Hi. Looks like this worked! Machine running fine and no pop ups or infection warnings at all. Thanks a lot!
ComboFix 11-11-27.02 - Owner 11/27/2011 22:40:17.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3070.2542 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\PostBuild.exe
c:\documents and settings\Owner\My Documents\qkmz.exe
c:\windows\$NtUninstallKB15841$
c:\windows\$NtUninstallKB15841$\1295872220\@
c:\windows\$NtUninstallKB15841$\1295872220\bckfg.tmp
c:\windows\$NtUninstallKB15841$\1295872220\cfg.ini
c:\windows\$NtUninstallKB15841$\1295872220\Desktop.ini
c:\windows\$NtUninstallKB15841$\1295872220\keywords
c:\windows\$NtUninstallKB15841$\1295872220\kwrd.dll
c:\windows\$NtUninstallKB15841$\1295872220\L\exeaatnd
c:\windows\$NtUninstallKB15841$\1295872220\lsflt7.ver
c:\windows\$NtUninstallKB15841$\1295872220\U\00000001.@
c:\windows\$NtUninstallKB15841$\1295872220\U\00000002.@
c:\windows\$NtUninstallKB15841$\1295872220\U\00000004.@
c:\windows\$NtUninstallKB15841$\1295872220\U\80000000.@
c:\windows\$NtUninstallKB15841$\1295872220\U\80000004.@
c:\windows\$NtUninstallKB15841$\1295872220\U\80000032.@
c:\windows\$NtUninstallKB15841$\3428543732
c:\windows\CSC\d6
c:\windows\system32\Branded.scr
c:\windows\system32\Branded.scr.manifest
.
Infected copy of c:\windows\system32\drivers\afd.sys was found and disinfected
Restored copy from - The cat found it
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_6TO4
-------\Service_6to4
.
.
((((((((((((((((((((((((( Files Created from 2011-10-28 to 2011-11-28 )))))))))))))))))))))))))))))))
.
.
2011-11-28 03:47 . 2011-11-28 03:47 -------- d-----w- c:\windows\system32\xircom
2011-11-28 03:47 . 2011-11-28 03:47 -------- d-----w- c:\windows\system32\wbem\snmp
2011-11-28 03:47 . 2011-11-28 03:47 -------- d-----w- c:\windows\system32\oobe
2011-11-28 03:47 . 2011-11-28 03:47 -------- d-----w- c:\windows\srchasst
2011-11-28 03:47 . 2011-11-28 03:47 -------- d-----w- c:\program files\microsoft frontpage
2011-11-28 03:38 . 2008-08-14 09:48 138368 ----a-w- c:\windows\system32\drivers\afd.sys
2011-11-27 21:11 . 2011-11-27 21:11 1409 ----a-w- c:\windows\QTFont.for
2011-11-21 17:14 . 2011-11-21 17:14 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2011-11-21 17:14 . 2011-11-21 17:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-11-21 17:14 . 2011-11-21 17:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-21 17:14 . 2011-08-31 22:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-21 08:30 . 2011-11-21 08:30 -------- d-----w- c:\windows\system32\wbem\Repository
2011-11-21 08:26 . 2011-11-21 08:26 -------- d-----w- c:\documents and settings\Owner\Application Data\080ED
2011-11-17 05:13 . 2011-11-17 05:17 -------- d-----w- c:\documents and settings\Owner\Application Data\Emqiecc
2011-11-17 05:13 . 2011-11-17 05:13 -------- d-----w- c:\documents and settings\Owner\Application Data\Ahoguc
2011-11-06 05:47 . 2011-11-06 05:47 -------- d-----w- c:\program files\Common Files\Steam
2011-11-06 05:47 . 2011-11-28 03:47 -------- d-----w- c:\program files\Steam
2011-11-02 02:30 . 2011-11-02 02:30 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2011-11-01 23:43 . 2011-11-09 00:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Firefly Studios
2011-11-01 07:33 . 2004-10-22 06:18 749568 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll
2011-11-01 07:33 . 2004-10-22 06:17 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll
2011-11-01 07:33 . 2004-10-22 06:17 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll
2011-11-01 07:33 . 2004-10-22 06:16 180224 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll
2011-11-01 07:33 . 2004-10-22 06:16 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe
2011-11-01 07:33 . 2011-11-01 07:33 192644 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll
2011-11-01 07:33 . 2011-11-01 07:33 323716 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-13 06:41 . 2011-08-13 17:49 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2011-09-11 06:48 . 2011-09-11 06:48 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-09-11 06:48 . 2011-09-11 06:48 22328 ----a-w- c:\documents and settings\Owner\Application Data\PnkBstrK.sys
2011-09-11 06:47 . 2011-09-11 06:47 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-09-11 06:47 . 2011-09-11 06:47 669184 ----a-w- c:\windows\system32\pbsvc.exe
2011-09-11 06:47 . 2011-09-11 06:47 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-09-01 18:46 . 2011-08-13 05:23 281760 ----a-w- c:\windows\system32\drivers\atksgt.sys
2011-09-01 18:46 . 2011-08-13 05:23 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2011-10-01 08:08 . 2011-08-13 14:38 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
.
[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\explorer.exe
[-] 2007-05-02 . D66456C66D07A423F2E48C2526AE260C . 1422336 . . [6.00.2900.2180] . . c:\windows\explorer.exe
.
[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\wscntfy.exe
.
c:\windows\System32\drivers\beep.sys ... is missing !!
c:\windows\System32\wscntfy.exe ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"WebcamMaxAutoRun"="c:\program files\WebcamMax\WebcamMax.exe" [2010-09-28 6046960]
"SansaDispatch"="c:\documents and settings\Owner\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe" [2011-08-29 79872]
"Steam"="c:\program files\Steam\Steam.exe" [2011-11-06 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VistaDrive"="c:\windows\VistaDrive\VistaDrive.exe" [2006-10-06 280779]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-04-08 111208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-04-08 13891176]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-02-24 1753192]
"UpdatePDRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"CTHelper"="CTHELPER.EXE" [2007-04-09 19456]
"CTxfiHlp"="CTXFIHLP.EXE" [2007-04-09 19968]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-06-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2011-09-10 2338656]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
"nltide_3"="advpack.dll" [2010-05-04 124928]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"=
"c:\\Program Files\\BitTorrent\\BitTorrent.exe"=
"c:\\Program Files\\Reality Pump\\Two Worlds II\\TwoWorlds2.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"c:\\Program Files\\Firefly Studios\\Stronghold Crusader\\Stronghold Crusader.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgnsx.exe"=
"c:\\Program Files\\Firefly Studios\\Stronghold 2\\Stronghold2.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Firefly Studios\\Stronghold Legends\\StrongholdLegends.exe"=
"c:\\Program Files\\Steam\\steamapps\\fulkramick\\team fortress 2\\hl2.exe"=
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2/22/2011 7:13 AM 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [3/16/2011 3:03 PM 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [1/7/2011 5:41 AM 248656]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [4/4/2011 11:59 PM 297168]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [8/12/2011 8:34 PM 218688]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [8/18/2011 12:33 AM 7390560]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [2/8/2011 4:33 AM 269520]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [4/14/2011 8:28 PM 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2/10/2011 6:53 AM 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2/10/2011 6:53 AM 27216]
S2 intelusb3;Intel USB3 Device Service;c:\windows\System32\svchost.exe -k intelusbs3 [8/12/2004 1:00 AM 14336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
intelusbs3 REG_MULTI_SZ intelusb3
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.22ndstreetcomputers.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\4wvks9ua.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
Notify-intelsusb - ntusbw32.dll
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe
AddRemove-{8ADFC4160D694100B5B8A22DE9DCABD9} - c:\program files\DivX\DivXPlayerUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2011-11-27 22:48
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?
