\SprintSV.exe (Sprint)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [Download Nitro] C:\Program Files\PCPitstop\Download Nitro\pcpitstop-nitro.exe (PC Pitstop, LLC)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - Reg Error: Value error. File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - mswsock.dll File not found
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcp...ols/pcmatic.cab (PCPitstop Utility)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.3.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = toncorp.tonservices.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{96BFF13D-E4B3-4F4C-BAD2-653C65FF98F2}: DhcpNameServer = 192.168.0.1 205.171.3.25
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O20 - Winlogon\Notify\NavLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/09/23 16:14:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{a563f884-3abb-11de-bd39-00059a3c7800}\Shell - "" = AutoRun
O33 - MountPoints2\{a563f884-3abb-11de-bd39-00059a3c7800}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a563f884-3abb-11de-bd39-00059a3c7800}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{dc204e82-66b9-11de-bd3f-001c2320c79b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{dc204e82-66b9-11de-bd3f-001c2320c79b}\Shell\AutoRun\command - "" = E:\autorun.exe
O33 - MountPoints2\{dc204e82-66b9-11de-bd3f-001c2320c79b}\Shell\phone\command - "" = E:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/21 20:55:11 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\kmatheson\Desktop\OTL.exe
[2011/11/21 17:32:27 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/11/21 17:32:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kmatheson\Start Menu\Programs\HiJackThis
[2011/11/20 18:28:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Real
[2011/11/20 16:26:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/11/20 12:53:13 | 000,000,000 | ---D | C] -- C:\Downloads
[2011/11/20 12:47:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kmatheson\Application Data\fOOOBtxxP0cS1b3
[2011/11/20 12:47:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kmatheson\Application Data\ggggRZ99hYwkUe
[2011/11/20 11:55:54 | 000,000,000 | ---D | C] -- C:\f2d6a1ccb26f829d42dde4
[2011/11/20 11:43:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kmatheson\Application Data\Z0uuS2ibb3pn5aH
[2011/11/20 11:43:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kmatheson\Application Data\bELL8ggRqhYwkVl
[2011/11/20 09:18:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kmatheson\Application Data\TpG55sJ6dEKgR9Y
[2011/11/20 09:18:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kmatheson\Application Data\QuuccS2iiF3pGaQ
[2011/11/20 00:52:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/11/20 00:41:59 | 000,000,000 | ---D | C] -- C:\Program Files\CA945
[2011/11/20 00:41:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kmatheson\Application Data\DC0CA
[2011/11/20 00:41:17 | 000,000,000 | ---D | C] -- C:\Program Files\LP
[2011/11/20 00:41:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kmatheson\Application Data\V66ssWK7fRL9TXj
[2011/11/20 00:41:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kmatheson\Application Data\ikkkIBBrzP
[2011/11/20 00:40:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kmatheson\Application Data\KoonnF4amH5WJfE
[2011/11/20 00:40:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kmatheson\Application Data\KhhYYCwkUVrlNtP
[2011/11/18 19:41:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Sprint
[2011/11/18 19:40:48 | 000,000,000 | ---D | C] -- C:\Program Files\Novatel Wireless
[2011/11/18 19:40:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sprint
[2011/11/18 09:09:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Bytemobile
[2011/11/18 08:58:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kmatheson\Application Data\Bytemobile
[2011/11/18 08:56:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kmatheson\Application Data\Sprint
[2011/11/18 08:56:38 | 000,017,920 | ---- | C] (Sierra Wireless America, Inc.) -- C:\WINDOWS\System32\apintfnt.dll
[2011/11/18 08:56:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kmatheson\Application Data\Sierra Wireless
[2011/11/18 08:53:15 | 000,000,000 | ---D | C] -- C:\Program Files\Sprint
[2011/11/18 08:53:15 | 000,000,000 | ---D | C] -- C:\Program Files\Sierra Wireless
[2011/11/16 21:54:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kmatheson\My Documents\High-Raw
[2011/11/10 21:41:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2007/03/12 10:41:52 | 000,061,440 | ---- | C] ( ) -- C:\WINDOWS\System32\vsnpstd3.dll
[2005/11/23 11:55:32 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnpstd3.dll
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/21 21:10:25 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1004336348-1547161642-725345543-1265.job
[2011/11/21 21:10:25 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1004336348-1547161642-725345543-1265.job
[2011/11/21 20:58:03 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/11/21 20:55:11 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\kmatheson\Desktop\OTL.exe
[2011/11/21 20:36:00 | 000,000,892 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/21 20:26:00 | 000,000,994 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-1547161642-725345543-1265UA.job
[2011/11/21 19:36:01 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/21 17:34:04 | 000,000,430 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{637E1ED6-C5A7-4CAE-902F-44B1E3812E2D}.job
[2011/11/21 17:32:27 | 000,001,992 | ---- | M] () -- C:\Documents and Settings\kmatheson\Desktop\HiJackThis.lnk
[2011/11/21 16:57:24 | 000,365,056 | ---- | M] () -- C:\WINDOWS\System32\0.05237571743532454.exe
[2011/11/21 09:11:59 | 000,487,792 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/21 09:11:59 | 000,087,040 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/11/21 09:10:54 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/21 08:50:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/21 08:50:34 | 2137,120,768 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/20 12:00:44 | 000,004,730 | ---- | M] () -- C:\Documents and Settings\kmatheson\Application Data\ldr.ini
[2011/11/20 10:42:39 | 000,000,270 | RHS- | M] () -- C:\boot.ini
[2011/11/19 21:26:00 | 000,000,942 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-1547161642-725345543-1265Core.job
[2011/11/18 19:41:01 | 000,001,759 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Sprint SmartView.lnk
[2011/11/12 02:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-TONCORP-kmatheson.job
[2011/11/10 21:41:57 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2011/11/03 16:43:12 | 000,000,372 | ---- | M] () -- C:\Documents and Settings\kmatheson\My Documents\spider.sav
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/21 17:32:27 | 000,001,992 | ---- | C] () -- C:\Documents and Settings\kmatheson\Desktop\HiJackThis.lnk
[2011/11/21 16:57:18 | 000,365,056 | ---- | C] () -- C:\WINDOWS\System32\0.05237571743532454.exe
[2011/11/20 09:17:07 | 2137,120,768 | -HS- | C] () -- C:\hiberfil.sys
[2011/11/20 00:41:06 | 000,004,730 | ---- | C] () -- C:\Documents and Settings\kmatheson\Application Data\ldr.ini
[2011/11/18 19:41:01 | 000,001,759 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Sprint SmartView.lnk
[2011/11/10 21:41:57 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2011/03/15 10:59:16 | 000,000,061 | ---- | C] () -- C:\WINDOWS\TaxACT10.ini
[2010/09/21 15:33:33 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/09 21:46:50 | 000,000,252 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2010/06/25 10:03:12 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2010/03/26 21:00:56 | 002,031,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\macxvi200.bin
[2010/02/27 12:53:01 | 000,000,061 | ---- | C] () -- C:\WINDOWS\TaxACT09.ini
[2010/02/22 15:43:12 | 000,262,230 | R--- | C] () -- C:\WINDOWS\System32\CCNSMT.dll
[2010/01/11 18:58:08 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2009/09/28 02:15:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\eDrawingOfficeAutomator.INI
[2009/09/14 21:08:06 | 000,000,541 | ---- | C] () -- C:\WINDOWS\mcutools.ini
[2009/09/14 19:18:30 | 000,000,018 | -HS- | C] () -- C:\WINDOWS\WINPROD.DLL
[2009/08/18 10:34:38 | 000,007,909 | ---- | C] () -- C:\WINDOWS\System32\ftpctrs.ini
[2009/06/21 18:56:46 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2009/06/21 18:56:36 | 000,000,116 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2009/06/07 22:31:06 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/01/31 16:25:23 | 000,000,057 | ---- | C] () -- C:\WINDOWS\TaxACT08.ini
[2008/12/05 16:44:06 | 000,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2008/12/05 16:44:04 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2008/12/05 16:42:03 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2008/12/05 16:41:55 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2008/12/05 16:41:12 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2008/12/01 18:45:36 | 000,000,093 | ---- | C] () -- C:\WINDOWS\FreeOffers.ini
[2008/12/01 18:39:34 | 000,005,152 | ---- | C] () -- C:\WINDOWS\System32\drivers\io.sys
[2008/11/17 10:24:56 | 000,019,456 | ---- | C] () -- C:\Documents and Settings\kmatheson\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/31 08:18:05 | 000,000,103 | ---- | C] () -- C:\WINDOWS\System32\hptrace.ini
[2008/10/31 08:17:19 | 000,013,678 | ---- | C] () -- C:\WINDOWS\hpdj5800.ini
[2008/09/24 09:36:11 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/09/24 09:24:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2008/09/24 09:20:00 | 000,002,710 | ---- | C] () -- C:\WINDOWS\pw5.ini
[2008/09/24 09:16:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/09/24 09:05:00 | 000,000,168 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/09/24 07:34:40 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4814.dll
[2008/09/23 16:16:48 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/09/23 16:10:43 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/09/23 10:04:14 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/09/23 10:02:49 | 003,456,264 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/09/04 09:36:58 | 000,180,224 | R--- | C] () -- C:\WINDOWS\System32\SESUA.dll
[2007/08/06 10:07:30 | 000,008,784 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2007/03/16 16:00:00 | 000,003,403 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2006/09/19 08:07:28 | 000,827,392 | ---- | C] () -- C:\WINDOWS\vsnpstd3.exe
[2006/04/20 07:34:24 | 000,193,584 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2005/11/21 18:27:56 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\DialToNhsSvr.dll
[2005/11/21 18:27:54 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\ASPSleep.dll
[2005/08/17 15:05:18 | 000,000,717 | ---- | C] () -- C:\WINDOWS\mdselib.ini
[2004/08/04 05:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 05:00:00 | 000,487,792 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 05:00:00 | 000,087,040 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 05:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 05:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 05:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/05/12 19:56:36 | 000,634,880 | ---- | C] () -- C:\WINDOWS\System32\pemicro_serialcm2.dll
[2004/02/27 15:36:18 | 000,015,498 | ---- | C] () -- C:\WINDOWS\snpstd3.ini
[2003/07/30 08:56:04 | 000,007,749 | ---- | C] () -- C:\WINDOWS\mdsemcu.ini
[2003/06/17 16:20:28 | 000,005,358 | ---- | C] () -- C:\WINDOWS\hpfmdl01.dat
[2003/06/17 16:13:16 | 000,000,332 | ---- | C] () -- C:\WINDOWS\hpfins01.dat
[2000/08/03 12:25:12 | 000,023,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\pedrv.sys
[1998/10/02 09:20:46 | 000,005,200 | ---- | C] () -- C:\WINDOWS\System32\drivers\vichw11.sys
[1996/05/29 16:20:04 | 000,035,072 | ---- | C] () -- C:\WINDOWS\System32\SENDKEY.DLL
[1996/04/03 20:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\drivers\GIVEIO.SYS

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\kmatheson\My Documents\xp pro keys.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\kmatheson\My Documents\Wireless Vendors.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\kmatheson\My Documents\windows_xp_services_that_can_be_disabled.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\kmatheson\My Documents\windows_xp_keyboard_shortcuts.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\kmatheson\My Documents\Watts vs VA.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\kmatheson\My Documents\Walton. KY.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\kmatheson\My Documents\Translux Manual.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\kmatheson\My Documents\sanderson engine development co.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\kmatheson\My Documents\PS.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\kmatheson\My Documents\PCV Jar Here is a device that you can build that will improve your gas mileage by at least 25.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\kmatheson\My Documents\noahproject.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\kmatheson\My Documents\Manually locating all the devices drivers on a Windows system can be a challenging task.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\kmatheson\My Documents\LPG Information Guide1.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\kmatheson\My Documents\knowledgepublications-dot-com-h2-geo-ride.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\kmatheson\My Documents\K-BOX.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\kmatheson\My Documents\Karl's Cover Letter for JP Morgan.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\kmatheson\My Documents\Karl.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\kmatheson\My Documents\JP Morgan Karl's Resume.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\kmatheson\My Documents\ISEwrite II Manual.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\kmatheson\My Documents\In the middle of remodel.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\kmatheson\My Documents\home ip.rtf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\kmatheson\My Documents\hdn.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\kmatheson\My Documents\Harris hd configurationsF.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\kmatheson\My Documents\Hardness1.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\kmatheson\My Documents\harborfreight6coupon.rtf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\kmatheson\My Documents\GORDON B.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\kmatheson\My Documents\financ 8-27-01.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\kmatheson\My Documents\ESR.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\kmatheson\My Documents\energy-savings-guide.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\kmatheson\My Documents\Dragon12_acc.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\kmatheson\My Documents\DLINK.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\kmatheson\My Documents\Direcway Notes.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\kmatheson\My Documents\debit switch numbers.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\kmatheson\My Documents\Dear Dad.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\kmatheson\My Documents\Conference Center.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\kmatheson\My Documents\Cisco config.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\kmatheson\My Documents\Canada Work Permit Form.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\kmatheson\My Documents\Can someone please enlighten me on the subject of fused and non.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\kmatheson\My Documents\Call board installation diagram for plaza without electronics closet.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\kmatheson\My Documents\CabcommOgden.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\kmatheson\My Documents\BuildAWindGenerator.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\kmatheson\My Documents\Build Your Own Electric Car.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\kmatheson\My Documents\BLOCK%20FIVS%20-%202071-SET-F2.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\kmatheson\My Documents\BIOCHEMICAL TERROR ATTACKS ARE LESS DEADLY THAN SCARY.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\kmatheson\My Documents\biick.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\kmatheson\My Documents\Aperto Networks.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\kmatheson\My Documents\Alibre Design License Key.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\kmatheson\My Documents\albtrip.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\kmatheson\My Documents\1909 CONSTRUCTION OF THE TITANIC.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\kmatheson\My Documents\18002384022.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\kmatheson\My Documents\10thingstoanewpc.pdf:Roxio EMC Stream

< End of report >
Thank you for sharing your expertise. Karl
  • 0

Advertisements


#2
Homburg

Homburg

    Trusted Helper

  • Malware Removal
  • 665 posts
Hello mkarl1 and welcome to GeeksToGo :)

I'm Steve and I'm going to help you fix your problem.

Note that I'm currently in training and my posts have to be approved by an expert before I reply.

  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you
  • Please do not try to fix anything without being asked
  • Please continue to follow my instructions until I tell you your machine is clean. Absence of symptoms does not mean that everything is clear.
  • I suggest you print or save any instructions I give you for easy reference. We may be using Safe mode and you will not always be able to access this thread.
  • I am currently reviewing your logs.

  • 0

#3
Homburg

Homburg

    Trusted Helper

  • Malware Removal
  • 665 posts
Hi,

Can you please do the following:


Step1:

Run OTLPosted Image
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = drpepper.tonservices.com:3128
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
    [2011/11/20 12:47:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kmatheson\Application Data\fOOOBtxxP0cS1b3
    [2011/11/20 12:47:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kmatheson\Application Data\ggggRZ99hYwkUe
    [2011/11/20 11:43:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kmatheson\Application Data\Z0uuS2ibb3pn5aH
    [2011/11/20 11:43:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kmatheson\Application Data\bELL8ggRqhYwkVl
    [2011/11/20 09:18:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kmatheson\Application Data\TpG55sJ6dEKgR9Y
    [2011/11/20 09:18:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kmatheson\Application Data\QuuccS2iiF3pGaQ
    [2011/11/20 00:41:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kmatheson\Application Data\V66ssWK7fRL9TXj
    [2011/11/20 00:41:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kmatheson\Application Data\ikkkIBBrzP
    [2011/11/20 00:40:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kmatheson\Application Data\KoonnF4amH5WJfE
    [2011/11/20 00:40:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kmatheson\Application Data\KhhYYCwkUVrlNtP
    [2011/11/21 16:57:24 | 000,365,056 | ---- | M] () -- C:\WINDOWS\System32\0.05237571743532454.exe
    
    :Services
    
    :Reg
    
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [emptytemp]
    [resethosts]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done and post the fix log
  • Open OTL again
  • Select All users (Important)
  • Click the Quick Scan button. Post the log it produces in your next reply.