CTxfiHlp = CTXFIHLP.EXE?
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
SansaDispatch = c:\documents and settings\Owner\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe?????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1616)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\AVG\AVG10\avgchsvx.exe
c:\progra~1\AVG\AVG10\avgrsx.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\AVG\AVG10\avgnsx.exe
.
**************************************************************************
.
Completion time: 2011-11-27 22:50:50 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-28 03:50
.
Pre-Run: 88,247,775,232 bytes free
Post-Run: 88,629,399,552 bytes free
.
- - End Of File - - 56410D62738E77CED460DF270EE58036
22:53:08.0015 2844 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44
22:53:10.0015 2844 ============================================================
22:53:10.0015 2844 Current date / time: 2011/11/27 22:53:10.0015
22:53:10.0015 2844 SystemInfo:
22:53:10.0015 2844
22:53:10.0015 2844 OS Version: 5.1.2600 ServicePack: 2.0
22:53:10.0015 2844 Product type: Workstation
22:53:10.0015 2844 ComputerName: 22NDSTRE-939DCE
22:53:10.0015 2844 UserName: Owner
22:53:10.0015 2844 Windows directory: C:\WINDOWS
22:53:10.0015 2844 System windows directory: C:\WINDOWS
22:53:10.0015 2844 Processor architecture: Intel x86
22:53:10.0015 2844 Number of processors: 1
22:53:10.0015 2844 Page size: 0x1000
22:53:10.0015 2844 Boot type: Normal boot
22:53:10.0015 2844 ============================================================
22:53:10.0328 2844 Initialize success
22:54:18.0000 3680 ============================================================
22:54:18.0000 3680 Scan started
22:54:18.0000 3680 Mode: Manual; SigCheck; TDLFS;
22:54:18.0000 3680 ============================================================
22:54:18.0156 3680 Abiosdsk - ok
22:54:18.0171 3680 abp480n5 - ok
22:54:18.0250 3680 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:54:18.0500 3680 ACPI - ok
22:54:18.0515 3680 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
22:54:18.0656 3680 ACPIEC - ok
22:54:18.0671 3680 adpu160m - ok
22:54:18.0703 3680 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
22:54:19.0046 3680 aec - ok
22:54:19.0062 3680 AFD (6a0397376853e604de8e1e7a87fc08ac) C:\WINDOWS\System32\drivers\afd.sys
22:54:19.0109 3680 AFD - ok
22:54:19.0125 3680 Aha154x - ok
22:54:19.0125 3680 aic78u2 - ok
22:54:19.0140 3680 aic78xx - ok
22:54:19.0156 3680 AliIde - ok
22:54:19.0171 3680 amsint - ok
22:54:19.0187 3680 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
22:54:19.0328 3680 Arp1394 - ok
22:54:19.0343 3680 asc - ok
22:54:19.0359 3680 asc3350p - ok
22:54:19.0375 3680 asc3550 - ok
22:54:19.0406 3680 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:54:19.0531 3680 AsyncMac - ok
22:54:19.0546 3680 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
22:54:19.0671 3680 atapi - ok
22:54:19.0687 3680 Atdisk - ok
22:54:19.0734 3680 atksgt (f0d933b42cd0594048e4d5200ae9e417) C:\WINDOWS\system32\DRIVERS\atksgt.sys
22:54:19.0781 3680 atksgt - ok
22:54:19.0796 3680 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:54:19.0937 3680 Atmarpc - ok
22:54:19.0984 3680 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
22:54:20.0109 3680 audstub - ok
22:54:20.0156 3680 AVGIDSDriver (2d18221aab3db2d408d6c55c0f23090a) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
22:54:20.0171 3680 AVGIDSDriver - ok
22:54:20.0187 3680 AVGIDSEH (1af676db3f3d4cc709cfab2571cf5fc3) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
22:54:20.0203 3680 AVGIDSEH - ok
22:54:20.0218 3680 AVGIDSFilter (4c51e233c87f9ec7598551de554bc99d) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
22:54:20.0234 3680 AVGIDSFilter - ok
22:54:20.0234 3680 AVGIDSShim (c3fc426e54f55c1cc3219e415b88e10c) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
22:54:20.0250 3680 AVGIDSShim - ok
22:54:20.0265 3680 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
22:54:20.0281 3680 Avgldx86 - ok
22:54:20.0296 3680 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
22:54:20.0312 3680 Avgmfx86 - ok
22:54:20.0328 3680 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
22:54:20.0343 3680 Avgrkx86 - ok
22:54:20.0390 3680 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
22:54:20.0437 3680 Avgtdix - ok
22:54:20.0484 3680 b57w2k (2acf06176b9d011567d7f25b83ddd066) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
22:54:20.0531 3680 b57w2k - ok
22:54:20.0546 3680 Beep - ok
22:54:20.0546 3680 catchme - ok
22:54:20.0578 3680 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
22:54:20.0718 3680 cbidf2k - ok
22:54:20.0734 3680 cd20xrnt - ok
22:54:20.0765 3680 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
22:54:20.0906 3680 Cdaudio - ok
22:54:20.0937 3680 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
22:54:21.0078 3680 Cdfs - ok
22:54:21.0109 3680 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:54:21.0250 3680 Cdrom - ok
22:54:21.0265 3680 Changer - ok
22:54:21.0281 3680 CmdIde - ok
22:54:21.0312 3680 COMMONFX.DLL (1ef05b641e9a67ded74ac8ad40055dbf) C:\WINDOWS\system32\COMMONFX.DLL
22:54:21.0312 3680 COMMONFX.DLL - ok
22:54:21.0328 3680 Cpqarray - ok
22:54:21.0359 3680 CT20XUT.DLL (6191a973461852a09d643609e1d5f7c6) C:\WINDOWS\system32\CT20XUT.DLL
22:54:21.0406 3680 CT20XUT.DLL - ok
22:54:21.0437 3680 ctac32k (8ac5f77e30e37d2d11bd99eff0c53d8c) C:\WINDOWS\system32\drivers\ctac32k.sys
22:54:21.0453 3680 ctac32k - ok
22:54:21.0484 3680 ctaud2k (673241d314e932f4890509ae8ebf26db) C:\WINDOWS\system32\drivers\ctaud2k.sys
22:54:21.0515 3680 ctaud2k - ok
22:54:21.0546 3680 CTAUDFX.DLL (472b82d7e549e7fab428852e4d16f21d) C:\WINDOWS\system32\CTAUDFX.DLL
22:54:21.0593 3680 CTAUDFX.DLL - ok
22:54:21.0625 3680 ctdvda2k (ed316d4c3d39c5b6c23de067e275c183) C:\WINDOWS\system32\drivers\ctdvda2k.sys
22:54:21.0656 3680 ctdvda2k - ok
22:54:21.0671 3680 CTEAPSFX.DLL (6a57f82009563aee8826f117e1d3c72c) C:\WINDOWS\system32\CTEAPSFX.DLL
22:54:21.0703 3680 CTEAPSFX.DLL - ok
22:54:21.0718 3680 CTEDSPFX.DLL (c8ac1ffaeadd655193d7b1811a572d8d) C:\WINDOWS\system32\CTEDSPFX.DLL
22:54:21.0781 3680 CTEDSPFX.DLL - ok
22:54:21.0812 3680 CTEDSPIO.DLL (44495d9daf675257d00b25b041ee6667) C:\WINDOWS\system32\CTEDSPIO.DLL
22:54:21.0843 3680 CTEDSPIO.DLL - ok
22:54:21.0875 3680 CTEDSPSY.DLL (8e90b1762cb42e2fc76dac9210c83c66) C:\WINDOWS\system32\CTEDSPSY.DLL
22:54:21.0906 3680 CTEDSPSY.DLL - ok
22:54:21.0921 3680 CTERFXFX.DLL (d3fbd9983325435b06795f29cb57ed3d) C:\WINDOWS\system32\CTERFXFX.DLL
22:54:21.0953 3680 CTERFXFX.DLL - ok
22:54:21.0984 3680 CTEXFIFX.DLL (2c48e9d8ca703964463f27ae341115b7) C:\WINDOWS\system32\CTEXFIFX.DLL
22:54:22.0062 3680 CTEXFIFX.DLL - ok
22:54:22.0093 3680 CTHWIUT.DLL (f7657c598e7c29c6683c1e4a8dd68884) C:\WINDOWS\system32\CTHWIUT.DLL
22:54:22.0125 3680 CTHWIUT.DLL - ok
22:54:22.0140 3680 ctprxy2k (34e7f8a499fd8361df14fedb724c0ad3) C:\WINDOWS\system32\drivers\ctprxy2k.sys
22:54:22.0140 3680 ctprxy2k - ok
22:54:22.0187 3680 CTSBLFX.DLL (679ae21eb7f48a08184813aebabdec7c) C:\WINDOWS\system32\CTSBLFX.DLL
22:54:22.0218 3680 CTSBLFX.DLL - ok
22:54:22.0250 3680 ctsfm2k (32098497cb4dfe9ea7660fa62dd91060) C:\WINDOWS\system32\drivers\ctsfm2k.sys
22:54:22.0265 3680 ctsfm2k - ok
22:54:22.0281 3680 dac2w2k - ok
22:54:22.0296 3680 dac960nt - ok
22:54:22.0328 3680 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
22:54:22.0468 3680 Disk - ok
22:54:22.0562 3680 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
22:54:22.0734 3680 dmboot - ok
22:54:22.0750 3680 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
22:54:22.0890 3680 dmio - ok
22:54:22.0890 3680 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
22:54:23.0046 3680 dmload - ok