Step 2:

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.



Step 3:

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Please remember to post:
OTL fix log
New OTL QuickScan log
ComboFix.txt log
TDSSkiller scan log

  • 0

#4
mkarl1

mkarl1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Steve. here is the OTL log
All processes killed
========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
C:\Documents and Settings\kmatheson\Application Data\fOOOBtxxP0cS1b3 folder moved successfully.
C:\Documents and Settings\kmatheson\Application Data\ggggRZ99hYwkUe folder moved successfully.
C:\Documents and Settings\kmatheson\Application Data\Z0uuS2ibb3pn5aH folder moved successfully.
C:\Documents and Settings\kmatheson\Application Data\bELL8ggRqhYwkVl folder moved successfully.
C:\Documents and Settings\kmatheson\Application Data\TpG55sJ6dEKgR9Y folder moved successfully.
C:\Documents and Settings\kmatheson\Application Data\QuuccS2iiF3pGaQ folder moved successfully.
C:\Documents and Settings\kmatheson\Application Data\V66ssWK7fRL9TXj folder moved successfully.
C:\Documents and Settings\kmatheson\Application Data\ikkkIBBrzP folder moved successfully.
C:\Documents and Settings\kmatheson\Application Data\KoonnF4amH5WJfE folder moved successfully.
C:\Documents and Settings\kmatheson\Application Data\KhhYYCwkUVrlNtP folder moved successfully.
C:\WINDOWS\system32\0.05237571743532454.exe moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\kmatheson\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\kmatheson\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 2761664 bytes
->Java cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes

User: KARLITO

User: kmatheson
->Temp folder emptied: 19907 bytes
->Temporary Internet Files folder emptied: 38876066 bytes
->Java cache emptied: 14821577 bytes
->FireFox cache emptied: 160968018 bytes
->Google Chrome cache emptied: 98947113 bytes
->Flash cache emptied: 331126 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 82322 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 133091434 bytes
->Java cache emptied: 1650513 bytes
->Flash cache emptied: 34342 bytes

User: rlattin
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 20381339 bytes
->FireFox cache emptied: 3147856 bytes

User: support
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 34064 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2162283 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 6712629 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 198492292 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 651.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: KARLITO

User: kmatheson
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService
->Flash cache emptied: 0 bytes

User: rlattin

User: support

Total Flash Files Cleaned = 0.00 mb

Unable to start service SrService!

OTL by OldTimer - Version 3.2.31.0 log created on 11232011_174520

Files\Folders moved on Reboot...
C:\WINDOWS\temp\Perflib_Perfdata_80.dat moved successfully.
C:\WINDOWS\temp\~DF1980.tmp moved successfully.
C:\WINDOWS\temp\~DF198C.tmp moved successfully.
C:\WINDOWS\temp\~DF1A46.tmp moved successfully.
C:\WINDOWS\temp\~DF1A67.tmp moved successfully.

Registry entries deleted on Reboot...
  • 0

#5
mkarl1

mkarl1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
new otl log all users quick scan

OTL logfile created on: 11/23/2011 6:12:08 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\kmatheson\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.29 Gb Available Physical Memory | 64.99% Memory free
3.84 Gb Paging File | 3.33 Gb Available in Paging File | 86.65% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 8.86 Gb Free Space | 11.88% Space Free | Partition Type: NTFS
Drive D: | 219.68 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive E: | 975.53 Mb Total Space | 892.27 Mb Free Space | 91.46% Space Free | Partition Type: FAT32

Computer Name: KARLITO | User Name: kmatheson | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/23 11:48:32 | 000,112,128 | ---- | M] () -- C:\WINDOWS\system32\56HFqRge.com
PRC - [2011/11/23 11:48:32 | 000,112,128 | ---- | M] () -- C:\WINDOWS\system32\56HFqRge.com_
PRC - [2011/11/21 20:55:11 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\kmatheson\Desktop\OTL.exe
PRC - [2011/11/12 18:50:20 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/08/03 11:16:48 | 000,024,216 | ---- | M] (PC Pitstop LLC) -- C:\Program Files\PCPitstop\Info Center\InfoCenter.exe
PRC - [2011/06/30 04:01:40 | 003,597,520 | ---- | M] (PC Pitstop, LLC) -- C:\Program Files\PCPitstop\Download Nitro\pcpitstop-nitro.exe
PRC - [2011/05/31 09:20:22 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\real\realplayer\Update\realsched.exe
PRC - [2010/12/15 14:54:44 | 000,316,736 | ---- | M] (C-motech Co.,Ltd) -- C:\Program Files\Sprint\Sprint SmartView\RDVCHG.exe
PRC - [2010/01/11 14:10:52 | 000,082,944 | ---- | M] () -- C:\Program Files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/04/13 17:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/09/19 08:07:28 | 000,827,392 | ---- | M] () -- C:\WINDOWS\vsnpstd3.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/23 11:48:32 | 000,112,128 | ---- | M] () -- C:\WINDOWS\system32\56HFqRge.com_
MOD - [2011/11/23 11:48:32 | 000,112,128 | ---- | M] () -- C:\WINDOWS\system32\56HFqRge.com
MOD - [2011/11/12 18:50:19 | 001,989,592 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/10/24 00:39:54 | 000,071,680 | ---- | M] () -- C:\Documents and Settings\kmatheson\Application Data\Mozilla\Firefox\Profiles\pbi9mty2.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\gecko8\WINNT_x86-msvc\SSSLauncher.dll
MOD - [2011/10/04 23:32:58 | 008,522,400 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2010/02/08 14:55:52 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d2ea8d76f015817db1607075812b555f\System.Windows.Forms.ni.dll
MOD - [2010/02/08 14:55:35 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\abb2ac7e08bee026f857d8fa36f9fe6f\System.Drawing.ni.dll
MOD - [2010/02/08 14:53:55 | 007,868,416 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\3de5bd01124463d7862bd173af90bc83\System.ni.dll
MOD - [2010/02/08 14:53:44 | 011,486,720 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\7124a40b9998f7b63c86bd1a2125ce26\mscorlib.ni.dll
MOD - [2010/01/11 14:10:52 | 000,082,944 | ---- | M] () -- C:\Program Files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
MOD - [2008/06/20 10:46:57 | 000,245,248 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll
MOD - [2008/06/20 10:46:57 | 000,245,248 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll
MOD - [2006/09/19 08:07:28 | 000,827,392 | ---- | M] () -- C:\WINDOWS\vsnpstd3.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (IDriverT)
SRV - [2011/08/03 11:18:06 | 000,091,304 | ---- | M] (PC Pitstop LLC) [On_Demand | Stopped] -- C:\Program Files\PCPitstop\PCPitstopScheduleService.exe -- (PCPitstop Scheduling)
SRV - [2010/12/15 14:54:44 | 000,120,128 | ---- | M] (SmithMicro Inc.) [On_Demand | Stopped] -- C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe -- (SprintRcAppSvc)
SRV - [2010/09/27 13:47:14 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Stopped] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2010/06/25 10:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2010/02/19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/11 14:10:52 | 000,082,944 | ---- | M] () [Auto | Running] -- C:\Program Files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe -- (NvtlService)
SRV - [2009/09/28 02:15:06 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2009/06/18 10:12:40 | 001,025,512 | ---- | M] (Digi International Inc.) [On_Demand | Stopped] -- C:\WINDOWS\system32\dgrpencx.exe -- (DgRpEncx)
SRV - [2009/01/23 00:46:56 | 000,431,472 | ---- | M] (Juniper Networks) [On_Demand | Stopped] -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)
SRV - [2008/04/13 17:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)
SRV - [2008/04/13 17:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP)
SRV - [2008/04/13 17:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (MSFtpsvc)
SRV - [2008/04/13 17:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2006/01/04 23:06:02 | 000,163,840 | ---- | M] (Alex Feinman) [On_Demand | Stopped] -- C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe -- (Imapi Helper)


========== Driver Services (SafeList) ==========

DRV - [2010/12/15 14:38:22 | 000,229,376 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2010/12/15 14:38:14 | 000,018,816 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\tcpipBM.sys -- (tcpipBM)
DRV - [2010/12/15 14:38:10 | 000,038,680 | ---- | M] (PCTEL Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctnullport.sys -- (Nmea)
DRV - [2010/12/15 14:35:56 | 000,032,408 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCTINDIS5.sys -- (PCTINDIS5)
DRV - [2010/09/27 13:50:44 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2010/06/25 10:07:14 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2010/06/01 01:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/05/04 11:50:36 | 000,105,544 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DIFMNET.sys -- (DIFMNET)
DRV - [2010/04/28 12:03:02 | 000,164,552 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DIFMVsp.sys -- (DIFMVsp)
DRV - [2010/04/28 12:03:00 | 000,164,552 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DIFMNVsp.sys -- (DIFMNVsp)
DRV - [2010/04/28 12:03:00 | 000,164,552 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DIFMMdm.sys -- (DIFMMdm)
DRV - [2010/04/28 12:03:00 | 000,164,552 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DIFMCVsp.sys -- (DIFMCVsp)
DRV - [2010/04/28 12:03:00 | 000,056,392 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DIFMBUS.sys -- (DIFMBUS)
DRV - [2010/03/26 21:07:28 | 000,319,488 | ---- | M] (Beceem communications pvt ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\drxvi314.sys -- (bcm)
DRV - [2010/03/26 20:04:24 | 000,051,456 | ---- | M] (Beceem communications pvt ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BcmBusCtr.sys -- (bcmbusctr)
DRV - [2010/01/11 14:11:46 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2009/06/18 10:12:40 | 000,152,376 | ---- | M] (Digi International Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\digirlpt.sys -- (DIGIRPS)
DRV - [2009/01/23 00:27:22 | 000,023,552 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dsNcAdpt.sys -- (dsNcAdpt)
DRV - [2008/12/01 18:39:34 | 000,005,152 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\io.sys -- (io.sys)
DRV - [2008/07/24 17:46:10 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008/06/02 10:42:52 | 001,287,552 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2008/04/13 11:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2007/12/23 16:18:48 | 000,068,696 | ---- | M] (O2Micro) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\oz776.sys -- (guardian2)
DRV - [2007/05/28 11:10:38 | 000,156,416 | ---- | M] (Lumenera Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lucam09e.sys -- (USBLucam09e) Lumenera Camera (09e)
DRV - [2007/05/28 11:10:14 | 000,017,408 | ---- | M] (Lumenera Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\luldr09e.sys -- (luldr09e) Lumenera USB Loader Driver (luldr09e.sys)
DRV - [2007/05/10 09:24:34 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/03/27 17:19:36 | 010,252,544 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\snpstd3.sys -- (SNPSTD3) USB PC Camera (SNPSTD3)
DRV - [2005/10/26 09:01:02 | 000,142,720 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2005/09/28 19:57:18 | 000,113,847 | R--- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2005/09/26 09:44:14 | 000,018,124 | ---- | M] (SofTec Microsystems) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\sftdrv01.sys -- (uDART01)
DRV - [2005/09/02 14:06:35 | 000,042,240 | R--- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2plms.sys -- (ser2plms)
DRV - [2005/08/18 18:22:30 | 000,110,080 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2005/08/10 08:48:28 | 000,329,072 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\windrvr6.sys -- (WinDriver6)
DRV - [2005/05/17 03:51:34 | 000,005,315 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2004/06/04 12:12:10 | 000,379,488 | ---- | M] (NETGEAR, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wg111nd5.sys -- (wg111nd5)
DRV - [2004/03/23 19:12:34 | 000,017,280 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\nsndis5.sys -- (NSNDIS5)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1004336348-1547161642-725345543-1265\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
IE - HKU\S-1-5-21-1004336348-1547161642-725345543-1265\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.bing.com [binary data]
IE - HKU\S-1-5-21-1004336348-1547161642-725345543-1265\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1004336348-1547161642-725345543-1265\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
IE - HKU\S-1-5-21-1004336348-1547161642-725345543-1265\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1004336348-1547161642-725345543-1265\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "TV Bar 1.4 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.startup.homepage: "http://google.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\kmatheson\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\kmatheson\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/05/31 09:20:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/12 18:50:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/21 14:59:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/05/31 09:20:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011/06/21 14:59:09 | 000,000,000 | ---D | M]

[2008/09/26 22:34:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\kmatheson\Application Data\Mozilla\Extensions
[2011/11/12 18:50:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\kmatheson\Application Data\Mozilla\Firefox\Profiles\pbi9mty2.default\extensions
[2011/11/12 18:50:26 | 000,000,000 | ---D | M] (FireShot) -- C:\Documents and Settings\kmatheson\Application Data\Mozilla\Firefox\Profiles\pbi9mty2.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2010/07/09 19:23:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\kmatheson\Application Data\Mozilla\Firefox\Profiles\pbi9mty2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/08/05 11:30:24 | 000,000,000 | ---D | M] (20-20 3D Viewer - IKEA) -- C:\Documents and Settings\kmatheson\Application Data\Mozilla\Firefox\Profiles\pbi9mty2.default\extensions\[email protected]
[2011/11/12 18:50:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/11/12 18:50:20 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/05/26 23:04:02 | 000,155,648 | ---- | M] (Dassault Systèmes SolidWorks Corp.) -- C:\Program Files\mozilla firefox\plugins\npEModelPlugin.dll
[2011/10/03 19:55:45 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/12 18:50:20 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Yahoo! (Enabled)
CHR - default_search_provider: search_url = http://search.yahoo....p={searchTerms}
CHR - default_search_provider: suggest_url = http://ff.search.yah...d={searchTerms}
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\kmatheson\Local Settings\Application Data\Google\Chrome\Application\9.0.597.107\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Documents and Settings\kmatheson\Local Settings\Application Data\Google\Chrome\Application\9.0.597.107\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\kmatheson\Local Settings\Application Data\Google\Chrome\Application\9.0.597.107\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: EModel scriptable Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npEModelPlugin.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\kmatheson\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Documents and Settings\kmatheson\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.50917.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Entanglement = C:\Documents and Settings\kmatheson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.1.1_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\kmatheson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.3_0\
CHR - Extension: Poppit = C:\Documents and Settings\kmatheson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\