22:54:23.0062 3680 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
22:54:23.0203 3680 DMusic - ok
22:54:23.0218 3680 dpti2o - ok
22:54:23.0234 3680 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
22:54:23.0375 3680 drmkaud - ok
22:54:23.0406 3680 dtsoftbus01 (555e54ac2f601a8821cef58961653991) C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys
22:54:23.0421 3680 dtsoftbus01 - ok
22:54:23.0437 3680 emupia (2885f72d2daffd0329272f12e16d6579) C:\WINDOWS\system32\drivers\emupia2k.sys
22:54:23.0453 3680 emupia - ok
22:54:23.0484 3680 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
22:54:23.0625 3680 Fastfat - ok
22:54:23.0656 3680 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
22:54:23.0796 3680 Fdc - ok
22:54:23.0812 3680 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
22:54:23.0953 3680 Fips - ok
22:54:23.0968 3680 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
22:54:24.0109 3680 Flpydisk - ok
22:54:24.0156 3680 FltMgr (5a85cd3d07273e3f6fe72ee9c6431632) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
22:54:24.0515 3680 FltMgr - ok
22:54:24.0531 3680 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:54:24.0656 3680 Fs_Rec - ok
22:54:24.0718 3680 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:54:24.0890 3680 Ftdisk - ok
22:54:24.0921 3680 gameenum (5f92fd09e5610a5995da7d775eadcd12) C:\WINDOWS\system32\DRIVERS\gameenum.sys
22:54:25.0062 3680 gameenum - ok
22:54:25.0078 3680 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:54:25.0218 3680 Gpc - ok
22:54:25.0265 3680 ha10kx2k (da2c735b66d2e7b739f9a46146581a9d) C:\WINDOWS\system32\drivers\ha10kx2k.sys
22:54:25.0296 3680 ha10kx2k - ok
22:54:25.0328 3680 hap16v2k (5c7d6d68796e4621b4168c879908dae0) C:\WINDOWS\system32\drivers\hap16v2k.sys
22:54:25.0343 3680 hap16v2k - ok
22:54:25.0375 3680 hap17v2k (a595b88ad16d8b5693ddf08113caf30e) C:\WINDOWS\system32\drivers\hap17v2k.sys
22:54:25.0390 3680 hap17v2k - ok
22:54:25.0421 3680 hidusb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:54:25.0546 3680 hidusb - ok
22:54:25.0562 3680 hpn - ok
22:54:25.0593 3680 HTTP (261bf53e1d1c21f04b4e748a6ed3d055) C:\WINDOWS\system32\Drivers\HTTP.sys
22:54:25.0656 3680 HTTP - ok
22:54:25.0671 3680 i2omgmt - ok
22:54:25.0671 3680 i2omp - ok
22:54:25.0703 3680 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:54:25.0843 3680 i8042prt - ok
22:54:25.0890 3680 iastor (f26bfd48b1c314e0f23bf77acfa75940) C:\WINDOWS\system32\DRIVERS\iaStor.sys
22:54:25.0953 3680 iastor - ok
22:54:25.0968 3680 Imapi (12c59b8929121ace2f55acc86682cf12) C:\WINDOWS\system32\DRIVERS\imapi.sys
22:54:26.0328 3680 Imapi - ok
22:54:26.0343 3680 ini910u - ok
22:54:26.0359 3680 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
22:54:26.0500 3680 IntelIde - ok
22:54:26.0531 3680 intelppm (db8a1859cf9e48914dcc0a7206d87be5) C:\WINDOWS\system32\DRIVERS\intelppm.sys
22:54:26.0890 3680 intelppm - ok
22:54:26.0968 3680 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
22:54:27.0140 3680 Ip6Fw - ok
22:54:27.0171 3680 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:54:27.0312 3680 IpFilterDriver - ok
22:54:27.0328 3680 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:54:27.0468 3680 IpInIp - ok
22:54:27.0484 3680 IpNat (472c75f85e631f8aa87d21c9fee6238d) C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:54:27.0875 3680 IpNat - ok
22:54:27.0906 3680 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:54:28.0046 3680 IPSec - ok
22:54:28.0062 3680 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
22:54:28.0156 3680 IRENUM - ok
22:54:28.0171 3680 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:54:28.0312 3680 isapnp - ok
22:54:28.0328 3680 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:54:28.0468 3680 Kbdclass - ok
22:54:28.0484 3680 kmixer (8531438246ce9474e41ee1599904c0c7) C:\WINDOWS\system32\drivers\kmixer.sys
22:54:28.0875 3680 kmixer - ok
22:54:28.0906 3680 KSecDD (1be7cc2535d760ae4d481576eb789f24) C:\WINDOWS\system32\drivers\KSecDD.sys
22:54:28.0937 3680 KSecDD - ok
22:54:28.0953 3680 lbrtfdc - ok
22:54:29.0000 3680 lirsgt (f8a7212d0864ef5e9185fb95e6623f4d) C:\WINDOWS\system32\DRIVERS\lirsgt.sys
22:54:29.0015 3680 lirsgt - ok
22:54:29.0031 3680 mcdbus - ok
22:54:29.0062 3680 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
22:54:29.0187 3680 mnmdd - ok
22:54:29.0250 3680 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
22:54:29.0437 3680 Modem - ok
22:54:29.0468 3680 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:54:29.0593 3680 Mouclass - ok
22:54:29.0625 3680 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
22:54:29.0750 3680 mouhid - ok
22:54:29.0781 3680 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
22:54:29.0921 3680 MountMgr - ok
22:54:29.0937 3680 mraid35x - ok
22:54:29.0953 3680 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:54:30.0093 3680 MRxDAV - ok
22:54:30.0140 3680 MRxSmb (3500e756812e716351f2d341ae1d5623) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:54:30.0187 3680 MRxSmb - ok
22:54:30.0203 3680 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
22:54:30.0343 3680 Msfs - ok
22:54:30.0375 3680 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:54:30.0515 3680 MSKSSRV - ok
22:54:30.0546 3680 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:54:30.0703 3680 MSPCLOCK - ok
22:54:30.0734 3680 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
22:54:30.0875 3680 MSPQM - ok
22:54:30.0890 3680 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:54:31.0015 3680 mssmbios - ok
22:54:31.0031 3680 Mup (79a9c030299e8cc04f18d0765155d902) C:\WINDOWS\system32\drivers\Mup.sys
22:54:31.0406 3680 Mup - ok
22:54:31.0500 3680 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
22:54:31.0640 3680 NDIS - ok
22:54:31.0671 3680 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:54:31.0812 3680 NdisTapi - ok
22:54:31.0843 3680 Ndisuio (77d9bf86b912104c229d4f0d25be3c12) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:54:32.0234 3680 Ndisuio - ok
22:54:32.0250 3680 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:54:32.0375 3680 NdisWan - ok
22:54:32.0390 3680 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
22:54:32.0515 3680 NDProxy - ok
22:54:32.0531 3680 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
22:54:32.0671 3680 NetBIOS - ok
22:54:32.0703 3680 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
22:54:32.0859 3680 NetBT - ok
22:54:32.0890 3680 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
22:54:33.0015 3680 NIC1394 - ok
22:54:33.0031 3680 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
22:54:33.0171 3680 Npfs - ok
22:54:33.0203 3680 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
22:54:33.0359 3680 Ntfs - ok
22:54:33.0390 3680 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
22:54:33.0515 3680 Null - ok
22:54:33.0703 3680 nv (f1de35c89d98a883d1b4030dc9896855) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
22:54:34.0203 3680 nv - ok
22:54:34.0234 3680 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:54:34.0375 3680 NwlnkFlt - ok
22:54:34.0390 3680 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:54:34.0531 3680 NwlnkFwd - ok
22:54:34.0546 3680 ohci1394 (fc128c3d7d5ad30a13742dc3737b9df7) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
22:54:34.0921 3680 ohci1394 - ok
22:54:34.0953 3680 ossrv (61c85afeaa6ef0c1b32d43f84f7bfbcf) C:\WINDOWS\system32\drivers\ctoss2k.sys
22:54:34.0968 3680 ossrv - ok
22:54:35.0000 3680 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
22:54:35.0140 3680 Parport - ok
22:54:35.0156 3680 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
22:54:35.0296 3680 PartMgr - ok
22:54:35.0312 3680 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
22:54:35.0437 3680 ParVdm - ok
22:54:35.0453 3680 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
22:54:35.0609 3680 PCI - ok
22:54:35.0625 3680 PCIDump - ok
22:54:35.0640 3680 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
22:54:35.0781 3680 PCIIde - ok
22:54:35.0796 3680 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
22:54:35.0937 3680 Pcmcia - ok
22:54:36.0000 3680 PDCOMP - ok
22:54:36.0031 3680 PDFRAME - ok
22:54:36.0062 3680 PDRELI - ok
22:54:36.0078 3680 PDRFRAME - ok
22:54:36.0093 3680 perc2 - ok
22:54:36.0093 3680 perc2hib - ok
22:54:36.0140 3680 pfc (444f122e68db44c0589227781f3c8b3f) C:\WINDOWS\system32\drivers\pfc.sys
22:54:36.0156 3680 pfc ( UnsignedFile.Multi.Generic ) - warning
22:54:36.0156 3680 pfc - detected UnsignedFile.Multi.Generic (1)
22:54:36.0203 3680 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:54:36.0328 3680 PptpMiniport - ok
22:54:36.0343 3680 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
22:54:36.0484 3680 PSched - ok
22:54:36.0500 3680 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:54:36.0640 3680 Ptilink - ok
22:54:36.0640 3680 ql1080 - ok
22:54:36.0656 3680 Ql10wnt - ok
22:54:36.0671 3680 ql12160 - ok
22:54:36.0687 3680 ql1240 - ok
22:54:36.0687 3680 ql1280 - ok
22:54:36.0718 3680 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:54:36.0875 3680 RasAcd - ok
22:54:36.0890 3680 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:54:37.0031 3680 Rasl2tp - ok
22:54:37.0046 3680 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:54:37.0187 3680 RasPppoe - ok
22:54:37.0203 3680 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
22:54:37.0328 3680 Raspti - ok
22:54:37.0375 3680 Rdbss (b48441a6dc703ee4c36db14ee51a189c) C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:54:37.0765 3680 Rdbss - ok
22:54:37.0796 3680 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:54:37.0921 3680 RDPCDD - ok
22:54:37.0937 3680 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
22:54:38.0078 3680 rdpdr - ok
22:54:38.0109 3680 RDPWD (047bea21274c8a4a233674a76c958c2c) C:\WINDOWS\system32\drivers\RDPWD.sys
22:54:38.0500 3680 RDPWD - ok
22:54:38.0546 3680 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
22:54:38.0734 3680 redbook - ok
22:54:38.0781 3680 rspndr (0e11b35e972796042044bc27ce13b065) C:\WINDOWS\system32\DRIVERS\rspndr.sys
22:54:39.0156 3680 rspndr - ok
22:54:39.0203 3680 Secdrv (07f7f501ad50de2ba2d5842d9b6d6155) C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:54:39.0218 3680 Secdrv ( UnsignedFile.Multi.Generic ) - warning
22:54:39.0218 3680 Secdrv - detected UnsignedFile.Multi.Generic (1)
22:54:39.0234 3680 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
22:54:39.0390 3680 serenum - ok
22:54:39.0390 3680 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
22:54:39.0531 3680 Serial - ok
22:54:39.0562 3680 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
22:54:39.0703 3680 Sfloppy - ok
22:54:39.0718 3680 Simbad - ok
22:54:39.0734 3680 Sparrow - ok
22:54:39.0765 3680 splitter (9bb1dd670cb7505a90fc4e61d4aa8227) C:\WINDOWS\system32\drivers\splitter.sys
22:54:40.0140 3680 splitter - ok
22:54:40.0187 3680 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
22:54:40.0265 3680 sr - ok
22:54:40.0312 3680 Srv (d4af9861c3b6a2163d26dc6b9cf05e2a) C:\WINDOWS\system32\DRIVERS\srv.sys
22:54:40.0359 3680 Srv - ok
22:54:40.0390 3680 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
22:54:40.0515 3680 swenum - ok
22:54:40.0546 3680 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
22:54:40.0687 3680 swmidi - ok
22:54:40.0703 3680 symc810 - ok
22:54:40.0718 3680 symc8xx - ok
22:54:40.0734 3680 sym_hi - ok
22:54:40.0750 3680 sym_u3 - ok
22:54:40.0765 3680 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
22:54:40.0906 3680 sysaudio - ok
22:54:40.0953 3680 Tcpip (744e57c99232201ae98c49168b918f48) C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:54:41.0031 3680 Tcpip - ok
22:54:41.0062 3680 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
22:54:41.0187 3680 TDPIPE - ok
22:54:41.0250 3680 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
22:54:41.0421 3680 TDTCP - ok
22:54:41.0437 3680 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
22:54:41.0578 3680 TermDD - ok
22:54:41.0593 3680 TosIde - ok
22:54:41.0625 3680 TPkd (409a577fd5781c717e55a28717514c58) C:\WINDOWS\system32\drivers\TPkd.sys
22:54:41.0640 3680 TPkd ( UnsignedFile.Multi.Generic ) - warning
22:54:41.0640 3680 TPkd - detected UnsignedFile.Multi.Generic (1)
22:54:41.0671 3680 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
22:54:41.0812 3680 Udfs - ok
22:54:41.0828 3680 ultra - ok
22:54:41.0859 3680 Update (a4815a4884898f355a3513e60843a4fd) C:\WINDOWS\system32\DRIVERS\update.sys
22:54:42.0281 3680 Update - ok
22:54:42.0312 3680 usbehci (a45ea1550ea4b368c4fba7ca9d056bc9) C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:54:42.0687 3680 usbehci - ok
22:54:42.0703 3680 usbhub (6d46b1f89134892a862ac56b00ac11fe) C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:54:43.0093 3680 usbhub - ok
22:54:43.0125 3680 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:54:43.0250 3680 USBSTOR - ok
22:54:43.0265 3680 usbuhci (0ee1925590ba1abec14254d54d9870f4) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
22:54:43.0640 3680 usbuhci - ok
22:54:43.0671 3680 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
22:54:43.0796 3680 VgaSave - ok
22:54:43.0843 3680 ViaIde - ok
22:54:43.0875 3680 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
22:54:44.0031 3680 VolSnap - ok
22:54:44.0062 3680 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:54:44.0218 3680 Wanarp - ok
22:54:44.0234 3680 WDICA - ok
22:54:44.0265 3680 wdmaud (0bfa8203b8148fb4e54bc212c41ce497) C:\WINDOWS\system32\drivers\wdmaud.sys
22:54:44.0671 3680 wdmaud - ok
22:54:44.0734 3680 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
22:54:44.0781 3680 WudfPf - ok
22:54:44.0781 3680 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
22:54:44.0812 3680 WudfRd - ok
22:54:44.0843 3680 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
22:54:44.0984 3680 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
22:54:44.0984 3680 \Device\Harddisk0\DR0 - detected TDSS File System (1)
22:54:44.0984 3680 Boot (0x1200) (e52b7c4644ed1bae164231c72dbf30d4) \Device\Harddisk0\DR0\Partition0
22:54:44.0984 3680 \Device\Harddisk0\DR0\Partition0 - ok
22:54:44.0984 3680 ============================================================
22:54:44.0984 3680 Scan finished
22:54:44.0984 3680 ============================================================
22:54:45.0093 3672 Detected object count: 4
22:54:45.0093 3672 Actual detected object count: 4
22:55:35.0156 3672 HKLM\SYSTEM\ControlSet001\services\pfc - will be deleted on reboot
22:55:35.0156 3672 HKLM\SYSTEM\ControlSet002\services\pfc - will be deleted on reboot
22:55:35.0156 3672 C:\WINDOWS\system32\drivers\pfc.sys - will be deleted on reboot
22:55:35.0156 3672 pfc ( UnsignedFile.Multi.Generic ) - User select action: Delete
22:55:35.0171 3672 HKLM\SYSTEM\ControlSet001\services\Secdrv - will be deleted on reboot
22:55:35.0171 3672 HKLM\SYSTEM\ControlSet002\services\Secdrv - will be deleted on reboot
22:55:35.0171 3672 C:\WINDOWS\system32\DRIVERS\secdrv.sys - will be deleted on reboot
22:55:35.0171 3672 Secdrv ( UnsignedFile.Multi.Generic ) - User select action: Delete
22:55:35.0171 3672 HKLM\SYSTEM\ControlSet001\services\TPkd - will be deleted on reboot
22:55:35.0171 3672 HKLM\SYSTEM\ControlSet002\services\TPkd - will be deleted on reboot
22:55:35.0171 3672 C:\WINDOWS\system32\drivers\TPkd.sys - will be deleted on reboot
22:55:35.0171 3672 TPkd ( UnsignedFile.Multi.Generic ) - User select action: Delete
22:55:35.0171 3672 \Device\Harddisk0\DR0\TDLFS - deleted