O1 HOSTS File: ([2011/11/23 17:48:17 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O3 - HKU\S-1-5-21-1004336348-1547161642-725345543-1265\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Info Center] C:\Program Files\PCPitstop\Info Center\InfoCenter.exe (PC Pitstop LLC)
O4 - HKLM..\Run: [MozillaAgent] C:\WINDOWS\Temp\_ex-68.exe File not found
O4 - HKLM..\Run: [RDVCHG] C:\Program Files\Sprint\Sprint SmartView\RDVCHG.exe (C-motech Co.,Ltd)
O4 - HKLM..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe ()
O4 - HKLM..\Run: [Sprint SmartView] C:\Program Files\Sprint\Sprint SmartView\SprintSV.exe (Sprint)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-1004336348-1547161642-725345543-1265..\Run: [Download Nitro] C:\Program Files\PCPitstop\Download Nitro\pcpitstop-nitro.exe (PC Pitstop, LLC)
O4 - HKU\S-1-5-21-1004336348-1547161642-725345543-1265..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-1004336348-1547161642-725345543-1265..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1004336348-1547161642-725345543-1265\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - Reg Error: Value error. File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - mswsock.dll File not found
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcp...ols/pcmatic.cab (PCPitstop Utility)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.3.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = toncorp.tonservices.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{96BFF13D-E4B3-4F4C-BAD2-653C65FF98F2}: DhcpNameServer = 192.168.0.1 205.171.3.25
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-1004336348-1547161642-725345543-1265 Winlogon: Shell - (explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O20 - Winlogon\Notify\NavLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/09/23 16:14:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{a563f884-3abb-11de-bd39-00059a3c7800}\Shell - "" = AutoRun
O33 - MountPoints2\{a563f884-3abb-11de-bd39-00059a3c7800}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a563f884-3abb-11de-bd39-00059a3c7800}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{dc204e82-66b9-11de-bd3f-001c2320c79b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{dc204e82-66b9-11de-bd3f-001c2320c79b}\Shell\AutoRun\command - "" = E:\autorun.exe
O33 - MountPoints2\{dc204e82-66b9-11de-bd3f-001c2320c79b}\Shell\phone\command - "" = E:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/23 17:45:20 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/11/21 20:55:11 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\kmatheson\Desktop\OTL.exe
[2011/11/21 17:32:27 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/11/21 17:32:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kmatheson\Start Menu\Programs\HiJackThis
[2011/11/20 18:28:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Real
[2011/11/20 16:26:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/11/20 12:53:13 | 000,000,000 | ---D | C] -- C:\Downloads
[2011/11/20 11:55:54 | 000,000,000 | ---D | C] -- C:\f2d6a1ccb26f829d42dde4
[2011/11/20 00:52:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/11/20 00:41:59 | 000,000,000 | ---D | C] -- C:\Program Files\CA945
[2011/11/20 00:41:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kmatheson\Application Data\DC0CA
[2011/11/20 00:41:17 | 000,000,000 | ---D | C] -- C:\Program Files\LP
[2011/11/18 19:41:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Sprint
[2011/11/18 19:40:48 | 000,000,000 | ---D | C] -- C:\Program Files\Novatel Wireless
[2011/11/18 19:40:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sprint
[2011/11/18 09:09:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Bytemobile
[2011/11/18 08:58:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kmatheson\Application Data\Bytemobile
[2011/11/18 08:56:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kmatheson\Application Data\Sprint
[2011/11/18 08:56:38 | 000,017,920 | ---- | C] (Sierra Wireless America, Inc.) -- C:\WINDOWS\System32\apintfnt.dll
[2011/11/18 08:56:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kmatheson\Application Data\Sierra Wireless
[2011/11/18 08:53:15 | 000,000,000 | ---D | C] -- C:\Program Files\Sprint
[2011/11/18 08:53:15 | 000,000,000 | ---D | C] -- C:\Program Files\Sierra Wireless
[2011/11/16 21:54:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kmatheson\My Documents\High-Raw
[2011/11/10 21:41:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2007/03/12 10:41:52 | 000,061,440 | ---- | C] ( ) -- C:\WINDOWS\System32\vsnpstd3.dll
[2005/11/23 11:55:32 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnpstd3.dll

========== Files - Modified Within 30 Days ==========

[2011/11/23 18:10:28 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At38.job
[2011/11/23 18:10:27 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At37.job
[2011/11/23 18:05:42 | 000,487,792 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/23 18:05:42 | 000,087,040 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/11/23 18:04:44 | 000,000,430 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{637E1ED6-C5A7-4CAE-902F-44B1E3812E2D}.job
[2011/11/23 18:02:06 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/23 18:01:47 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1004336348-1547161642-725345543-1265.job
[2011/11/23 18:01:46 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1004336348-1547161642-725345543-1265.job
[2011/11/23 18:01:44 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/23 18:01:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/23 18:01:25 | 2137,120,768 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/23 17:36:01 | 000,000,892 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/23 12:33:13 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/11/23 12:26:00 | 000,000,994 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-1547161642-725345543-1265UA.job
[2011/11/23 12:10:26 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At26.job
[2011/11/23 12:10:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At25.job
[2011/11/23 11:49:09 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\56HFqRge.com.b
[2011/11/23 11:48:34 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\smuk6Gt.dat
[2011/11/23 11:48:32 | 000,112,128 | ---- | M] () -- C:\WINDOWS\System32\56HFqRge.com_
[2011/11/23 11:48:32 | 000,112,128 | ---- | M] () -- C:\WINDOWS\System32\56HFqRge.com
[2011/11/23 11:44:16 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At48.job
[2011/11/23 11:44:16 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At46.job
[2011/11/23 11:44:16 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At44.job
[2011/11/23 11:44:16 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At42.job
[2011/11/23 11:44:16 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At40.job
[2011/11/23 11:44:16 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At36.job
[2011/11/23 11:44:16 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At34.job
[2011/11/23 11:44:16 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At32.job
[2011/11/23 11:44:16 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At30.job
[2011/11/23 11:44:16 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At28.job
[2011/11/23 11:44:16 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2011/11/23 11:44:16 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2011/11/23 11:44:16 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At47.job
[2011/11/23 11:44:16 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At45.job
[2011/11/23 11:44:16 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At43.job
[2011/11/23 11:44:16 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At41.job
[2011/11/23 11:44:16 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At39.job
[2011/11/23 11:44:16 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At35.job
[2011/11/23 11:44:16 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At33.job
[2011/11/23 11:44:16 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At31.job
[2011/11/23 11:44:16 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At29.job
[2011/11/23 11:44:16 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At27.job
[2011/11/23 11:44:16 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2011/11/23 11:44:15 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2011/11/23 11:44:15 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2011/11/23 11:44:15 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2011/11/23 11:44:15 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2011/11/23 11:44:15 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2011/11/23 11:44:15 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2011/11/23 11:44:15 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2011/11/23 11:44:15 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2011/11/23 11:44:15 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2011/11/23 11:44:15 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2011/11/23 11:44:15 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2011/11/23 11:44:15 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2011/11/23 11:44:15 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2011/11/23 11:44:15 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2011/11/23 11:44:15 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2011/11/23 11:44:15 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2011/11/23 11:44:15 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2011/11/23 11:44:15 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2011/11/23 11:44:15 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2011/11/23 11:44:15 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2011/11/23 11:44:15 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2011/11/22 21:26:00 | 000,000,942 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-1547161642-725345543-1265Core.job
[2011/11/21 22:16:42 | 000,158,548 | ---- | M] () -- C:\Documents and Settings\kmatheson\My Documents\How To Drill Glass Nov 2011.pdf
[2011/11/21 20:55:11 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\kmatheson\Desktop\OTL.exe
[2011/11/21 17:32:27 | 000,001,992 | ---- | M] () -- C:\Documents and Settings\kmatheson\Desktop\HiJackThis.lnk
[2011/11/20 12:00:44 | 000,004,730 | ---- | M] () -- C:\Documents and Settings\kmatheson\Application Data\ldr.ini
[2011/11/20 10:42:39 | 000,000,270 | RHS- | M] () -- C:\boot.ini
[2011/11/18 19:41:01 | 000,001,759 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Sprint SmartView.lnk
[2011/11/12 02:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-TONCORP-kmatheson.job
[2011/11/10 21:41:57 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2011/11/03 16:43:12 | 000,000,372 | ---- | M] () -- C:\Documents and Settings\kmatheson\My Documents\spider.sav

========== Files Created - No Company Name ==========

[2011/11/23 12:10:27 | 000,112,128 | ---- | C] () -- C:\WINDOWS\System32\56HFqRge.com
[2011/11/23 11:49:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\56HFqRge.com.b
[2011/11/23 11:44:16 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At48.job
[2011/11/23 11:44:16 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At46.job
[2011/11/23 11:44:16 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At44.job
[2011/11/23 11:44:16 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At42.job
[2011/11/23 11:44:16 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At40.job
[2011/11/23 11:44:16 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At38.job
[2011/11/23 11:44:16 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At36.job
[2011/11/23 11:44:16 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At34.job
[2011/11/23 11:44:16 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At32.job
[2011/11/23 11:44:16 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At47.job
[2011/11/23 11:44:16 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At45.job
[2011/11/23 11:44:16 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At43.job
[2011/11/23 11:44:16 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At41.job
[2011/11/23 11:44:16 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At39.job
[2011/11/23 11:44:16 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At37.job
[2011/11/23 11:44:16 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At35.job
[2011/11/23 11:44:16 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At33.job
[2011/11/23 11:44:16 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\smuk6Gt.dat
[2011/11/23 11:44:15 | 000,112,128 | ---- | C] () -- C:\WINDOWS\System32\56HFqRge.com_
[2011/11/23 11:44:15 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
[2011/11/23 11:44:15 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
[2011/11/23 11:44:15 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2011/11/23 11:44:15 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At30.job
[2011/11/23 11:44:15 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At28.job
[2011/11/23 11:44:15 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At26.job
[2011/11/23 11:44:15 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At24.job
[2011/11/23 11:44:15 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
[2011/11/23 11:44:15 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
[2011/11/23 11:44:15 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2011/11/23 11:44:15 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
[2011/11/23 11:44:15 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
[2011/11/23 11:44:15 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
[2011/11/23 11:44:15 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
[2011/11/23 11:44:15 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
[2011/11/23 11:44:15 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
[2011/11/23 11:44:15 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
[2011/11/23 11:44:15 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2011/11/23 11:44:15 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At31.job
[2011/11/23 11:44:15 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2011/11/23 11:44:15 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At29.job
[2011/11/23 11:44:15 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At27.job
[2011/11/23 11:44:15 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At25.job
[2011/11/23 11:44:15 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
[2011/11/23 11:44:15 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
[2011/11/23 11:44:15 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
[2011/11/23 11:44:15 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
[2011/11/23 11:44:15 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
[2011/11/23 11:44:15 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
[2011/11/23 11:44:15 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
[2011/11/23 11:44:15 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2011/11/21 22:16:42 | 000,158,548 | ---- | C] () -- C:\Documents and Settings\kmatheson\My Documents\How To Drill Glass Nov 2011.pdf
[2011/11/21 17:32:27 | 000,001,992 | ---- | C] () -- C:\Documents and Settings\kmatheson\Desktop\HiJackThis.lnk
[2011/11/20 09:17:07 | 2137,120,768 | -HS- | C] () -- C:\hiberfil.sys
[2011/11/20 00:41:06 | 000,004,730 | ---- | C] () -- C:\Documents and Settings\kmatheson\Application Data\ldr.ini
[2011/11/18 19:41:01 | 000,001,759 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Sprint SmartView.lnk
[2011/11/10 21:41:57 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2011/03/15 10:59:16 | 000,000,061 | ---- | C] () -- C:\WINDOWS\TaxACT10.ini
[2010/09/21 15:33:33 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/09 21:46:50 | 000,000,252 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2010/06/25 10:03:12 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2010/03/26 21:00:56 | 002,031,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\macxvi200.bin
[2010/02/27 12:53:01 | 000,000,061 | ---- | C] () -- C:\WINDOWS\TaxACT09.ini
[2010/02/22 15:43:12 | 000,262,230 | R--- | C] () -- C:\WINDOWS\System32\CCNSMT.dll
[2010/01/11 18:58:08 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2009/09/28 02:15:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\eDrawingOfficeAutomator.INI
[2009/09/14 21:08:06 | 000,000,541 | ---- | C] () -- C:\WINDOWS\mcutools.ini
[2009/09/14 19:18:30 | 000,000,018 | -HS- | C] () -- C:\WINDOWS\WINPROD.DLL
[2009/08/18 10:34:38 | 000,007,909 | ---- | C] () -- C:\WINDOWS\System32\ftpctrs.ini
[2009/06/21 18:56:46 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2009/06/21 18:56:36 | 000,000,116 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2009/06/07 22:31:06 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/01/31 16:25:23 | 000,000,057 | ---- | C] () -- C:\WINDOWS\TaxACT08.ini
[2008/12/05 16:44:06 | 000,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2008/12/05 16:44:04 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2008/12/05 16:42:03 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2008/12/05 16:41:55 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2008/12/05 16:41:12 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2008/12/01 18:45:36 | 000,000,093 | ---- | C] () -- C:\WINDOWS\FreeOffers.ini
[2008/12/01 18:39:34 | 000,005,152 | ---- | C] () -- C:\WINDOWS\System32\drivers\io.sys
[2008/11/17 10:24:56 | 000,019,456 | ---- | C] () -- C:\Documents and Settings\kmatheson\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/31 08:18:05 | 000,000,103 | ---- | C] () -- C:\WINDOWS\System32\hptrace.ini
[2008/10/31 08:17:19 | 000,013,678 | ---- | C] () -- C:\WINDOWS\hpdj5800.ini
[2008/09/24 09:36:11 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/09/24 09:24:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2008/09/24 09:20:00 | 000,002,710 | ---- | C] () -- C:\WINDOWS\pw5.ini
[2008/09/24 09:16:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/09/24 09:05:00 | 000,000,168 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/09/24 07:34:40 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4814.dll
[2008/09/23 16:16:48 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/09/23 16:10:43 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/09/23 10:04:14 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/09/23 10:02:49 | 003,456,264 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/09/04 09:36:58 | 000,180,224 | R--- | C] () -- C:\WINDOWS\System32\SESUA.dll
[2007/08/06 10:07:30 | 000,008,784 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2007/03/16 16:00:00 | 000,003,403 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2006/09/19 08:07:28 | 000,827,392 | ---- | C] () -- C:\WINDOWS\vsnpstd3.exe
[2006/04/20 07:34:24 | 000,193,584 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2005/11/21 18:27:56 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\DialToNhsSvr.dll
[2005/11/21 18:27:54 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\ASPSleep.dll
[2005/08/17 15:05:18 | 000,000,717 | ---- | C] () -- C:\WINDOWS\mdselib.ini
[2004/08/04 05:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 05:00:00 | 000,487,792 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 05:00:00 | 000,087,040 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 05:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 05:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 05:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/05/12 19:56:36 | 000,634,880 | ---- | C] () -- C:\WINDOWS\System32\pemicro_serialcm2.dll
[2004/02/27 15:36:18 | 000,015,498 | ---- | C] () -- C:\WINDOWS\snpstd3.ini
[2003/07/30 08:56:04 | 000,007,749 | ---- | C] () -- C:\WINDOWS\mdsemcu.ini
[2003/06/17 16:20:28 | 000,005,358 | ---- | C] () -- C:\WINDOWS\hpfmdl01.dat
[2003/06/17 16:13:16 | 000,000,332 | ---- | C] () -- C:\WINDOWS\hpfins01.dat
[2000/08/03 12:25:12 | 000,023,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\pedrv.sys
[1998/10/02 09:20:46 | 000,005,200 | ---- | C] () -- C:\WINDOWS\System32\drivers\vichw11.sys
[1996/05/29 16:20:04 | 000,035,072 | ---- | C] () -- C:\WINDOWS\System32\SENDKEY.DLL
[1996/04/03 20:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\drivers\GIVEIO.SYS