22:55:35.0171 3672 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete
22:55:40.0468 3144 Deinitialize success
OTL logfile created on: 11/27/2011 11:17:06 PM - Run 4
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 2.25 Gb Available Physical Memory | 75.01% Memory free
4.84 Gb Paging File | 4.23 Gb Available in Paging File | 87.41% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 82.63 Gb Free Space | 17.74% Space Free | Partition Type: NTFS
Drive H: | 3.80 Gb Total Space | 0.63 Gb Free Space | 16.54% Space Free | Partition Type: FAT32
Computer Name: 22NDSTRE-939DCE | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ========== PRC - [2011/11/27 10:38:58 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2011/10/01 03:08:00 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/09/10 05:28:50 | 002,338,656 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/09/09 02:10:56 | 001,082,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/08/28 22:55:01 | 000,079,872 | ---- | M] (SanDisk Corporation) -- C:\Documents and Settings\Owner\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
PRC - [2011/08/28 22:55:00 | 000,582,536 | ---- | M] (SanDisk Corporation) -- C:\Documents and Settings\Owner\Application Data\SanDisk\Sansa Updater\SansaUpdater.exe
PRC - [2011/08/18 00:33:26 | 000,659,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2011/08/18 00:33:06 | 007,390,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/05/23 13:13:04 | 000,657,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011/04/08 11:59:52 | 000,507,624 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2011/03/28 02:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2011/02/10 06:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 04:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2007/05/02 00:13:22 | 001,422,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/04/09 11:32:32 | 000,019,456 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CtHelper.exe
PRC - [2007/01/18 18:04:04 | 000,067,056 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2006/10/05 19:56:28 | 000,280,779 | ---- | M] () -- C:\WINDOWS\VistaDrive\vistadrive.exe
========== Modules (No Company Name) ========== MOD - [2011/11/27 23:07:04 | 000,009,216 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\temp\SansaUpdater\english.dll
MOD - [2011/10/01 03:08:00 | 001,833,944 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/08/13 09:08:15 | 006,277,280 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/02/10 06:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
MOD - [2007/03/01 13:16:56 | 000,128,512 | ---- | M] () -- C:\Program Files\WinRar\RarExt.dll
MOD - [2006/10/05 19:56:28 | 000,280,779 | ---- | M] () -- C:\WINDOWS\VistaDrive\vistadrive.exe
========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- -- (wscsvc)
SRV - File not found [Auto | Stopped] -- -- (intelusb3)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [Auto | Stopped] -- -- (helpsvc)
SRV - File not found [On_Demand | Stopped] -- -- (CiSvc)
SRV - [2011/08/18 00:33:06 | 007,390,560 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/03/16 09:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/02/08 04:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2007/01/18 18:04:04 | 000,067,056 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2006/08/11 10:15:36 | 000,200,704 | ---- | M] (InterVideo Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe -- (Capture Device Service)
========== Driver Services (SafeList) ========== DRV - [2011/09/01 13:46:20 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2011/09/01 13:46:20 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2011/08/12 20:34:07 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011/05/27 18:05:44 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/04 23:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 15:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 13:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 07:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/02/10 06:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 06:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/07 05:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2007/04/18 07:59:40 | 000,098,600 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\COMMONFX.DLL -- (COMMONFX.DLL)
DRV - [2007/04/12 07:10:26 | 000,164,608 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CT20XUT.DLL -- (CT20XUT.DLL)
DRV - [2007/04/12 07:10:26 | 000,066,816 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTHWIUT.DLL -- (CTHWIUT.DLL)
DRV - [2007/04/12 07:10:24 | 001,317,632 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEXFIFX.DLL -- (CTEXFIFX.DLL)
DRV - [2007/04/12 07:10:22 | 000,323,328 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEDSPSY.DLL -- (CTEDSPSY.DLL)
DRV - [2007/04/12 07:10:22 | 000,128,768 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEDSPIO.DLL -- (CTEDSPIO.DLL)
DRV - [2007/04/12 07:10:20 | 000,280,320 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEDSPFX.DLL -- (CTEDSPFX.DLL)
DRV - [2007/04/12 07:10:20 | 000,094,976 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTERFXFX.DLL -- (CTERFXFX.DLL)
DRV - [2007/04/12 07:10:18 | 000,168,192 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEAPSFX.DLL -- (CTEAPSFX.DLL)
DRV - [2007/04/12 07:10:16 | 000,560,384 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\CTSBLFX.DLL -- (CTSBLFX.DLL)
DRV - [2007/04/12 07:10:16 | 000,546,048 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\CTAUDFX.DLL -- (CTAUDFX.DLL)
DRV - [2007/04/10 05:00:24 | 000,157,480 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2007/04/10 04:59:04 | 000,126,760 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2007/04/10 03:32:06 | 000,189,736 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\haP17v2k.sys -- (hap17v2k)
DRV - [2007/04/10 03:31:18 | 000,163,112 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\haP16v2k.sys -- (hap16v2k)
DRV - [2007/04/10 03:29:10 | 000,797,992 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2007/04/10 03:28:36 | 000,092,968 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2007/04/10 03:25:46 | 000,014,632 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2007/04/10 03:21:06 | 000,347,128 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2007/04/10 03:20:38 | 000,520,488 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2007/04/10 03:19:30 | 000,511,272 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2004/08/23 13:49:30 | 000,121,472 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2004/08/03 22:08:22 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchURL\g, =
http://www.google.com/search?q=%sIE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchURL\g, =
http://www.google.com/search?q=%sIE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.com/IE - HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchURL\g, =
http://www.google.com/search?q=%s IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.com/IE - HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchURL\g, =
http://www.google.com/search?q=%s IE - HKU\S-1-5-21-1078081533-515967899-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-21-1078081533-515967899-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.22ndstreetcomputers.com/IE - HKU\S-1-5-21-1078081533-515967899-682003330-1003\Software\Microsoft\Internet Explorer\SearchURL\g, =
http://www.google.com/search?q=%sIE - HKU\S-1-5-21-1078081533-515967899-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ========== FF - prefs.js..browser.startup.homepage: "