========== LOP Check ==========

[2009/09/28 02:16:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DassaultSystemes
[2009/06/04 08:23:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
[2009/03/23 19:04:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2008/09/24 08:57:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lotus
[2008/11/22 23:38:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2011/11/23 18:02:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2011/09/09 14:42:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstopDat
[2011/07/19 22:36:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2010/11/23 13:40:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2011/11/18 19:40:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sprint
[2008/09/24 07:45:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UIB
[2009/05/31 17:01:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2011/11/18 08:58:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kmatheson\Application Data\Bytemobile
[2008/12/31 23:16:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kmatheson\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/09/28 02:16:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kmatheson\Application Data\DassaultSystemes
[2011/11/21 09:48:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kmatheson\Application Data\DC0CA
[2010/11/28 01:02:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kmatheson\Application Data\Driver Smith
[2009/09/28 02:42:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kmatheson\Application Data\EDrawings
[2011/06/19 18:03:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kmatheson\Application Data\FireShot
[2011/11/23 18:15:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kmatheson\Application Data\Free Download Manager
[2011/10/10 18:17:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kmatheson\Application Data\gedit
[2008/11/30 12:14:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kmatheson\Application Data\GetRightToGo
[2009/05/21 09:50:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kmatheson\Application Data\GlarySoft
[2011/10/10 19:48:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kmatheson\Application Data\gtk-2.0
[2010/02/22 16:52:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kmatheson\Application Data\InfraRecorder
[2009/09/22 10:11:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kmatheson\Application Data\Juniper Networks
[2009/10/06 20:22:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kmatheson\Application Data\mjusbsp
[2010/09/19 14:29:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kmatheson\Application Data\MSNInstaller
[2009/02/20 21:05:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kmatheson\Application Data\NCH Swift Sound
[2009/11/25 14:31:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kmatheson\Application Data\PGP
[2008/11/22 23:38:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kmatheson\Application Data\Recordpad
[2009/03/23 18:25:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kmatheson\Application Data\RegSweep
[2010/07/17 13:37:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kmatheson\Application Data\Research In Motion
[2011/11/18 08:56:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kmatheson\Application Data\Sierra Wireless
[2011/11/18 08:56:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kmatheson\Application Data\Sprint
[2008/09/24 13:09:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kmatheson\Application Data\Thunderbird
[2011/11/23 18:04:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kmatheson\Application Data\uTorrent
[2009/08/25 10:46:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kmatheson\Application Data\Wireshark
[2011/11/18 09:09:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Bytemobile
[2010/03/30 10:47:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\support\Application Data\InfraRecorder
[2011/11/23 11:44:15 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2011/11/23 11:44:15 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At10.job
[2011/11/23 11:44:15 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At11.job
[2011/11/23 11:44:15 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At12.job
[2011/11/23 11:44:15 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At13.job
[2011/11/23 11:44:15 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At14.job
[2011/11/23 11:44:15 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At15.job
[2011/11/23 11:44:15 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At16.job
[2011/11/23 11:44:15 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At17.job
[2011/11/23 11:44:15 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At18.job
[2011/11/23 11:44:15 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At19.job
[2011/11/23 11:44:15 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2011/11/23 11:44:15 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At20.job
[2011/11/23 11:44:15 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At21.job
[2011/11/23 11:44:16 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At22.job
[2011/11/23 11:44:16 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At23.job
[2011/11/23 11:44:16 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At24.job
[2011/11/23 12:10:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At25.job
[2011/11/23 12:10:26 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At26.job
[2011/11/23 11:44:16 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At27.job
[2011/11/23 11:44:16 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At28.job
[2011/11/23 11:44:16 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At29.job
[2011/11/23 11:44:15 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
[2011/11/23 11:44:16 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At30.job
[2011/11/23 11:44:16 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At31.job
[2011/11/23 11:44:16 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At32.job
[2011/11/23 11:44:16 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At33.job
[2011/11/23 11:44:16 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At34.job
[2011/11/23 11:44:16 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At35.job
[2011/11/23 11:44:16 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At36.job
[2011/11/23 18:10:27 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At37.job
[2011/11/23 18:10:28 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At38.job
[2011/11/23 11:44:16 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At39.job
[2011/11/23 11:44:15 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job
[2011/11/23 11:44:16 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At40.job
[2011/11/23 11:44:16 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At41.job
[2011/11/23 11:44:16 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At42.job
[2011/11/23 11:44:16 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At43.job
[2011/11/23 11:44:16 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At44.job
[2011/11/23 11:44:16 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At45.job
[2011/11/23 11:44:16 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At46.job
[2011/11/23 11:44:16 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At47.job
[2011/11/23 11:44:16 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At48.job
[2011/11/23 11:44:15 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job
[2011/11/23 11:44:15 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job
[2011/11/23 11:44:15 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job
[2011/11/23 11:44:15 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job
[2011/11/23 11:44:15 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job
[2011/11/23 18:04:44 | 000,000,430 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{637E1ED6-C5A7-4CAE-902F-44B1E3812E2D}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\kmatheson\My Documents\xp pro keys.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\kmatheson\My Documents\Wireless Vendors.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\kmatheson\My Documents\windows_xp_services_that_can_be_disabled.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\kmatheson\My Documents\windows_xp_keyboard_shortcuts.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\kmatheson\My Documents\Watts vs VA.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\kmatheson\My Documents\Walton. KY.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\kmatheson\My Documents\Translux Manual.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\kmatheson\My Documents\sanderson engine development co.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\kmatheson\My Documents\PS.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\kmatheson\My Documents\PCV Jar Here is a device that you can build that will improve your gas mileage by at least 25.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\kmatheson\My Documents\noahproject.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\kmatheson\My Documents\Manually locating all the devices drivers on a Windows system can be a challenging task.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\kmatheson\My Documents\LPG Information Guide1.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\kmatheson\My Documents\knowledgepublications-dot-com-h2-geo-ride.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\kmatheson\My Documents\K-BOX.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\kmatheson\My Documents\Karl's Cover Letter for JP Morgan.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\kmatheson\My Documents\Karl.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\kmatheson\My Documents\JP Morgan Karl's Resume.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\kmatheson\My Documents\ISEwrite II Manual.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\kmatheson\My Documents\In the middle of remodel.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\kmatheson\My Documents\home ip.rtf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\kmatheson\My Documents\hdn.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\kmatheson\My Documents\Harris hd configurationsF.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\kmatheson\My Documents\Hardness1.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\kmatheson\My Documents\harborfreight6coupon.rtf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\kmatheson\My Documents\GORDON B.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\kmatheson\My Documents\financ 8-27-01.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\kmatheson\My Documents\ESR.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\kmatheson\My Documents\energy-savings-guide.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\kmatheson\My Documents\Dragon12_acc.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\kmatheson\My Documents\DLINK.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\kmatheson\My Documents\Direcway Notes.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\kmatheson\My Documents\debit switch numbers.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\kmatheson\My Documents\Dear Dad.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\kmatheson\My Documents\Conference Center.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\kmatheson\My Documents\Cisco config.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\kmatheson\My Documents\Canada Work Permit Form.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\kmatheson\My Documents\Can someone please enlighten me on the subject of fused and non.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\kmatheson\My Documents\Call board installation diagram for plaza without electronics closet.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\kmatheson\My Documents\CabcommOgden.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\kmatheson\My Documents\BuildAWindGenerator.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\kmatheson\My Documents\Build Your Own Electric Car.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\kmatheson\My Documents\BLOCK%20FIVS%20-%202071-SET-F2.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\kmatheson\My Documents\BIOCHEMICAL TERROR ATTACKS ARE LESS DEADLY THAN SCARY.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\kmatheson\My Documents\biick.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\kmatheson\My Documents\Aperto Networks.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\kmatheson\My Documents\Alibre Design License Key.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\kmatheson\My Documents\albtrip.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\kmatheson\My Documents\1909 CONSTRUCTION OF THE TITANIC.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\kmatheson\My Documents\18002384022.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\kmatheson\My Documents\10thingstoanewpc.pdf:Roxio EMC Stream

< End of report >
  • 0

#6
mkarl1

mkarl1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Here is the combofix log. It said it was going to restart but never shut down. I let it sit for an hour then powered down. It seemed to take off running fine (the combofix program) when it came back up.

ComboFix 11-11-23.03 - kmatheson 11/23/2011 19:32:43.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1637 [GMT -7:00]
Running from: c:\documents and settings\kmatheson\My Documents\Downloads\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\Desktop\Desktopblackbird.jpg
c:\documents and settings\Administrator\Desktop\DesktopEditorFKWP1.5.exe
c:\documents and settings\Administrator\Desktop\DesktopEditorFKWP2.0.exe
c:\documents and settings\Administrator\Desktop\Desktopfilemanagerclient.exe
c:\documents and settings\Administrator\Desktop\Desktopfkwp1.5.exe
c:\documents and settings\Administrator\Desktop\Desktopfkwp2.0.exe
c:\documents and settings\Administrator\Desktop\Desktopfwebd.exe
c:\documents and settings\Administrator\Desktop\DesktopFWebdEditor.exe
c:\documents and settings\Administrator\Desktop\DesktopTrojan.Win32.BlackBird.exe
c:\documents and settings\Administrator\Desktop\Desktopvirii
c:\documents and settings\Administrator\Desktop\Desktopvirii\Trojan-Downloader.Win32.Agent.bl.exe
c:\documents and settings\Administrator\Desktop\Desktopvirii\Trojan-Downloader.Win32.Agent.p.exe
c:\documents and settings\Administrator\Desktop\Desktopvirii\Trojan-Downloader.Win32.Agent.r.exe
c:\documents and settings\Administrator\Desktop\Desktopvirii\Trojan-Downloader.Win32.Agent.t.exe
c:\documents and settings\Administrator\Desktop\Desktopvirii\Trojan-Downloader.Win32.Agent.v.exe
c:\documents and settings\kmatheson\Application Data\ldr.ini
c:\documents and settings\kmatheson\Application Data\RegSweep
c:\documents and settings\kmatheson\Application Data\RegSweep\Registry Backups\2009-03-23_19-29-33.reg
c:\documents and settings\kmatheson\g2mdlhlpx.exe
c:\documents and settings\kmatheson\WINDOWS
C:\install.exe
c:\program files\LP
c:\program files\LP\7CBD\33A.tmp
c:\program files\LP\7CBD\33B.tmp
c:\program files\LP\7CBD\55.tmp
c:\program files\LP\7CBD\9B.tmp
c:\windows\$NtUninstallKB19569$
c:\windows\$NtUninstallKB19569$\2961505525\@
c:\windows\$NtUninstallKB19569$\2961505525\bckfg.tmp
c:\windows\$NtUninstallKB19569$\2961505525\cfg.ini
c:\windows\$NtUninstallKB19569$\2961505525\Desktop.ini
c:\windows\$NtUninstallKB19569$\2961505525\keywords
c:\windows\$NtUninstallKB19569$\2961505525\kwrd.dll
c:\windows\$NtUninstallKB19569$\2961505525\L\lmowuboy
c:\windows\$NtUninstallKB19569$\2961505525\lsflt7.ver
c:\windows\$NtUninstallKB19569$\2961505525\U\[email protected]
c:\windows\$NtUninstallKB19569$\2961505525\U\[email protected]
c:\windows\$NtUninstallKB19569$\2961505525\U\[email protected]
c:\windows\$NtUninstallKB19569$\2961505525\U\[email protected]
c:\windows\$NtUninstallKB19569$\2961505525\U\[email protected]
c:\windows\$NtUninstallKB19569$\2961505525\U\[email protected]
c:\windows\$NtUninstallKB19569$\718875111
c:\windows\CSC\d6
c:\windows\dasetup.log
c:\windows\FreeOffers.ini
c:\windows\system32\56HFQR~1.COM
c:\windows\system32\56HFqRge.com
c:\windows\system32\56HFqRge.com_
c:\windows\system32\Cache
c:\windows\Tasks\At1.job
c:\windows\Tasks\At10.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At24.job
c:\windows\Tasks\At25.job
c:\windows\Tasks\At26.job
c:\windows\Tasks\At27.job
c:\windows\Tasks\At28.job
c:\windows\Tasks\At29.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At30.job
c:\windows\Tasks\At31.job
c:\windows\Tasks\At32.job
c:\windows\Tasks\At33.job
c:\windows\Tasks\At34.job
c:\windows\Tasks\At35.job
c:\windows\Tasks\At36.job
c:\windows\Tasks\At37.job
c:\windows\Tasks\At38.job
c:\windows\Tasks\At39.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At40.job
c:\windows\Tasks\At41.job
c:\windows\Tasks\At42.job
c:\windows\Tasks\At43.job
c:\windows\Tasks\At44.job
c:\windows\Tasks\At45.job
c:\windows\Tasks\At46.job
c:\windows\Tasks\At47.job
c:\windows\Tasks\At48.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At9.job
.
Infected copy of c:\windows\system32\drivers\serial.sys was found and disinfected
Restored copy from - The cat found it :)
.
((((((((((((((((((((((((( Files Created from 2011-10-24 to 2011-11-24 )))))))))))))))))))))))))))))))
.
.
2011-11-24 01:35 . 2008-04-13 19:15 64512 ----a-w- c:\windows\system32\drivers\serial.sys
2011-11-24 00:45 . 2011-11-24 00:45 -------- d-----w- C:\_OTL
2011-11-23 19:31 . 2011-11-23 19:31 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2011-11-22 00:32 . 2011-11-22 00:32 388096 ----a-r- c:\documents and settings\kmatheson\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-11-22 00:32 . 2011-11-22 00:32 -------- d-----w- c:\program files\Trend Micro
2011-11-20 19:53 . 2011-11-20 19:53 -------- d-----w- C:\Downloads
2011-11-20 18:55 . 2011-11-20 18:55 -------- d-----w- C:\f2d6a1ccb26f829d42dde4
2011-11-20 07:41 . 2011-11-21 16:47 -------- d-----w- c:\program files\CA945
2011-11-20 07:41 . 2011-11-21 16:48 -------- d-----w- c:\documents and settings\kmatheson\Application Data\DC0CA
2011-11-19 02:40 . 2011-11-19 02:40 -------- d-----w- c:\program files\Novatel Wireless
2011-11-19 02:40 . 2011-11-19 02:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Sprint
2011-11-18 16:09 . 2011-11-18 16:09 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Bytemobile
2011-11-18 15:58 . 2011-11-18 15:58 -------- d-----w- c:\documents and settings\kmatheson\Application Data\Bytemobile
2011-11-18 15:56 . 2011-11-18 15:56 -------- d-----w- c:\documents and settings\kmatheson\Application Data\Sprint
2011-11-18 15:56 . 2005-03-15 18:11 17920 ----a-w- c:\windows\system32\apintfnt.dll
2011-11-18 15:56 . 2011-11-18 15:56 -------- d-----w- c:\documents and settings\kmatheson\Application Data\Sierra Wireless
2011-11-18 15:53 . 2011-11-19 02:40 -------- d-----w- c:\program files\Sierra Wireless
2011-11-18 15:53 . 2011-11-18 15:53 -------- d-----w- c:\program files\Sprint
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-05 06:32 . 2011-05-31 16:18 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-13 01:50 . 2011-04-30 06:46 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cdloader"="c:\documents and settings\kmatheson\Application Data\mjusbsp\cdloader2.exe" [2009-08-01 50520]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-03-30 399736]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Download Nitro"="c:\program files\PCPitstop\Download Nitro\pcpitstop-nitro.exe" [2011-06-30 3597520]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-19 827392]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-05-31 273544]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432]
"Info Center"="c:\program files\PCPitstop\Info Center\InfoCenter.exe" [2011-08-03 24216]
"Sprint SmartView"="c:\program files\Sprint\Sprint SmartView\SprintSV.exe" [2010-12-15 75072]
"RDVCHG"="c:\program files\Sprint\Sprint SmartView\RDVCHG.exe" [2010-12-15 316736]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2010-09-27 20:49 87424 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1004336348-1547161642-725345543-1127\Scripts\Logoff\0\0]
"Script"=\\commdc1\NETLOGON\weblogoff.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1004336348-1547161642-725345543-1127\Scripts\Logon\0\0]
"Script"=\\commdc1\NETLOGON\weblogon.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1004336348-1547161642-725345543-1214\Scripts\Logoff\0\0]
"Script"=\\commdc1\NETLOGON\weblogoff.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1004336348-1547161642-725345543-1214\Scripts\Logon\0\0]
"Script"=\\commdc1\NETLOGON\weblogon.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1004336348-1547161642-725345543-3646\Scripts\Logoff\0\0]
"Script"=\\commdc1\NETLOGON\weblogoff.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1004336348-1547161642-725345543-3646\Scripts\Logon\0\0]
"Script"=\\commdc1\NETLOGON\weblogon.bat
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Desktop Manager.lnk]
backup=c:\windows\pss\Desktop Manager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VPN Client.lnk]
backup=c:\windows\pss\VPN Client.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-09-07 22:58 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2005-10-07 20:13 176128 -c--a-r- c:\program files\Apoint\Apoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeviceDiscovery]
2003-05-22 00:37 229437 -c--a-w- c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2007-03-31 02:00 162584 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2003-06-25 17:24 49152 -c--a-w- c:\program files\Hewlett-Packard\HP Software Update\hpwuSchd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-05-27 03:06 4351216 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2007-03-31 01:59 138008 ----a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-30 00:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Qwest Personal Digital Vault]
2008-12-31 22:33 1063952 -c--a-w- c:\program files\Qwest Personal Digital Vault\QwestPersonalDigitalVault.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2007-05-10 16:22 405504 -c--a-w- c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-06-02 17:56 24264488 -c--a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-06-10 10:27 144784 -c--a-w- c:\program files\Java\jre1.6.0_07\bin\jusched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\kmatheson\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=
"c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
"c:\\WINDOWS\\system32\\javaw.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R2 io.sys;IO.DLL Driver;c:\windows\system32\drivers\io.sys [12/1/2008 6:39 PM 5152]
R2 NvtlService;NovaCore SDK Service;c:\program files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe [1/11/2010 2:10 PM 82944]
R3 DIGIRPS;Digi RealPort Driver;c:\windows\system32\drivers\digirlpt.sys [9/1/2009 10:24 AM 152376]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [10/12/2010 9:56 AM 374152]
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\LogMeIn\x86\RaInfo.sys --> c:\program files\LogMeIn\x86\RaInfo.sys [?]
S2 uDART01;SofTec Microsystems USB Driver;c:\windows\system32\drivers\sftdrv01.sys [9/26/2005 9:44 AM 18124]
S3 bcm;WiMAX Network Adapter;c:\windows\system32\drivers\drxvi314.sys [3/26/2010 9:07 PM 319488]
S3 bcmbusctr;WiMAX Bus Driver;c:\windows\system32\drivers\BcmBusCtr.sys [3/26/2010 9:04 PM 51456]
S3 DgRpEncx;Digi RealPort Network Service;c:\windows\system32\dgrpencx.exe [9/1/2009 10:24 AM 1025512]
S3 DIFMBUS;Franklin EVDO USB Modem Composite Device Driver;c:\windows\system32\drivers\DIFMBUS.sys [4/28/2010 12:03 PM 56392]
S3 DIFMCVsp;Franklin EVDO USB Modem CM Port;c:\windows\system32\drivers\DIFMCVsp.sys [4/28/2010 12:03 PM 164552]
S3 DIFMMdm;Franklin EVDO USB Modem;c:\windows\system32\drivers\DIFMMdm.sys [4/28/2010 12:03 PM 164552]
S3 DIFMNET;Franklin EVDO USB Modem Network Adapter;c:\windows\system32\drivers\DIFMNET.sys [5/4/2010 11:50 AM 105544]
S3 DIFMNVsp;Franklin EVDO USB Modem NMEA Port Serial Port;c:\windows\system32\drivers\DIFMNVsp.sys [4/28/2010 12:03 PM 164552]
S3 DIFMVsp;Franklin EVDO USB Modem Diagnostics Port;c:\windows\system32\drivers\DIFMVsp.sys [4/28/2010 12:03 PM 164552]
S3 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/18/2009 10:46 PM 133104]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [10/18/2009 10:46 PM 133104]
S3 luldr09e;Lumenera USB Loader Driver (luldr09e.sys);c:\windows\system32\drivers\luldr09e.sys [2/26/2010 5:33 PM 17408]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [6/25/2010 10:07 AM 35088]
S3 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\PCPitstop\PCPitstopScheduleService.exe [9/9/2011 2:01 PM 91304]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 12:37 PM 517096]
S3 USBLucam09e;Lumenera Camera (09e);c:\windows\system32\drivers\lucam09e.sys [2/26/2010 5:33 PM 156416]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/4/2004 5:00 AM 14336]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - BMLoad
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 10:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-12 c:\windows\Tasks\AdobeAAMUpdater-1.0-TONCORP-kmatheson.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2011-07-20 09:44]
.
2011-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-19 05:46]
.
2011-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-19 05:46]
.
2011-11-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-1547161642-725345543-1265Core.job
- c:\documents and settings\kmatheson\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-11-01 16:06]
.
2011-11-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-1547161642-725345543-1265UA.job
- c:\documents and settings\kmatheson\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-11-01 16:06]
.
2011-11-24 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1004336348-1547161642-725345543-1265.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 16:47]
.
2011-11-24 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1004336348-1547161642-725345543-1265.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 16:47]
.
2011-11-24 c:\windows\Tasks\User_Feed_Synchronization-{637E1ED6-C5A7-4CAE-902F-44B1E3812E2D}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 10:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://msn.com/
uInternet Settings,ProxyOverride = <local>
TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
FF - ProfilePath - c:\documents and settings\kmatheson\Application Data\Mozilla\Firefox\Profiles\pbi9mty2.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2320606&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://google.com
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
Notify-NavLogon - (no file)
MSConfigStartUp-BlackBerryAutoUpdate - c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
MSConfigStartUp-ISUSPM - c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
MSConfigStartUp-LogMeIn GUI - c:\program files\LogMeIn\x86\LogMeInSystray.exe
MSConfigStartUp-RoxWatchTray - c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
MSConfigStartUp-TkBellExe - c:\program files\Common Files\Real\Update_OB\realsched.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-23 19:50
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2d,a1,86,ae,af,0b,12,41,95,f1,36,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2d,a1,86,ae,af,0b,12,41,95,f1,36,\
.
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(780)
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
- - - - - - - > 'explorer.exe'(3760)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\SCardSvr.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\windows\System32\snmp.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
.
**************************************************************************
.
Completion time: 2011-11-23 19:57:23 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-24 02:57
.
Pre-Run: 9,165,004,800 bytes free
Post-Run: 9,799,262,208 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
C:\wubildr.mbr="Ubuntu"
[spybotsd]
timeout.old=30
.
- - End Of File - - 7F9ED092AC711409E9DDA95CF8DA0D39
  • 0