http://www.google.com" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\Documents and Settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2571: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1739: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/10/15 07:12:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/01 03:08:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/08/16 02:35:48 | 000,000,000 | ---D | M]
[2011/08/13 09:58:09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2011/11/11 01:01:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\4wvks9ua.default\extensions
[2011/11/11 01:01:55 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\4wvks9ua.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/08/16 02:35:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/08/16 02:35:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/10/15 07:12:55 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX4
[2011/08/16 02:35:42 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/08/15 02:57:06 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/10/01 03:08:01 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/08/16 02:35:42 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/01 03:07:58 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2007/04/14 00:39:45 | 000,003,043 | R--- | M] () -- C:\Program Files\mozilla firefox\searchplugins\LinkBasement.xml
O1 HOSTS File: ([2011/11/27 22:47:29 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O3 - HKLM\..\Toolbar: (TextAloud) - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\Program Files\TextAloud\TAForIE.dll ()
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CtHelper.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [VistaDrive] C:\WINDOWS\VistaDrive\vistadrive.exe ()
O4 - HKU\S-1-5-21-1078081533-515967899-682003330-1003..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-1078081533-515967899-682003330-1003..\Run: [SansaDispatch] C:\Documents and Settings\Owner\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe (SanDisk Corporation)
O4 - HKU\S-1-5-21-1078081533-515967899-682003330-1003..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-1078081533-515967899-682003330-1003..\Run: [WebcamMaxAutoRun] C:\Program Files\WebcamMax\WebcamMax.exe (CoolwareMax)
O4 - HKU\.DEFAULT..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 File not found
O4 - HKU\S-1-5-18..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\S-1-5-21-1078081533-515967899-682003330-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1078081533-515967899-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1078081533-515967899-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-1078081533-515967899-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\S-1-5-21-1078081533-515967899-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1078081533-515967899-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4CF2A00A-613B-4BBB-AA1C-26CB96AFE330}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/08/12 20:17:56 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: helpsvc - File not found
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ========== [2011/11/27 23:16:06 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/11/27 22:47:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2011/11/27 22:47:27 | 000,000,000 | ---D | C] -- C:\Program Files\xerox
[2011/11/27 22:47:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\srchasst
[2011/11/27 22:47:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe
[2011/11/27 22:47:24 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2011/11/27 22:34:25 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/11/27 22:34:25 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/11/27 22:34:25 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/11/27 22:34:25 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/11/27 22:34:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/11/27 22:34:10 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/27 22:30:39 | 001,566,512 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Owner\Desktop\tdsskiller.exe
[2011/11/27 22:30:18 | 004,309,802 | R--- | C] (Swearware) -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2011/11/27 10:38:58 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/11/24 22:50:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Real
[2011/11/21 12:14:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2011/11/21 12:14:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/21 12:14:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/11/21 12:14:34 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/11/21 12:14:34 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/11/21 04:03:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/11/21 03:42:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/11/21 03:29:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\Firefly Studios
[2011/11/21 03:26:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\080ED
[2011/11/17 00:13:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Emqiecc
[2011/11/17 00:13:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Ahoguc
[2011/11/11 01:03:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\OTR
[2011/11/09 05:58:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Vivian Picture4ss
[2011/11/08 19:52:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Stronghold Legends
[2011/11/06 00:58:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\Steam
[2011/11/06 00:47:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Steam
[2011/11/06 00:47:14 | 000,000,000 | ---D | C] -- C:\Program Files\Steam
[2011/11/06 00:47:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Steam
[2011/11/01 21:30:53 | 000,107,888 | ---- | C] (Sony DADC Austria AG.) -- C:\WINDOWS\System32\CmdLineExt.dll
[2011/11/01 18:43:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Firefly Studios
[2011/11/01 18:43:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Stronghold 2
[2007/04/09 11:32:58 | 000,034,816 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2007/04/09 11:19:16 | 000,010,240 | ---- | C] ( ) -- C:\WINDOWS\System32\killapps.exe
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ========== [2011/11/27 23:07:48 | 000,441,518 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/27 23:07:48 | 000,070,634 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/11/27 23:04:15 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/27 23:03:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/27 23:02:28 | 000,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000004-00000000-00000001-00001102-00000004-20061102}.rfx
[2011/11/27 23:02:28 | 000,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000004-00000000-00000001-00001102-00000004-20061102}.rfx
[2011/11/27 23:02:28 | 000,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000004-00000000-00000001-00001102-00000004-20061102}.rfx
[2011/11/27 23:02:28 | 000,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000004-00000000-00000001-00001102-00000004-20061102}.rfx
[2011/11/27 23:02:28 | 000,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000004-00000000-00000001-00001102-00000004-20061102}.rfx
[2011/11/27 23:02:19 | 004,958,588 | ---- | M] () -- C:\WINDOWS\{00000004-00000000-00000001-00001102-00000004-20061102}.CDF
[2011/11/27 23:02:19 | 004,958,588 | ---- | M] () -- C:\WINDOWS\{00000004-00000000-00000001-00001102-00000004-20061102}.BAK
[2011/11/27 22:47:29 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/11/27 22:30:50 | 001,566,512 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Owner\Desktop\tdsskiller.exe
[2011/11/27 22:30:26 | 004,309,802 | R--- | M] (Swearware) -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2011/11/27 22:11:42 | 139,194,205 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/11/27 16:45:46 | 000,087,040 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/27 16:11:07 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2011/11/27 16:11:07 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2011/11/27 10:38:58 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/11/26 23:24:26 | 000,304,758 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Snapshot(2).bmp
[2011/11/26 22:36:08 | 000,243,128 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/11/26 18:21:13 | 000,099,442 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2011/11/25 04:02:08 | 001,228,854 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Snapshot(1).bmp
[2011/11/21 12:14:38 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/21 11:41:53 | 000,100,702 | ---- | M] () -- C:\WINDOWS\System32\itusbcore.dat
[2011/11/21 11:41:53 | 000,000,196 | ---- | M] () -- C:\WINDOWS\System32\itlsvc.dat
[2011/11/21 06:11:31 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/11/18 02:05:27 | 000,054,907 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\PDR.dmp
[2011/11/18 01:05:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\SpeechPad.INI
[2011/11/14 19:59:23 | 000,000,588 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2011/11/14 19:59:23 | 000,000,588 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2011/11/08 19:58:41 | 000,001,891 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Play Stronghold Legends.lnk
[2011/11/06 00:58:08 | 000,000,213 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Team Fortress 2.url
[2011/11/06 00:47:17 | 000,000,664 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Steam.lnk
[2011/11/01 21:30:53 | 000,107,888 | ---- | M] (Sony DADC Austria AG.) -- C:\WINDOWS\System32\CmdLineExt.dll
[2011/11/01 21:30:42 | 000,001,795 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Play Stronghold 2.lnk
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ========== [2011/11/27 22:34:25 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/11/27 22:34:25 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/11/27 22:34:25 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/11/27 22:34:25 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/11/27 22:34:25 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/11/27 16:11:07 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2011/11/27 16:11:07 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2011/11/26 23:24:26 | 000,304,758 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Snapshot(2).bmp
[2011/11/25 04:02:02 | 001,228,854 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Snapshot(1).bmp
[2011/11/21 12:14:38 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/21 11:41:53 | 000,100,702 | ---- | C] () -- C:\WINDOWS\System32\itusbcore.dat
[2011/11/21 11:41:53 | 000,000,196 | ---- | C] () -- C:\WINDOWS\System32\itlsvc.dat
[2011/11/21 04:03:36 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/11/18 01:05:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SpeechPad.INI
[2011/11/14 19:59:23 | 000,000,588 | ---- | C] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2011/11/14 19:59:23 | 000,000,588 | ---- | C] () -- C:\WINDOWS\System32\settings.sfm
[2011/11/08 19:47:14 | 000,001,891 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Play Stronghold Legends.lnk
[2011/11/06 00:58:08 | 000,000,213 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Team Fortress 2.url
[2011/11/06 00:47:17 | 000,000,664 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Steam.lnk
[2011/11/01 02:35:56 | 000,001,795 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Play Stronghold 2.lnk
[2011/09/11 01:48:04 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2011/09/11 01:48:03 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\PnkBstrK.sys
[2011/09/11 01:47:50 | 000,669,184 | ---- | C] () -- C:\WINDOWS\System32\pbsvc.exe
[2011/09/11 01:47:50 | 000,103,736 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2011/09/11 01:47:50 | 000,066,872 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2011/09/03 01:13:20 | 000,000,075 | RHS- | C] () -- C:\WINDOWS\CT6PRET.BIN
[2011/08/13 12:49:09 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2011/08/13 09:34:16 | 000,087,040 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/13 00:23:14 | 000,281,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2011/08/13 00:23:14 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2011/08/12 21:05:04 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2011/08/12 21:05:04 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2011/08/12 21:05:04 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2011/08/12 21:05:04 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2011/08/12 21:05:04 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2011/08/12 21:05:04 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2011/08/12 20:55:23 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011/08/12 20:32:19 | 000,259,620 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/08/12 20:32:19 | 000,259,620 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/08/12 20:32:19 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/08/12 20:32:15 | 002,116,894 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2011/08/12 20:23:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/08/12 20:20:59 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/08/12 20:18:06 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011/08/12 20:18:06 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011/08/12 20:18:03 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/08/12 20:15:58 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/08/12 20:15:48 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\latency.exe
[2011/08/12 20:15:48 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\MemTest.exe
[2011/08/12 20:15:48 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\vcdrom.exe
[2011/08/12 20:15:48 | 000,000,156 | ---- | C] () -- C:\WINDOWS\System32\cpuz.ini
[2011/08/12 16:13:22 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/08/12 16:12:18 | 000,243,128 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/05/02 10:13:40 | 000,000,126 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2007/04/12 07:10:28 | 000,105,728 | ---- | C] () -- C:\WINDOWS\System32\APOMgrH.dll
[2007/04/09 11:55:14 | 000,097,785 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2007/04/09 11:55:14 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2007/04/09 11:33:50 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CTBurst.dll
[2007/04/09 11:32:32 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\psconv.exe
[2007/04/09 11:24:30 | 000,325,821 | ---- | C] () -- C:\WINDOWS\System32\ctdlang.dat
[2007/04/09 11:24:30 | 000,046,273 | ---- | C] () -- C:\WINDOWS\System32\ctdnlstr.dat
[2007/04/09 11:21:44 | 000,048,128 | ---- | C] () -- C:\WINDOWS\System32\regplib.exe
[2007/04/09 11:21:28 | 000,149,838 | ---- | C] () -- C:\WINDOWS\System32\ctbas2w.dat
[2007/04/09 11:19:44 | 000,274,587 | ---- | C] () -- C:\WINDOWS\System32\ctsbas2w.dat
[2007/04/09 11:19:36 | 000,241,084 | ---- | C] () -- C:\WINDOWS\System32\CTSBASW.DAT
[2007/04/09 11:19:36 | 000,115,166 | ---- | C] () -- C:\WINDOWS\System32\CTBASICW.DAT
[2007/04/09 11:19:20 | 000,313,207 | ---- | C] () -- C:\WINDOWS\System32\ctstatic.dat
[2007/04/09 11:19:20 | 000,053,932 | ---- | C] () -- C:\WINDOWS\System32\ctdaught.dat
[2007/04/09 11:19:18 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\enlocstr.exe
[2007/01/03 17:02:23 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/01/03 16:58:18 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\DivXsm.exe