#7
mkarl1

mkarl1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
I ran the tdsskiller, it found 9 threats but none of them had the cure option. It did not ask to reboot and did not create a log. Karl
  • 0

#8
mkarl1

mkarl1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Sorry steve. I found a 'report' button on the tdsskiller screen but not in my c: drive. here it is.

20:17:49.0390 3456 TDSS rootkit removing tool 2.6.20.0 Nov 22 2011 12:05:55
20:17:50.0031 3456 ============================================================
20:17:50.0031 3456 Current date / time: 2011/11/23 20:17:50.0031
20:17:50.0031 3456 SystemInfo:
20:17:50.0031 3456
20:17:50.0031 3456 OS Version: 5.1.2600 ServicePack: 3.0
20:17:50.0031 3456 Product type: Workstation
20:17:50.0031 3456 ComputerName: KARLITO
20:17:50.0031 3456 UserName: kmatheson
20:17:50.0031 3456 Windows directory: C:\WINDOWS
20:17:50.0031 3456 System windows directory: C:\WINDOWS
20:17:50.0031 3456 Processor architecture: Intel x86
20:17:50.0031 3456 Number of processors: 2
20:17:50.0031 3456 Page size: 0x1000
20:17:50.0031 3456 Boot type: Normal boot
20:17:50.0031 3456 ============================================================
20:17:50.0750 3456 Initialize success
20:20:16.0312 2472 ============================================================
20:20:16.0312 2472 Scan started
20:20:16.0312 2472 Mode: Manual; SigCheck; TDLFS;
20:20:16.0312 2472 ============================================================
20:20:16.0781 2472 Abiosdsk - ok
20:20:16.0796 2472 abp480n5 - ok
20:20:16.0906 2472 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:20:17.0343 2472 ACPI - ok
20:20:17.0625 2472 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
20:20:17.0718 2472 ACPIEC - ok
20:20:17.0812 2472 adpu160m - ok
20:20:18.0046 2472 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
20:20:18.0250 2472 aec - ok
20:20:18.0375 2472 AegisP (30bb1bde595ca65fd5549462080d94e5) C:\WINDOWS\system32\DRIVERS\AegisP.sys
20:20:18.0406 2472 AegisP ( UnsignedFile.Multi.Generic ) - warning
20:20:18.0406 2472 AegisP - detected UnsignedFile.Multi.Generic (1)
20:20:18.0578 2472 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
20:20:18.0656 2472 AFD - ok
20:20:18.0703 2472 Aha154x - ok
20:20:18.0718 2472 aic78u2 - ok
20:20:18.0718 2472 aic78xx - ok
20:20:18.0734 2472 AliIde - ok
20:20:18.0781 2472 amsint - ok
20:20:18.0906 2472 ApfiltrService (090880e9bf20f928bc341f96d27c019e) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
20:20:19.0000 2472 ApfiltrService - ok
20:20:19.0187 2472 asc - ok
20:20:19.0203 2472 asc3350p - ok
20:20:19.0218 2472 asc3550 - ok
20:20:19.0281 2472 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:20:19.0468 2472 AsyncMac - ok
20:20:19.0578 2472 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
20:20:19.0718 2472 atapi - ok
20:20:19.0875 2472 Atdisk - ok
20:20:19.0953 2472 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:20:20.0078 2472 Atmarpc - ok
20:20:20.0156 2472 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
20:20:20.0281 2472 audstub - ok
20:20:20.0468 2472 b57w2k (c0acd392ece55784884cc208aafa06ce) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
20:20:20.0531 2472 b57w2k - ok
20:20:20.0609 2472 bcm (54c533ae49cdf9c4630e80379a1090fe) C:\WINDOWS\system32\DRIVERS\drxvi314.sys
20:20:20.0671 2472 bcm - ok
20:20:20.0796 2472 BCM43XX (9208c78bd9283f79a30252ad954c77a2) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
20:20:20.0953 2472 BCM43XX - ok
20:20:21.0109 2472 bcmbusctr (44a70e32615770a4ec60e0267c0c8408) C:\WINDOWS\system32\DRIVERS\BcmBusCtr.sys
20:20:21.0187 2472 bcmbusctr - ok
20:20:21.0359 2472 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
20:20:21.0515 2472 Beep - ok
20:20:21.0656 2472 BMLoad (98f4630b5867d911ad6eae79874bf5e6) C:\WINDOWS\system32\drivers\BMLoad.sys
20:20:21.0671 2472 BMLoad ( UnsignedFile.Multi.Generic ) - warning
20:20:21.0671 2472 BMLoad - detected UnsignedFile.Multi.Generic (1)
20:20:21.0687 2472 catchme - ok
20:20:21.0781 2472 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
20:20:21.0921 2472 cbidf2k - ok
20:20:22.0078 2472 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
20:20:22.0171 2472 CCDECODE - ok
20:20:22.0281 2472 cd20xrnt - ok
20:20:22.0328 2472 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
20:20:22.0453 2472 Cdaudio - ok
20:20:22.0640 2472 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
20:20:22.0781 2472 Cdfs - ok
20:20:23.0046 2472 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:20:23.0125 2472 Cdrom - ok
20:20:23.0125 2472 Changer - ok
20:20:23.0218 2472 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
20:20:23.0359 2472 CmBatt - ok
20:20:23.0453 2472 CmdIde - ok
20:20:23.0687 2472 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
20:20:23.0812 2472 Compbatt - ok
20:20:23.0906 2472 Cpqarray - ok
20:20:24.0093 2472 CVirtA (5c706c06c1279952d2cc1a609ca948bf) C:\WINDOWS\system32\DRIVERS\CVirtA.sys
20:20:24.0140 2472 CVirtA - ok
20:20:24.0140 2472 dac2w2k - ok
20:20:24.0156 2472 dac960nt - ok
20:20:24.0265 2472 DIFMBUS (3a3b89d0b10a24cc031f98d2afdca5ce) C:\WINDOWS\system32\DRIVERS\DIFMBUS.sys
20:20:24.0296 2472 DIFMBUS - ok
20:20:24.0390 2472 DIFMCVsp (2ac5571844e89e2acfee99a79eb7dab9) C:\WINDOWS\system32\DRIVERS\DIFMCVsp.sys
20:20:24.0390 2472 DIFMCVsp - ok
20:20:24.0421 2472 DIFMMdm (daa170e853a84d01516a75de8b96ac9a) C:\WINDOWS\system32\DRIVERS\DIFMMdm.sys
20:20:24.0421 2472 DIFMMdm - ok
20:20:24.0437 2472 DIFMNET (d1563cf53d3347a40d548f2b7c209d9f) C:\WINDOWS\system32\DRIVERS\DIFMNET.sys
20:20:24.0453 2472 DIFMNET - ok
20:20:24.0453 2472 DIFMNVsp (6f847c47daf9ab1cc06e85778877ff0c) C:\WINDOWS\system32\DRIVERS\DIFMNVsp.sys
20:20:24.0468 2472 DIFMNVsp - ok
20:20:24.0500 2472 DIFMVsp (d1a8366667c084c23673707d7af0dc3d) C:\WINDOWS\system32\DRIVERS\DIFMVsp.sys
20:20:24.0515 2472 DIFMVsp - ok
20:20:24.0562 2472 DIGIRPS (a262c2201d8b8840b84b6713428cd2a6) C:\WINDOWS\system32\DRIVERS\digirlpt.sys
20:20:24.0562 2472 DIGIRPS - ok
20:20:24.0671 2472 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
20:20:24.0812 2472 Disk - ok
20:20:25.0062 2472 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
20:20:25.0203 2472 dmboot - ok
20:20:25.0234 2472 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
20:20:25.0359 2472 dmio - ok
20:20:25.0625 2472 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
20:20:25.0734 2472 dmload - ok
20:20:25.0921 2472 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
20:20:26.0078 2472 DMusic - ok
20:20:26.0328 2472 DNE (2eddbb3ef1dd5a28cb07c149d36e7286) C:\WINDOWS\system32\DRIVERS\dne2000.sys
20:20:26.0375 2472 DNE - ok
20:20:26.0468 2472 dpti2o - ok
20:20:26.0578 2472 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
20:20:26.0703 2472 drmkaud - ok
20:20:26.0843 2472 dsNcAdpt (4823163c246868863d41a2f5ee06a21e) C:\WINDOWS\system32\DRIVERS\dsNcAdpt.sys
20:20:26.0890 2472 dsNcAdpt - ok
20:20:27.0265 2472 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
20:20:27.0281 2472 eeCtrl - ok
20:20:27.0593 2472 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
20:20:27.0781 2472 Fastfat - ok
20:20:27.0875 2472 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
20:20:28.0015 2472 Fdc - ok
20:20:28.0125 2472 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
20:20:28.0265 2472 Fips - ok
20:20:28.0390 2472 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
20:20:28.0531 2472 Flpydisk - ok
20:20:28.0703 2472 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
20:20:28.0843 2472 FltMgr - ok
20:20:28.0953 2472 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:20:29.0093 2472 Fs_Rec - ok
20:20:29.0250 2472 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:20:29.0390 2472 Ftdisk - ok
20:20:29.0687 2472 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:20:29.0828 2472 Gpc - ok
20:20:30.0031 2472 guardian2 (c0bdab85f3e8b2138c513255e2bcc4d8) C:\WINDOWS\system32\Drivers\oz776.sys
20:20:30.0031 2472 guardian2 - ok
20:20:30.0171 2472 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
20:20:30.0312 2472 HDAudBus - ok
20:20:30.0375 2472 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:20:30.0515 2472 HidUsb - ok
20:20:30.0531 2472 hpn - ok
20:20:30.0640 2472 HSF_DPV (e8ec1767ea315a39a0dd8989952ca0e9) C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys
20:20:30.0734 2472 HSF_DPV - ok
20:20:30.0796 2472 HSXHWAZL (61478fa42ee04562e7f11f4dca87e9c8) C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys
20:20:30.0859 2472 HSXHWAZL - ok
20:20:31.0000 2472 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
20:20:31.0093 2472 HTTP - ok
20:20:31.0140 2472 i2omgmt - ok
20:20:31.0265 2472 i2omp - ok
20:20:31.0406 2472 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:20:31.0546 2472 i8042prt - ok
20:20:32.0015 2472 ialm (e8c7cc369c2fb657e0792af70df529e6) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
20:20:32.0546 2472 ialm - ok
20:20:32.0671 2472 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
20:20:32.0812 2472 Imapi - ok
20:20:32.0921 2472 ini910u - ok
20:20:32.0937 2472 IntelIde - ok
20:20:33.0046 2472 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
20:20:33.0140 2472 intelppm - ok
20:20:33.0343 2472 io.sys (5e333b8c20fb4a48c8ca3cf3489cd235) C:\WINDOWS\system32\drivers\io.sys
20:20:33.0390 2472 io.sys ( UnsignedFile.Multi.Generic ) - warning
20:20:33.0390 2472 io.sys - detected UnsignedFile.Multi.Generic (1)
20:20:33.0406 2472 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
20:20:33.0531 2472 Ip6Fw - ok
20:20:33.0687 2472 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:20:33.0812 2472 IpFilterDriver - ok
20:20:34.0078 2472 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:20:34.0187 2472 IpInIp - ok
20:20:34.0296 2472 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:20:34.0437 2472 IpNat - ok
20:20:34.0734 2472 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:20:34.0875 2472 IPSec - ok
20:20:35.0015 2472 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
20:20:35.0125 2472 IRENUM - ok
20:20:35.0218 2472 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:20:35.0375 2472 isapnp - ok
20:20:35.0671 2472 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:20:35.0812 2472 Kbdclass - ok
20:20:35.0921 2472 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
20:20:36.0031 2472 kmixer - ok
20:20:36.0156 2472 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
20:20:36.0234 2472 KSecDD - ok
20:20:36.0250 2472 lbrtfdc - ok
20:20:36.0453 2472 LMIInfo - ok
20:20:36.0562 2472 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\lmimirr.sys
20:20:36.0562 2472 lmimirr - ok
20:20:36.0578 2472 LMIRfsClientNP - ok
20:20:36.0593 2472 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
20:20:36.0609 2472 LMIRfsDriver - ok
20:20:36.0671 2472 luldr09e (1afb379d8273db0083ad0bfef3ba43db) C:\WINDOWS\system32\Drivers\luldr09e.sys
20:20:36.0703 2472 luldr09e ( UnsignedFile.Multi.Generic ) - warning
20:20:36.0703 2472 luldr09e - detected UnsignedFile.Multi.Generic (1)
20:20:36.0781 2472 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
20:20:36.0828 2472 mdmxsdk - ok
20:20:37.0031 2472 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
20:20:37.0140 2472 mnmdd - ok
20:20:37.0328 2472 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
20:20:37.0468 2472 Modem - ok
20:20:37.0468 2472 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:20:37.0578 2472 Mouclass - ok
20:20:37.0718 2472 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:20:37.0828 2472 mouhid - ok
20:20:38.0109 2472 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
20:20:38.0281 2472 MountMgr - ok
20:20:38.0296 2472 mraid35x - ok
20:20:38.0312 2472 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:20:38.0437 2472 MRxDAV - ok
20:20:38.0687 2472 MRxSmb (421f7b922cec5a5f340e7574a98f7b7c) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:20:38.0781 2472 MRxSmb - ok
20:20:38.0921 2472 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
20:20:39.0109 2472 Msfs - ok
20:20:39.0265 2472 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:20:39.0375 2472 MSKSSRV - ok
20:20:39.0625 2472 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:20:39.0765 2472 MSPCLOCK - ok
20:20:40.0031 2472 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
20:20:40.0218 2472 MSPQM - ok
20:20:40.0343 2472 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:20:40.0500 2472 mssmbios - ok
20:20:40.0703 2472 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
20:20:40.0812 2472 MSTEE - ok
20:20:41.0015 2472 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
20:20:41.0125 2472 Mup - ok
20:20:41.0203 2472 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
20:20:41.0390 2472 NABTSFEC - ok
20:20:41.0718 2472 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
20:20:41.0921 2472 NDIS - ok
20:20:42.0078 2472 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
20:20:42.0187 2472 NdisIP - ok
20:20:42.0468 2472 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:20:42.0671 2472 NdisTapi - ok
20:20:42.0765 2472 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:20:42.0906 2472 Ndisuio - ok
20:20:43.0171 2472 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:20:43.0390 2472 NdisWan - ok
20:20:43.0484 2472 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
20:20:43.0687 2472 NDProxy - ok
20:20:43.0968 2472 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
20:20:44.0093 2472 NetBIOS - ok
20:20:44.0203 2472 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
20:20:44.0406 2472 NetBT - ok
20:20:44.0546 2472 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
20:20:44.0687 2472 nm - ok
20:20:44.0812 2472 Nmea (b0d5188e282dc4edae7020f333427bc8) C:\WINDOWS\system32\DRIVERS\pctnullport.sys
20:20:44.0828 2472 Nmea - ok
20:20:44.0890 2472 NPF (b48dc6abcd3aeff8618350ccbdc6b09a) C:\WINDOWS\system32\drivers\npf.sys
20:20:44.0890 2472 NPF - ok
20:20:45.0031 2472 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
20:20:45.0171 2472 Npfs - ok
20:20:45.0265 2472 NSNDIS5 (53f7546e8daefb3a0813f5e19c4613c9) C:\WINDOWS\system32\NSNDIS5.SYS
20:20:45.0296 2472 NSNDIS5 ( UnsignedFile.Multi.Generic ) - warning
20:20:45.0296 2472 NSNDIS5 - detected UnsignedFile.Multi.Generic (1)
20:20:45.0359 2472 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
20:20:45.0484 2472 Ntfs - ok
20:20:45.0640 2472 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
20:20:45.0843 2472 Null - ok
20:20:45.0984 2472 NWADI (93213c7ec08e01e37a935bf144e75df6) C:\WINDOWS\system32\DRIVERS\NWADIenum.sys
20:20:46.0062 2472 NWADI - ok
20:20:46.0093 2472 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:20:46.0218 2472 NwlnkFlt - ok
20:20:46.0234 2472 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:20:46.0328 2472 NwlnkFwd - ok
20:20:46.0531 2472 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
20:20:46.0718 2472 Parport - ok
20:20:47.0000 2472 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
20:20:47.0203 2472 PartMgr - ok
20:20:47.0343 2472 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
20:20:47.0531 2472 ParVdm - ok
20:20:47.0750 2472 PCASp50 (1961590aa191b6b7dcf18a6a693af7b8) C:\WINDOWS\system32\Drivers\PCASp50.sys
20:20:47.0765 2472 PCASp50 - ok
20:20:47.0906 2472 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
20:20:48.0046 2472 PCI - ok
20:20:48.0140 2472 PCIDump - ok
20:20:48.0250 2472 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
20:20:48.0390 2472 PCIIde - ok
20:20:48.0656 2472 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
20:20:48.0796 2472 Pcmcia - ok
20:20:48.0937 2472 PCTINDIS5 (1e715247efffdda938c085913045d599) C:\WINDOWS\system32\PCTINDIS5.SYS
20:20:48.0953 2472 PCTINDIS5 - ok
20:20:49.0000 2472 PDCOMP - ok
20:20:49.0015 2472 PDFRAME - ok
20:20:49.0031 2472 PDRELI - ok
20:20:49.0046 2472 PDRFRAME - ok
20:20:49.0046 2472 perc2 - ok
20:20:49.0062 2472 perc2hib - ok
20:20:49.0203 2472 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:20:49.0343 2472 PptpMiniport - ok
20:20:49.0640 2472 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
20:20:49.0781 2472 PSched - ok
20:20:49.0890 2472 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:20:50.0031 2472 Ptilink - ok
20:20:50.0125 2472 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
20:20:50.0140 2472 PxHelp20 - ok
20:20:50.0187 2472 ql1080 - ok
20:20:50.0203 2472 Ql10wnt - ok
20:20:50.0203 2472 ql12160 - ok
20:20:50.0218 2472 ql1240 - ok
20:20:50.0234 2472 ql1280 - ok
20:20:50.0328 2472 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:20:50.0468 2472 RasAcd - ok
20:20:50.0671 2472 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:20:50.0812 2472 Rasl2tp - ok