[2007/01/03 16:58:11 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2006/10/02 08:25:18 | 000,000,307 | ---- | C] () -- C:\WINDOWS\System32\kill.ini
[2005/06/16 09:17:16 | 000,071,680 | ---- | C] () -- C:\WINDOWS\System32\ctmmactl.dll
[2004/12/18 12:32:54 | 000,031,232 | ---- | C] () -- C:\WINDOWS\System32\cmdow.exe
[2004/08/12 01:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/12 01:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/12 01:00:00 | 000,441,518 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/12 01:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/12 01:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/12 01:00:00 | 000,070,634 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/12 01:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/12 01:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/12 01:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/12 01:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/12 01:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
========== LOP Check ========== [2011/08/13 09:58:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/11/21 12:34:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/08/13 09:41:14 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/08/12 20:33:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2011/10/09 18:45:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EA Core
[2011/10/09 18:45:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2011/11/08 19:52:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Firefly Studios
[2011/10/26 02:20:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\id Software
[2011/08/12 21:05:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InterVideo
[2011/09/01 14:29:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2011/09/24 09:16:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/09/13 03:10:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy
[2011/09/20 03:38:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ubisoft
[2011/08/12 21:03:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2011/08/13 08:27:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WebcamMax
[2011/11/21 03:26:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\080ED
[2011/08/29 00:41:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Acapela Group
[2011/11/17 00:13:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Ahoguc
[2011/09/13 03:07:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Antares
[2011/08/13 12:15:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AVG10
[2011/11/27 04:02:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\BitTorrent
[2011/08/13 09:57:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DAEMON Tools Lite
[2011/11/17 00:17:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Emqiecc
[2011/09/06 00:03:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FreeFLVConverter
[2011/08/13 00:29:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\id Software
[2011/08/16 00:44:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Jasc
[2011/11/01 23:30:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mount&Blade With Fire and Sword
[2011/09/13 03:10:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PACE Anti-Piracy
[2011/08/28 22:54:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SanDisk
[2011/08/22 00:44:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SystemRequirementsLab
[2011/09/20 13:35:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Ubisoft
[2011/08/20 03:15:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Ulead Systems
[2011/08/13 09:57:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\WebcamMax
========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.exe > < MD5 for: EXPLORER.EXE >[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\explorer.exe
[2007/05/02 00:13:22 | 001,422,336 | ---- | M] (Microsoft Corporation) MD5=D66456C66D07A423F2E48C2526AE260C -- C:\WINDOWS\explorer.exe
< MD5 for: SVCHOST.EXE >[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\svchost.exe
[2004/08/12 01:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2004/08/12 01:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\system32\svchost.exe
< MD5 for: USERINIT.EXE >[2004/08/12 01:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2004/08/12 01:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\system32\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\userinit.exe
< MD5 for: WINLOGON.EXE >[2004/08/12 01:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2004/08/12 01:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\system32\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\winlogon.exe
< afd.sys > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s >"Type" = 1
"Start" = 1
"ErrorControl" = 1
"Tag" = 5
"ImagePath" = system32\DRIVERS\netbt.sys -- [2004/08/12 01:00:00 | 000,162,816 | ---- | M] (Microsoft Corporation)
"DisplayName" = NetBios over Tcpip
"Group" = PNP_TDI
"DependOnService" = Tcpip [binary data]
"DependOnGroup" = [binary data]
"Description" = NetBios over Tcpip
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Linkage]
"OtherDependencies" = Tcpip [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters]
"NbProvider" = _tcp
"NameServerPort" = 137
"CacheTimeout" = 600000
"BcastNameQueryCount" = 3
"BcastQueryTimeout" = 750
"NameSrvQueryCount" = 3
"NameSrvQueryTimeout" = 1500
"Size/Small/Medium/Large" = 1
"SessionKeepAlive" = 3600000
"TransportBindName" = \Device\
"EnableLMHOSTS" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{115F3647-0A2F-40E7-ABF6-B3FE506F341B}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{1F9DB851-1217-4001-B5BA-99628FC49113}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{37E3F87C-E7AC-452E-B63D-63FA3BB7BCCE}]
"NameServerList" = [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{4CF2A00A-613B-4BBB-AA1C-26CB96AFE330}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{731B9428-FBA0-405A-933B-841D7FF880B7}]
"NameServerList" = [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Security]
"Security" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Enum]
"0" = Root\LEGACY_NETBT\0000
"Count" = 1
"NextInstance" = 1
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s >"Type" = 2
"Start" = 1
"ErrorControl" = 1
"Tag" = 1
"ImagePath" = system32\DRIVERS\netbios.sys -- [2004/08/12 01:00:00 | 000,034,560 | ---- | M] (Microsoft Corporation)
"DisplayName" = NetBIOS Interface
"Group" = NetBIOSGroup
"Description" = NetBIOS Interface
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage]
"LanaMap" = 01 04 01 00 01 01 00 02 00 03 [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters]
"MaxLana" = 4
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters\Winsock]
"HelperDllName" = %SystemRoot%\System32\wshnetbs.dll -- [2004/08/12 01:00:00 | 000,007,168 | ---- | M] (Microsoft Corporation)
"MaxSockAddrLength" = 20
"MinSockAddrLength" = 20
"Mapping" = 02 00 00 00 03 00 00 00 11 00 00 00 05 00 00 00 00 00 00 00 11 00 00 00 02 00 00 00 00 00 00 00 [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Security]
"Security" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Enum]
"0" = Root\LEGACY_NETBIOS\0000
"Count" = 1
"NextInstance" = 1
< C:\Windows\assembly\tmp\U\*.* /s > < %Temp%\smtmp\1\*.* > < %Temp%\smtmp\2\*.* > < %Temp%\smtmp\3\*.* > < %Temp%\smtmp\4\*.* > ========== Alternate Data Streams ========== @Alternate Data Stream - 1128 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:liGWwB5h7kCuDRpQBh3C
@Alternate Data Stream - 1106 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:gfHqqgPpEfepKrDFQb6fTInqdTZZ
< End of report >