20:20:51.0093 2472 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:20:51.0234 2472 RasPppoe - ok
20:20:51.0359 2472 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
20:20:51.0484 2472 Raspti - ok
20:20:51.0812 2472 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:20:51.0953 2472 Rdbss - ok
20:20:51.0953 2472 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:20:52.0062 2472 RDPCDD - ok
20:20:52.0250 2472 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
20:20:52.0390 2472 rdpdr - ok
20:20:52.0656 2472 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
20:20:52.0828 2472 RDPWD - ok
20:20:53.0125 2472 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
20:20:53.0328 2472 redbook - ok
20:20:53.0531 2472 RimUsb - ok
20:20:53.0578 2472 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
20:20:53.0625 2472 RimVSerPort - ok
20:20:53.0687 2472 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
20:20:53.0843 2472 ROOTMODEM - ok
20:20:54.0125 2472 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:20:54.0281 2472 Secdrv - ok
20:20:54.0593 2472 ser2plms (227df2e68510d25462ee80136722374e) C:\WINDOWS\system32\DRIVERS\ser2plms.sys
20:20:54.0656 2472 ser2plms - ok
20:20:54.0796 2472 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
20:20:54.0984 2472 serenum - ok
20:20:55.0140 2472 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
20:20:55.0265 2472 Serial - ok
20:20:55.0593 2472 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
20:20:55.0843 2472 Sfloppy - ok
20:20:55.0843 2472 Simbad - ok
20:20:55.0890 2472 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
20:20:56.0015 2472 SLIP - ok
20:20:56.0281 2472 SNPSTD3 (11bb0e11d42cc3a43d741d9b30839be1) C:\WINDOWS\system32\DRIVERS\snpstd3.sys
20:20:56.0984 2472 SNPSTD3 - ok
20:20:57.0187 2472 Sparrow - ok
20:20:57.0281 2472 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
20:20:57.0484 2472 splitter - ok
20:20:57.0625 2472 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
20:20:57.0734 2472 sr - ok
20:20:58.0000 2472 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
20:20:58.0109 2472 Srv - ok
20:20:58.0421 2472 STHDA (951801dfb54d86f611f0af47825476f9) C:\WINDOWS\system32\drivers\sthda.sys
20:20:58.0531 2472 STHDA - ok
20:20:58.0578 2472 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
20:20:58.0765 2472 streamip - ok
20:20:59.0062 2472 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
20:20:59.0265 2472 swenum - ok
20:20:59.0328 2472 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
20:20:59.0468 2472 swmidi - ok
20:20:59.0671 2472 symc810 - ok
20:20:59.0671 2472 symc8xx - ok
20:20:59.0687 2472 sym_hi - ok
20:20:59.0703 2472 sym_u3 - ok
20:20:59.0828 2472 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
20:21:00.0015 2472 sysaudio - ok
20:21:00.0250 2472 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:21:00.0343 2472 Tcpip - ok
20:21:00.0421 2472 tcpipBM (4bed0c7fdf414d1bd26bf33ea673ca49) C:\WINDOWS\system32\drivers\tcpipBM.sys
20:21:00.0453 2472 tcpipBM ( UnsignedFile.Multi.Generic ) - warning
20:21:00.0453 2472 tcpipBM - detected UnsignedFile.Multi.Generic (1)
20:21:00.0531 2472 TcUsb (5ca437a08509fb7ecf843480fc1232e2) C:\WINDOWS\system32\Drivers\tcusb.sys
20:21:00.0531 2472 TcUsb - ok
20:21:00.0609 2472 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
20:21:00.0781 2472 TDPIPE - ok
20:21:00.0921 2472 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
20:21:01.0046 2472 TDTCP - ok
20:21:01.0328 2472 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
20:21:01.0515 2472 TermDD - ok
20:21:01.0687 2472 TosIde - ok
20:21:01.0812 2472 uDART01 (5870d22eac314ca4d206b49d76869eae) C:\WINDOWS\system32\Drivers\sftdrv01.sys
20:21:01.0812 2472 uDART01 ( UnsignedFile.Multi.Generic ) - warning
20:21:01.0812 2472 uDART01 - detected UnsignedFile.Multi.Generic (1)
20:21:01.0921 2472 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
20:21:02.0062 2472 Udfs - ok
20:21:02.0187 2472 ultra - ok
20:21:02.0421 2472 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
20:21:02.0640 2472 Update - ok
20:21:02.0875 2472 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
20:21:03.0000 2472 usbaudio - ok
20:21:03.0156 2472 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:21:03.0312 2472 usbccgp - ok
20:21:03.0609 2472 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:21:03.0796 2472 usbehci - ok
20:21:04.0078 2472 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:21:04.0281 2472 usbhub - ok
20:21:04.0390 2472 USBLucam09e (1aca937fcc18b772b113915336045e5d) C:\WINDOWS\system32\Drivers\lucam09e.sys
20:21:04.0406 2472 USBLucam09e ( UnsignedFile.Multi.Generic ) - warning
20:21:04.0406 2472 USBLucam09e - detected UnsignedFile.Multi.Generic (1)
20:21:04.0562 2472 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
20:21:04.0703 2472 usbprint - ok
20:21:04.0843 2472 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:21:05.0000 2472 usbscan - ok
20:21:05.0296 2472 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:21:05.0421 2472 USBSTOR - ok
20:21:05.0484 2472 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:21:05.0609 2472 usbuhci - ok
20:21:05.0906 2472 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
20:21:06.0031 2472 usbvideo - ok
20:21:06.0296 2472 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
20:21:06.0421 2472 VgaSave - ok
20:21:06.0515 2472 ViaIde - ok
20:21:06.0625 2472 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
20:21:06.0750 2472 VolSnap - ok
20:21:07.0031 2472 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:21:07.0171 2472 Wanarp - ok
20:21:07.0250 2472 WDICA - ok
20:21:07.0265 2472 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
20:21:07.0406 2472 wdmaud - ok
20:21:07.0656 2472 wg111nd5 (5dc04e2badf701d7a9d00365b623df2f) C:\WINDOWS\system32\DRIVERS\wg111nd5.sys
20:21:07.0703 2472 wg111nd5 - ok
20:21:07.0796 2472 winachsf (ba6b6fb242a6ba4068c8b763063beb63) C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
20:21:07.0812 2472 winachsf - ok
20:21:07.0953 2472 WinDriver6 (2600134fedad80c7a363b3a467015a7f) C:\WINDOWS\system32\drivers\windrvr6.sys
20:21:08.0000 2472 WinDriver6 ( UnsignedFile.Multi.Generic ) - warning
20:21:08.0000 2472 WinDriver6 - detected UnsignedFile.Multi.Generic (1)
20:21:08.0078 2472 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
20:21:08.0187 2472 WmiAcpi - ok
20:21:08.0312 2472 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
20:21:08.0453 2472 WS2IFSL - ok
20:21:08.0609 2472 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
20:21:08.0718 2472 WSTCODEC - ok
20:21:08.0796 2472 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
20:21:08.0859 2472 WudfPf - ok
20:21:08.0875 2472 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
20:21:08.0906 2472 WudfRd - ok
20:21:08.0953 2472 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
20:21:09.0328 2472 \Device\Harddisk0\DR0 - ok
20:21:09.0359 2472 Boot (0x1200) (cdc6877f5e0eb8bec16a59869b38da04) \Device\Harddisk0\DR0\Partition0
20:21:09.0359 2472 \Device\Harddisk0\DR0\Partition0 - ok
20:21:09.0375 2472 Boot (0x1200) (3a2708bec7c4f594141ccf139a9ccb3a) \Device\Harddisk1\DR1\Partition0
20:21:09.0375 2472 \Device\Harddisk1\DR1\Partition0 - ok
20:21:09.0375 2472 ============================================================
20:21:09.0375 2472 Scan finished
20:21:09.0375 2472 ============================================================
20:21:09.0484 3668 Detected object count: 9
20:21:09.0484 3668 Actual detected object count: 9
20:22:43.0781 3668 AegisP ( UnsignedFile.Multi.Generic ) - skipped by user
20:22:43.0781 3668 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:22:43.0781 3668 BMLoad ( UnsignedFile.Multi.Generic ) - skipped by user
20:22:43.0781 3668 BMLoad ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:22:43.0781 3668 io.sys ( UnsignedFile.Multi.Generic ) - skipped by user
20:22:43.0781 3668 io.sys ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:22:43.0796 3668 luldr09e ( UnsignedFile.Multi.Generic ) - skipped by user
20:22:43.0796 3668 luldr09e ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:22:43.0796 3668 NSNDIS5 ( UnsignedFile.Multi.Generic ) - skipped by user
20:22:43.0796 3668 NSNDIS5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:22:43.0796 3668 tcpipBM ( UnsignedFile.Multi.Generic ) - skipped by user
20:22:43.0796 3668 tcpipBM ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:22:43.0796 3668 uDART01 ( UnsignedFile.Multi.Generic ) - skipped by user
20:22:43.0796 3668 uDART01 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:22:43.0796 3668 USBLucam09e ( UnsignedFile.Multi.Generic ) - skipped by user
20:22:43.0796 3668 USBLucam09e ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:22:43.0796 3668 WinDriver6 ( UnsignedFile.Multi.Generic ) - skipped by user
20:22:43.0796 3668 WinDriver6 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:23:13.0781 2388 ============================================================
20:23:13.0781 2388 Scan started
20:23:13.0781 2388 Mode: Manual; SigCheck; TDLFS;
20:23:13.0781 2388 ============================================================
20:23:14.0171 2388 Abiosdsk - ok
20:23:14.0187 2388 abp480n5 - ok
20:23:14.0312 2388 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:23:14.0562 2388 ACPI - ok
20:23:14.0828 2388 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
20:23:15.0000 2388 ACPIEC - ok
20:23:15.0078 2388 adpu160m - ok
20:23:15.0312 2388 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
20:23:15.0453 2388 aec - ok
20:23:15.0578 2388 AegisP (30bb1bde595ca65fd5549462080d94e5) C:\WINDOWS\system32\DRIVERS\AegisP.sys
20:23:15.0625 2388 AegisP ( UnsignedFile.Multi.Generic ) - warning
20:23:15.0625 2388 AegisP - detected UnsignedFile.Multi.Generic (1)
20:23:15.0718 2388 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
20:23:15.0765 2388 AFD - ok
20:23:15.0781 2388 Aha154x - ok
20:23:15.0937 2388 aic78u2 - ok
20:23:15.0953 2388 aic78xx - ok
20:23:15.0968 2388 AliIde - ok
20:23:16.0000 2388 amsint - ok
20:23:16.0062 2388 ApfiltrService (090880e9bf20f928bc341f96d27c019e) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
20:23:16.0109 2388 ApfiltrService - ok
20:23:16.0296 2388 asc - ok
20:23:16.0312 2388 asc3350p - ok
20:23:16.0328 2388 asc3550 - ok
20:23:16.0421 2388 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:23:16.0593 2388 AsyncMac - ok
20:23:16.0781 2388 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
20:23:16.0921 2388 atapi - ok
20:23:16.0937 2388 Atdisk - ok
20:23:16.0968 2388 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:23:17.0093 2388 Atmarpc - ok
20:23:17.0375 2388 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
20:23:17.0578 2388 audstub - ok
20:23:17.0781 2388 b57w2k (c0acd392ece55784884cc208aafa06ce) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
20:23:17.0828 2388 b57w2k - ok
20:23:17.0953 2388 bcm (54c533ae49cdf9c4630e80379a1090fe) C:\WINDOWS\system32\DRIVERS\drxvi314.sys
20:23:17.0984 2388 bcm - ok
20:23:18.0125 2388 BCM43XX (9208c78bd9283f79a30252ad954c77a2) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
20:23:18.0203 2388 BCM43XX - ok
20:23:18.0359 2388 bcmbusctr (44a70e32615770a4ec60e0267c0c8408) C:\WINDOWS\system32\DRIVERS\BcmBusCtr.sys
20:23:18.0375 2388 bcmbusctr - ok
20:23:18.0609 2388 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
20:23:18.0812 2388 Beep - ok
20:23:18.0968 2388 BMLoad (98f4630b5867d911ad6eae79874bf5e6) C:\WINDOWS\system32\drivers\BMLoad.sys
20:23:18.0984 2388 BMLoad ( UnsignedFile.Multi.Generic ) - warning
20:23:18.0984 2388 BMLoad - detected UnsignedFile.Multi.Generic (1)
20:23:18.0984 2388 catchme - ok
20:23:19.0109 2388 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
20:23:19.0234 2388 cbidf2k - ok
20:23:19.0265 2388 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
20:23:19.0359 2388 CCDECODE - ok
20:23:19.0453 2388 cd20xrnt - ok
20:23:19.0500 2388 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
20:23:19.0640 2388 Cdaudio - ok
20:23:19.0843 2388 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
20:23:19.0984 2388 Cdfs - ok
20:23:20.0265 2388 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:23:20.0312 2388 Cdrom - ok
20:23:20.0328 2388 Changer - ok
20:23:20.0562 2388 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
20:23:20.0765 2388 CmBatt - ok
20:23:20.0843 2388 CmdIde - ok
20:23:20.0859 2388 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
20:23:21.0046 2388 Compbatt - ok
20:23:21.0234 2388 Cpqarray - ok
20:23:21.0312 2388 CVirtA (5c706c06c1279952d2cc1a609ca948bf) C:\WINDOWS\system32\DRIVERS\CVirtA.sys
20:23:21.0328 2388 CVirtA - ok
20:23:21.0343 2388 dac2w2k - ok
20:23:21.0359 2388 dac960nt - ok
20:23:21.0453 2388 DIFMBUS (3a3b89d0b10a24cc031f98d2afdca5ce) C:\WINDOWS\system32\DRIVERS\DIFMBUS.sys
20:23:21.0453 2388 DIFMBUS - ok
20:23:21.0484 2388 DIFMCVsp (2ac5571844e89e2acfee99a79eb7dab9) C:\WINDOWS\system32\DRIVERS\DIFMCVsp.sys
20:23:21.0484 2388 DIFMCVsp - ok
20:23:21.0515 2388 DIFMMdm (daa170e853a84d01516a75de8b96ac9a) C:\WINDOWS\system32\DRIVERS\DIFMMdm.sys
20:23:21.0515 2388 DIFMMdm - ok
20:23:21.0531 2388 DIFMNET (d1563cf53d3347a40d548f2b7c209d9f) C:\WINDOWS\system32\DRIVERS\DIFMNET.sys
20:23:21.0546 2388 DIFMNET - ok
20:23:21.0546 2388 DIFMNVsp (6f847c47daf9ab1cc06e85778877ff0c) C:\WINDOWS\system32\DRIVERS\DIFMNVsp.sys
20:23:21.0562 2388 DIFMNVsp - ok
20:23:21.0578 2388 DIFMVsp (d1a8366667c084c23673707d7af0dc3d) C:\WINDOWS\system32\DRIVERS\DIFMVsp.sys
20:23:21.0578 2388 DIFMVsp - ok
20:23:21.0671 2388 DIGIRPS (a262c2201d8b8840b84b6713428cd2a6) C:\WINDOWS\system32\DRIVERS\digirlpt.sys
20:23:21.0687 2388 DIGIRPS - ok
20:23:21.0781 2388 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
20:23:21.0984 2388 Disk - ok
20:23:22.0125 2388 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
20:23:22.0250 2388 dmboot - ok
20:23:22.0437 2388 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
20:23:22.0546 2388 dmio - ok
20:23:22.0671 2388 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
20:23:22.0765 2388 dmload - ok
20:23:23.0062 2388 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
20:23:23.0218 2388 DMusic - ok
20:23:23.0375 2388 DNE (2eddbb3ef1dd5a28cb07c149d36e7286) C:\WINDOWS\system32\DRIVERS\dne2000.sys
20:23:23.0406 2388 DNE - ok
20:23:23.0421 2388 dpti2o - ok
20:23:23.0578 2388 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
20:23:23.0703 2388 drmkaud - ok
20:23:23.0906 2388 dsNcAdpt (4823163c246868863d41a2f5ee06a21e) C:\WINDOWS\system32\DRIVERS\dsNcAdpt.sys
20:23:23.0953 2388 dsNcAdpt - ok
20:23:24.0250 2388 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
20:23:24.0265 2388 eeCtrl - ok
20:23:24.0500 2388 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
20:23:24.0640 2388 Fastfat - ok
20:23:24.0828 2388 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
20:23:24.0953 2388 Fdc - ok
20:23:25.0140 2388 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
20:23:25.0281 2388 Fips - ok
20:23:25.0515 2388 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
20:23:25.0625 2388 Flpydisk - ok
20:23:25.0718 2388 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
20:23:25.0843 2388 FltMgr - ok
20:23:25.0906 2388 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:23:26.0000 2388 Fs_Rec - ok
20:23:26.0218 2388 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:23:26.0359 2388 Ftdisk - ok
20:23:26.0546 2388 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:23:26.0687 2388 Gpc - ok
20:23:26.0953 2388 guardian2 (c0bdab85f3e8b2138c513255e2bcc4d8) C:\WINDOWS\system32\Drivers\oz776.sys
20:23:26.0953 2388 guardian2 - ok
20:23:27.0062 2388 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
20:23:27.0203 2388 HDAudBus - ok
20:23:27.0406 2388 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:23:27.0531 2388 HidUsb - ok
20:23:27.0718 2388 hpn - ok
20:23:27.0859 2388 HSF_DPV (e8ec1767ea315a39a0dd8989952ca0e9) C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys
20:23:27.0937 2388 HSF_DPV - ok
20:23:27.0984 2388 HSXHWAZL (61478fa42ee04562e7f11f4dca87e9c8) C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys
20:23:28.0046 2388 HSXHWAZL - ok
20:23:28.0093 2388 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
20:23:28.0156 2388 HTTP - ok
20:23:28.0218 2388 i2omgmt - ok
20:23:28.0234 2388 i2omp - ok
20:23:28.0421 2388 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:23:28.0562 2388 i8042prt - ok
20:23:29.0046 2388 ialm (e8c7cc369c2fb657e0792af70df529e6) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
20:23:29.0312 2388 ialm - ok
20:23:29.0406 2388 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
20:23:29.0500 2388 Imapi - ok
20:23:29.0593 2388 ini910u - ok
20:23:29.0640 2388 IntelIde - ok
20:23:29.0750 2388 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
20:23:29.0843 2388 intelppm - ok
20:23:29.0937 2388 io.sys (5e333b8c20fb4a48c8ca3cf3489cd235) C:\WINDOWS\system32\drivers\io.sys
20:23:29.0953 2388 io.sys ( UnsignedFile.Multi.Generic ) - warning
20:23:29.0953 2388 io.sys - detected UnsignedFile.Multi.Generic (1)
20:23:30.0000 2388 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
20:23:30.0109 2388 Ip6Fw - ok
20:23:30.0234 2388 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:23:30.0359 2388 IpFilterDriver - ok
20:23:30.0625 2388 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:23:30.0734 2388 IpInIp - ok
20:23:30.0843 2388 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:23:30.0984 2388 IpNat - ok
20:23:31.0296 2388 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:23:31.0437 2388 IPSec - ok
20:23:31.0593 2388 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
20:23:31.0703 2388 IRENUM - ok
20:23:31.0968 2388 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:23:32.0109 2388 isapnp - ok
20:23:32.0203 2388 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:23:32.0343 2388 Kbdclass - ok
20:23:32.0640 2388 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
20:23:32.0734 2388 kmixer - ok
20:23:32.0906 2388 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
20:23:32.0968 2388 KSecDD - ok
20:23:33.0046 2388 lbrtfdc - ok
20:23:33.0250 2388 LMIInfo - ok
20:23:33.0390 2388 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\lmimirr.sys
20:23:33.0406 2388 lmimirr - ok
20:23:33.0406 2388 LMIRfsClientNP - ok
20:23:33.0500 2388 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
20:23:33.0500 2388 LMIRfsDriver - ok
20:23:33.0578 2388 luldr09e (1afb379d8273db0083ad0bfef3ba43db) C:\WINDOWS\system32\Drivers\luldr09e.sys
20:23:33.0609 2388 luldr09e ( UnsignedFile.Multi.Generic ) - warning
20:23:33.0609 2388 luldr09e - detected UnsignedFile.Multi.Generic (1)
20:23:33.0765 2388 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
20:23:33.0812 2388 mdmxsdk - ok
20:23:33.0937 2388 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
20:23:34.0109 2388 mnmdd - ok
20:23:34.0281 2388 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
20:23:34.0484 2388 Modem - ok
20:23:34.0562 2388 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:23:34.0687 2388 Mouclass - ok
20:23:34.0828 2388 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:23:34.0953 2388 mouhid - ok
20:23:35.0250 2388 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
20:23:35.0343 2388 MountMgr - ok
20:23:35.0546 2388 mraid35x - ok
20:23:35.0765 2388 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:23:35.0906 2388 MRxDAV - ok
20:23:35.0984 2388 MRxSmb (421f7b922cec5a5f340e7574a98f7b7c) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:23:36.0031 2388 MRxSmb - ok
20:23:36.0109 2388 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
20:23:36.0250 2388 Msfs - ok
20:23:36.0281 2388 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:23:36.0375 2388 MSKSSRV - ok
20:23:36.0640 2388 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:23:36.0734 2388 MSPCLOCK - ok
20:23:37.0000 2388 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
20:23:37.0125 2388 MSPQM - ok
20:23:37.0156 2388 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:23:37.0250 2388 mssmbios - ok
20:23:37.0312 2388 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
20:23:37.0421 2388 MSTEE - ok
20:23:37.0609 2388 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
20:23:37.0703 2388 Mup - ok
20:23:37.0781 2388 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
20:23:37.0890 2388 NABTSFEC - ok
20:23:38.0234 2388 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
20:23:38.0375 2388 NDIS - ok
20:23:38.0453 2388 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
20:23:38.0562 2388 NdisIP - ok
20:23:38.0640 2388 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:23:38.0765 2388 NdisTapi - ok
20:23:38.0875 2388 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:23:39.0015 2388 Ndisuio - ok
20:23:39.0078 2388 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:23:39.0218 2388 NdisWan - ok
20:23:39.0453 2388 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
20:23:39.0578 2388 NDProxy - ok
20:23:39.0687 2388 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
20:23:39.0812 2388 NetBIOS - ok
20:23:40.0109 2388 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
20:23:40.0234 2388 NetBT - ok
20:23:40.0390 2388 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
20:23:40.0515 2388 nm - ok
20:23:40.0718 2388 Nmea (b0d5188e282dc4edae7020f333427bc8) C:\WINDOWS\system32\DRIVERS\pctnullport.sys
20:23:40.0734 2388 Nmea - ok
20:23:40.0796 2388 NPF (b48dc6abcd3aeff8618350ccbdc6b09a) C:\WINDOWS\system32\drivers\npf.sys
20:23:40.0796 2388 NPF - ok
20:23:40.0875 2388 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
20:23:41.0000 2388 Npfs - ok
20:23:41.0156 2388 NSNDIS5 (53f7546e8daefb3a0813f5e19c4613c9) C:\WINDOWS\system32\NSNDIS5.SYS
20:23:41.0187 2388 NSNDIS5 ( UnsignedFile.Multi.Generic ) - warning
20:23:41.0187 2388 NSNDIS5 - detected UnsignedFile.Multi.Generic (1)
20:23:41.0265 2388 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
20:23:41.0375 2388 Ntfs - ok
20:23:41.0453 2388 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
20:23:41.0578 2388 Null - ok
20:23:41.0765 2388 NWADI (93213c7ec08e01e37a935bf144e75df6) C:\WINDOWS\system32\DRIVERS\NWADIenum.sys
20:23:41.0812 2388 NWADI - ok
20:23:41.0843 2388 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:23:41.0953 2388 NwlnkFlt - ok
20:23:42.0046 2388 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:23:42.0156 2388 NwlnkFwd - ok
20:23:42.0437 2388 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
20:23:42.0562 2388 Parport - ok
20:23:42.0671 2388 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
20:23:42.0812 2388 PartMgr - ok
20:23:43.0046 2388 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
20:23:43.0156 2388 ParVdm - ok
20:23:43.0312 2388 PCASp50 (1961590aa191b6b7dcf18a6a693af7b8) C:\WINDOWS\system32\Drivers\PCASp50.sys
20:23:43.0312 2388 PCASp50 - ok
20:23:43.0453 2388 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
20:23:43.0593 2388 PCI - ok
20:23:43.0687 2388 PCIDump - ok
20:23:43.0796 2388 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
20:23:43.0937 2388 PCIIde - ok
20:23:44.0015 2388 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
20:23:44.0140 2388 Pcmcia - ok
20:23:44.0296 2388 PCTINDIS5 (1e715247efffdda938c085913045d599) C:\WINDOWS\system32\PCTINDIS5.SYS
20:23:44.0312 2388 PCTINDIS5 - ok
20:23:44.0375 2388 PDCOMP - ok
20:23:44.0390 2388 PDFRAME - ok
20:23:44.0406 2388 PDRELI - ok
20:23:44.0500 2388 PDRFRAME - ok
20:23:44.0609 2388 perc2 - ok
20:23:44.0718 2388 perc2hib - ok
20:23:44.0937 2388 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:23:45.0093 2388 PptpMiniport - ok
20:23:45.0203 2388 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
20:23:45.0343 2388 PSched - ok
20:23:45.0515 2388 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:23:45.0656 2388 Ptilink - ok
20:23:45.0718 2388 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
20:23:45.0734 2388 PxHelp20 - ok
20:23:45.0750 2388 ql1080 - ok
20:23:45.0750 2388 Ql10wnt - ok
20:23:45.0781 2388 ql12160 - ok
20:23:45.0796 2388 ql1240 - ok
20:23:45.0812 2388 ql1280 - ok
20:23:45.0828 2388 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:23:45.0968 2388 RasAcd - ok
20:23:46.0156 2388 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:23:46.0296 2388 Rasl2tp - ok
20:23:46.0375 2388 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:23:46.0484 2388 RasPppoe - ok
20:23:46.0671 2388 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
20:23:46.0812 2388 Raspti - ok
20:23:47.0000 2388 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:23:47.0171 2388 Rdbss - ok
20:23:47.0343 2388 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:23:47.0468 2388 RDPCDD - ok
20:23:47.0796 2388 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
20:23:47.0953 2388 rdpdr - ok
20:23:48.0218 2388 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
20:23:48.0390 2388 RDPWD - ok
20:23:48.0578 2388 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
20:23:48.0781 2388 redbook - ok
20:23:49.0000 2388 RimUsb - ok
20:23:49.0046 2388 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
20:23:49.0062 2388 RimVSerPort - ok
20:23:49.0171 2388 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
20:23:49.0359 2388 ROOTMODEM - ok
20:23:49.0531 2388 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:23:49.0640 2388 Secdrv - ok
20:23:49.0781 2388 ser2plms (227df2e68510d25462ee80136722374e) C:\WINDOWS\system32\DRIVERS\ser2plms.sys
20:23:49.0828 2388 ser2plms - ok
20:23:50.0046 2388 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
20:23:50.0250 2388 serenum - ok
20:23:50.0406 2388 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
20:23:50.0515 2388 Serial - ok
20:23:50.0765 2388 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
20:23:50.0937 2388 Sfloppy - ok
20:23:51.0046 2388 Simbad - ok
20:23:51.0187 2388 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
20:23:51.0375 2388 SLIP - ok
20:23:51.0687 2388 SNPSTD3 (11bb0e11d42cc3a43d741d9b30839be1) C:\WINDOWS\system32\DRIVERS\snpstd3.sys
20:23:52.0250 2388 SNPSTD3 - ok
20:23:52.0437 2388 Sparrow - ok
20:23:52.0546 2388 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
20:23:52.0734 2388 splitter - ok
20:23:52.0875 2388 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
20:23:53.0000 2388 sr - ok
20:23:53.0234 2388 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
20:23:53.0250 2388 Srv - ok
20:23:53.0421 2388 STHDA (951801dfb54d86f611f0af47825476f9) C:\WINDOWS\system32\drivers\sthda.sys
20:23:53.0515 2388 STHDA - ok
20:23:53.0734 2388 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
20:23:53.0906 2388 streamip - ok
20:23:54.0203 2388 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
20:23:54.0343 2388 swenum - ok
20:23:54.0484 2388 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
20:23:54.0640 2388 swmidi - ok
20:23:54.0812 2388 symc810 - ok
20:23:54.0812 2388 symc8xx - ok
20:23:54.0828 2388 sym_hi - ok
20:23:54.0843 2388 sym_u3 - ok
20:23:54.0921 2388 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
20:23:55.0093 2388 sysaudio - ok
20:23:55.0187 2388 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:23:55.0296 2388 Tcpip - ok
20:23:55.0406 2388 tcpipBM (4bed0c7fdf414d1bd26bf33ea673ca49) C:\WINDOWS\system32\drivers\tcpipBM.sys
20:23:55.0453 2388 tcpipBM ( UnsignedFile.Multi.Generic ) - warning
20:23:55.0453 2388 tcpipBM - detected UnsignedFile.Multi.Generic (1)
20:23:55.0531 2388 TcUsb (5ca437a08509fb7ecf843480fc1232e2) C:\WINDOWS\system32\Drivers\tcusb.sys
20:23:55.0546 2388 TcUsb - ok
20:23:55.0625 2388 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
20:23:55.0812 2388 TDPIPE - ok
20:23:55.0968 2388 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
20:23:56.0156 2388 TDTCP - ok
20:23:56.0250 2388 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
20:23:56.0390 2388 TermDD - ok
20:23:56.0578 2388 TosIde - ok
20:23:56.0687 2388 uDART01 (5870d22eac314ca4d206b49d76869eae) C:\WINDOWS\system32\Drivers\sftdrv01.sys
20:23:56.0734 2388 uDART01 ( UnsignedFile.Multi.Generic ) - warning
20:23:56.0734 2388 uDART01 - detected UnsignedFile.Multi.Generic (1)
20:23:56.0812 2388 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
20:23:56.0953 2388 Udfs - ok
20:23:56.0968 2388 ultra - ok
20:23:57.0046 2388 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
20:23:57.0187 2388 Update - ok
20:23:57.0328 2388 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
20:23:57.0453 2388 usbaudio - ok
20:23:57.0656 2388 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:23:57.0796 2388 usbccgp - ok
20:23:57.0984 2388 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:23:58.0125 2388 usbehci - ok
20:23:58.0171 2388 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:23:58.0312 2388 usbhub - ok
20:23:58.0562 2388 USBLucam09e (1aca937fcc18b772b113915336045e5d) C:\WINDOWS\system32\Drivers\lucam09e.sys
20:23:58.0578 2388 USBLucam09e ( UnsignedFile.Multi.Generic ) - warning
20:23:58.0593 2388 USBLucam09e - detected UnsignedFile.Multi.Generic (1)
20:23:58.0640 2388 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
20:23:58.0781 2388 usbprint - ok
20:23:58.0812 2388 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:23:58.0921 2388 usbscan - ok
20:23:59.0015 2388 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:23:59.0140 2388 USBSTOR - ok
20:23:59.0250 2388 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:23:59.0390 2388 usbuhci - ok
20:23:59.0578 2388 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
20:23:59.0750 2388 usbvideo - ok
20:24:00.0031 2388 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
20:24:00.0171 2388 VgaSave - ok
20:24:00.0250 2388 ViaIde - ok
20:24:00.0468 2388 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
20:24:00.0656 2388 VolSnap - ok
20:24:00.0921 2388 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:24:01.0062 2388 Wanarp - ok
20:24:01.0140 2388 WDICA - ok
20:24:01.0359 2388 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
20:24:01.0484 2388 wdmaud - ok
20:24:01.0734 2388 wg111nd5 (5dc04e2badf701d7a9d00365b623df2f) C:\WINDOWS\system32\DRIVERS\wg111nd5.sys
20:24:01.0750 2388 wg111nd5 - ok
20:24:01.0859 2388 winachsf (ba6b6fb242a6ba4068c8b763063beb63) C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
20:24:01.0875 2388 winachsf - ok
20:24:02.0000 2388 WinDriver6 (2600134fedad80c7a363b3a467015a7f) C:\WINDOWS\system32\drivers\windrvr6.sys
20:24:02.0062 2388 WinDriver6 ( UnsignedFile.Multi.Generic ) - warning
20:24:02.0062 2388 WinDriver6 - detected UnsignedFile.Multi.Generic (1)
20:24:02.0156 2388 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
20:24:02.0250 2388 WmiAcpi - ok
20:24:02.0343 2388 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
20:24:02.0484 2388 WS2IFSL - ok
20:24:02.0640 2388 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
20:24:02.0750 2388 WSTCODEC - ok
20:24:02.0921 2388 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
20:24:02.0968 2388 WudfPf - ok
20:24:03.0078 2388 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
20:24:03.0109 2388 WudfRd - ok
20:24:03.0156 2388 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
20:24:03.0421 2388 \Device\Harddisk0\DR0 - ok
20:24:03.0453 2388 Boot (0x1200) (cdc6877f5e0eb8bec16a59869b38da04) \Device\Harddisk0\DR0\Partition0
20:24:03.0453 2388 \Device\Harddisk0\DR0\Partition0 - ok
20:24:03.0468 2388 Boot (0x1200) (3a2708bec7c4f594141ccf139a9ccb3a) \Device\Harddisk1\DR1\Partition0
20:24:03.0468 2388 \Device\Harddisk1\DR1\Partition0 - ok
20:24:03.0468 2388 ============================================================
20:24:03.0468 2388 Scan finished
20:24:03.0468 2388 ============================================================
20:24:03.0484 4044 Detected object count: 9
20:24:03.0484 4044 Actual detected object count: 9
20:25:19.0031 4044 AegisP ( UnsignedFile.Multi.Generic ) - skipped by user
20:25:19.0031 4044 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:25:19.0031 4044 BMLoad ( UnsignedFile.Multi.Generic ) - skipped by user
20:25:19.0031 4044 BMLoad ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:25:19.0031 4044 io.sys ( UnsignedFile.Multi.Generic ) - skipped by user
20:25:19.0031 4044 io.sys ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:25:19.0031 4044 luldr09e ( UnsignedFile.Multi.Generic ) - skipped by user
20:25:19.0031 4044 luldr09e ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:25:19.0046 4044 NSNDIS5 ( UnsignedFile.Multi.Generic ) - skipped by user
20:25:19.0046 4044 NSNDIS5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:25:19.0046 4044 tcpipBM ( UnsignedFile.Multi.Generic ) - skipped by user
20:25:19.0046 4044 tcpipBM ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:25:19.0046 4044 uDART01 ( UnsignedFile.Multi.Generic ) - skipped by user
20:25:19.0046 4044 uDART01 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:25:19.0046 4044 USBLucam09e ( UnsignedFile.Multi.Generic ) - skipped by user
20:25:19.0046 4044 USBLucam09e ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:25:19.0046 4044 WinDriver6 ( UnsignedFile.Multi.Generic ) - skipped by user
20:25:19.0046 4044 WinDriver6 ( UnsignedFile.Multi.Generic ) - User select action: Skip


What next? Karl
  • 0

#9
Homburg

Homburg

    Trusted Helper

  • Malware Removal
  • 665 posts
Hi Karl,

Looking good so far, before you do much surfing you need to get a fierewall and antivirus installed to stop reinfection. On my XP system I use ZoneAlarm along with Avast antivirus but the choice is yours. I've got a few options.

A firewall is essential to stop hackers infiltrating your computer. The following firewalls are free for personal use. Do not install more than one firewall.

Zone Alarm is an excellent free basic firewall which is very easy to use.
Online Armor is a more advanced firewall which includes a Host Intrusion Protection System (HIPS).
Comodo is a combined firewall and anti virus..
Or you could just use the Windows firewall, just to Control Panel, double click on Windows Firewall and select On.



It is essential that you have an antivirus program installed on your computer. An Anti-Virus program protects your computer from many common viruses and trojans which can be deadly for your system. The following antivirus programs are free for personal use. Do not install more than one antivirus.

Avast
AVG
Avira Free


After you've installed one of each of the above see if you are still suffering redirects and let me know.

Steve.
  • 0

#10
mkarl1

mkarl1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Steve, seems to be working well. Thank you for the help Karl
  • 0

#11
Homburg

Homburg

    Trusted Helper

  • Malware Removal
  • 665 posts
Hi Karl,

Just a couple of scans to go to check for leftovers.


Step 1:

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediantly.


Step 2:

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

  • 0

#12
mkarl1

mkarl1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Here is the malwarebytes log

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8249

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

11/26/2011 12:42:08 PM
mbam-log-2011-11-26 (12-42-01).txt

Scan type: Quick scan
Objects scanned: 220782
Time elapsed: 7 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SETUP.EXE (Affiliate.Downloader) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\kmatheson\my documents\downloads\Setup.exe (Affiliate.Downloader) -> No action taken.
c:\documents and settings\kmatheson\my documents\downloads\televisionfanatic.exe (Adware.FunWeb) -> No action taken.
  • 0

#13
mkarl1

mkarl1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Here is the eset log file.

[email protected] as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=9b53234339fd554fbd4ecb2f905ef49e
# end=stopped
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-11-26 10:01:05
# local_time=2011-11-26 03:01:05 (-0700, Mountain Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 333893 333893 0 0
# compatibility_mode=5891 16776533 42 87 0 19094310 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=65385
# found=0
# cleaned=0
# scan_time=6225
[email protected] as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=9b53234339fd554fbd4ecb2f905ef49e
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-11-26 11:47:25
# local_time=2011-11-26 04:47:25 (-0700, Mountain Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 340402 340402 0 0
# compatibility_mode=5891 16776533 42 87 0 19100819 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=199370
# found=1
# cleaned=1
# scan_time=6096
C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\serial.sys.vir a variant of Win32/Rootkit.Kryptik.FJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
  • 0

#14
Homburg

Homburg

    Trusted Helper

  • Malware Removal
  • 665 posts
Hi Karl,

Your PC is now clean :thumbsup:

First we'll remove the tools that we've used then look at preventing getting infected again. It's important to remove the tools as it also removes the malware that we currently have quarantined.

Please do the following:

Clean up with OTL:
  • Double-click OTL.exe to start the program.
  • On the OTL main screen, depress the CleanUp button.
  • Say Yes to the prompt and then allow the program to reboot your computer.

Follow these steps to uninstall Combofix
  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
  • Now copy/paste this: ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /Uninstall, it needs to be there.
    Posted Image
  • Please follow the prompts to uninstall Combofix.
  • This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.
  • You will then receive a message saying Combofix was uninstalled successfully once it's done uninstalling itself.



Next

Please delete any remaining logs from your desktop.


Windows Updates.
It is essential that you regularly check and install the latest Windows Updates. Vulnerabilities within Windows can leave your computer open to infection. Regular updates are released to fix these security vulnerabilities. I recommend that you set Windows to check, download and install your updates automatically.

Click Start
Select Control Panel
Click on Automatic (recommended)
Set the day and time for the update check. Set this to a time when your computer will normally be on and connected to the internet.
Click Apply then OK.


JAVA updates.
Your Java is out of date.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.
  • Go to here and click Do I have Java
  • It will check your current version and then offer to update to the latest version

Click Start
Select Control Panel
Select Add or Remove Programs
Remove all Java updates except the latest one you have just installed.

Adobe updates.
You should ensure you use the latest Adobe Acrobat Reader and install any security updates that are released. Older versions are susceptible to attack. You can download the latest reader and updates from here.

MalwareBytes to remove any malware that might slip the net and get through. I recommend that you run this at least once a week

Download and install this update checker from filehippo. Run it once a month and it will highlight which of your programs need updating and also give you the download link.

To learn more about how to protect yourself while on the internet you might like to read this GeeksToGo article. This covers some of the safety measures that I've included and also some more.

Happy surfing and stay safe :happy:
  • 0

#15
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP