[code] OTScanIt2 logfile created on: 2008-12-27 10:25:57 - Run 4 OTScanIt2 by OldTimer - Version 1.0.4.1 Folder = C:\Users\ADMIN\Desktop\Clean System\OTSCAN\OTScanIt2 Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000409 | Country: United States | Language: ENU | Date Format: yyyy-MM-dd 2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free 4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free Paging file location(s): c:\pagefile.sys 4603 4603; %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 149.05 Gb Total Space | 86.30 Gb Free Space | 57.90% Space Free | Partition Type: NTFS D: Drive not present or media not loaded Drive E: | 252.72 Mb Total Space | 109.66 Mb Free Space | 43.39% Space Free | Partition Type: FAT F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: VOYAGER Current User Name: ADMIN Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Whitelist: On File Age = 90 Days [Processes - Safe List] aluschedulersvc.exe -> %ProgramFiles%\Symantec\LiveUpdate\AluSchedulerSvc.exe -> [2008-02-09 18:06:33 | 00,238,968 | ---- | M] (Symantec Corporation) ashdisp.exe -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe -> [2008-11-26 11:18:51 | 00,081,000 | ---- | M] (ALWIL Software) ashmaisv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> [2008-11-26 11:18:32 | 00,254,040 | ---- | M] (ALWIL Software) ashserv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> [2008-11-26 11:18:46 | 00,155,160 | ---- | M] (ALWIL Software) ashwebsv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> [2008-11-26 11:16:23 | 00,352,920 | ---- | M] (ALWIL Software) aswupdsv.exe -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> [2008-11-26 11:12:08 | 00,018,752 | ---- | M] (ALWIL Software) cwsvc.exe -> %ProgramFiles%\ContentWatch\Internet Protection\cwsvc.exe -> [2007-10-17 09:42:26 | 01,223,168 | ---- | M] (ContentWatch, Inc.) dwm.exe -> %SystemRoot%\system32\Dwm.exe -> [2008-01-19 01:33:08 | 00,081,920 | ---- | M] (Microsoft Corporation) dwm.exe -> %SystemRoot%\system32\Dwm.exe -> [2008-01-19 01:33:08 | 00,081,920 | ---- | M] (Microsoft Corporation) lsm.exe -> %SystemRoot%\system32\lsm.exe -> [2008-01-19 01:33:14 | 00,229,888 | ---- | M] (Microsoft Corporation) lssrvc.exe -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> [2006-10-19 15:52:24 | 00,061,440 | ---- | M] (Hewlett-Packard Company) otscanit2.exe -> %UserProfile%\Desktop\Clean System\OTSCAN\OTScanIt2\OTScanIt2.exe -> [2008-12-26 14:49:54 | 00,476,672 | ---- | M] (OldTimer Tools) sdwinsec.exe -> %ProgramFiles%\Spybot - Search & Destroy\SDWinSec.exe -> [2008-07-07 08:42:02 | 00,809,296 | ---- | M] (Safer Networking Ltd.) searchindexer.exe -> %SystemRoot%\system32\SearchIndexer.exe -> [2008-05-26 23:18:43 | 00,439,808 | ---- | M] (Microsoft Corporation) slsvc.exe -> %SystemRoot%\system32\SLsvc.exe -> [2008-01-19 01:33:22 | 02,623,488 | ---- | M] (Microsoft Corporation) superantispyware.exe -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> [2008-12-04 13:50:00 | 01,809,648 | ---- | M] (SUPERAntiSpyware.com) taskeng.exe -> %SystemRoot%\system32\taskeng.exe -> [2008-01-19 01:33:32 | 00,169,472 | ---- | M] (Microsoft Corporation) taskeng.exe -> %SystemRoot%\system32\taskeng.exe -> [2008-01-19 01:33:32 | 00,169,472 | ---- | M] (Microsoft Corporation) taskeng.exe -> %SystemRoot%\system32\taskeng.exe -> [2008-01-19 01:33:32 | 00,169,472 | ---- | M] (Microsoft Corporation) unsecapp.exe -> %SystemRoot%\system32\wbem\unsecapp.exe -> [2008-01-19 01:33:33 | 00,037,888 | ---- | M] (Microsoft Corporation) unsecapp.exe -> %SystemRoot%\system32\wbem\unsecapp.exe -> [2008-01-19 01:33:33 | 00,037,888 | ---- | M] (Microsoft Corporation) wininit.exe -> %SystemRoot%\system32\wininit.exe -> [2008-01-19 01:33:37 | 00,096,768 | ---- | M] (Microsoft Corporation) wmiprvse.exe -> %SystemRoot%\system32\wbem\wmiprvse.exe -> [2008-01-19 01:33:39 | 00,245,248 | ---- | M] (Microsoft Corporation) wmpnscfg.exe -> %ProgramFiles%\Windows Media Player\wmpnscfg.exe -> [2008-01-19 01:33:39 | 00,202,240 | ---- | M] (Microsoft Corporation) wpcumi.exe -> %SystemRoot%\System32\wpcumi.exe -> [2006-11-02 06:35:35 | 00,176,128 | ---- | M] (Microsoft Corporation) wpcumi.exe -> %SystemRoot%\System32\wpcumi.exe -> [2006-11-02 06:35:35 | 00,176,128 | ---- | M] (Microsoft Corporation) wudfhost.exe -> %SystemRoot%\system32\WUDFHost.exe -> [2008-01-19 01:33:40 | 00,142,336 | ---- | M] (Microsoft Corporation) [Win32 Services - Safe List] (AeLookupSvc) Application Experience [Win32_Shared | Auto | Running] -> %SystemRoot%\System32\aelupsvc.dll -> [2006-11-02 03:46:02 | 00,024,576 | ---- | M] (Microsoft Corporation) (Appinfo) Application Information [Win32_Shared | On_Demand | Running] -> %SystemRoot%\System32\appinfo.dll -> [2008-01-19 01:33:43 | 00,033,280 | ---- | M] (Microsoft Corporation) (aswUpdSv) avast! iAVS4 Control Service [Win32_Own | Auto | Running] -> -> File not found (Automatic LiveUpdate Scheduler) Automatic LiveUpdate Scheduler [Win32_Own | Auto | Running] -> -> File not found (avast! Antivirus) avast! Antivirus [Win32_Own | Auto | Running] -> -> File not found (avast! Mail Scanner) avast! Mail Scanner [Win32_Own | On_Demand | Running] -> -> File not found (avast! Web Scanner) avast! Web Scanner [Win32_Own | On_Demand | Running] -> -> File not found (BFE) Base Filtering Engine [Win32_Shared | Auto | Running] -> %SystemRoot%\System32\BFE.DLL -> [2008-01-19 01:33:47 | 00,328,704 | ---- | M] (Microsoft Corporation) (BITS) Background Intelligent Transfer Service [Win32_Shared | Auto | Running] -> -> File not found (CertPropSvc) Certificate Propagation [Win32_Shared | Unknown | Running] -> %SystemRoot%\System32\certprop.dll -> [2008-01-19 01:33:51 | 00,040,448 | ---- | M] (Microsoft Corporation) (clr_optimization_v2.0.50727_32) Microsoft .NET Framework NGEN v2.0.50727_X86 [Win32_Own | On_Demand | Stopped] -> -> File not found (COMSysApp) COM+ System Application [Win32_Own | On_Demand | Stopped] -> -> File not found (CwAltaService20) ContentWatch [Win32_Own | Auto | Running] -> -> File not found (DcomLaunch) DCOM Server Process Launcher [Win32_Shared | Unknown | Running] -> -> File not found (DFSR) DFS Replication [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\System32\dfsr.exe -> [2008-01-19 01:33:06 | 02,091,520 | ---- | M] (Microsoft Corporation) (DPS) Diagnostic Policy Service [Win32_Shared | Unknown | Running] -> %SystemRoot%\System32\dps.dll -> [2008-01-19 01:34:06 | 00,134,656 | ---- | M] (Microsoft Corporation) (EapHost) Extensible Authentication Protocol [Win32_Shared | On_Demand | Running] -> %SystemRoot%\System32\eaphost.tmf -> [2008-01-18 23:58:17 | 00,206,830 | ---- | M] () (ehstart) Windows Media Center Service Launcher [Win32_Shared | Auto | Stopped] -> %SystemRoot%\ehome\ehstart.dll -> [2006-11-02 06:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) (EMDMgmt) ReadyBoost [Win32_Shared | Auto | Running] -> %SystemRoot%\System32\emdmgmt.dll -> [2008-06-25 21:29:02 | 00,565,248 | ---- | M] (Microsoft Corporation) (Eventlog) Windows Event Log [Win32_Shared | Auto | Running] -> -> File not found (fdPHost) Function Discovery Provider Host [Win32_Shared | On_Demand | Running] -> %SystemRoot%\System32\fdPHost.dll -> [2008-01-19 01:34:21 | 00,013,312 | ---- | M] (Microsoft Corporation) (FDResPub) Function Discovery Resource Publication [Win32_Shared | Auto | Running] -> %SystemRoot%\System32\FDResPub.dll -> [2006-11-02 03:46:04 | 00,027,648 | ---- | M] (Microsoft Corporation) (FontCache3.0.0.0) Windows Presentation Foundation Font Cache 3.0.0.0 [Win32_Own | On_Demand | Stopped] -> -> File not found (gpsvc) Group Policy Client [Win32_Shared | Unknown | Running] -> %SystemRoot%\System32\gpsvc.dll -> [2008-01-19 01:34:25 | 00,574,464 | ---- | M] (Microsoft Corporation) (hkmsvc) Health Key and Certificate Management [Win32_Shared | On_Demand | Stopped] -> -> File not found (IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> -> File not found (idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> -> File not found (IKEEXT) IKE and AuthIP IPsec Keying Modules [Win32_Shared | Auto | Running] -> %SystemRoot%\System32\IKEEXT.DLL -> [2008-01-19 01:34:32 | 00,438,272 | ---- | M] (Microsoft Corporation) (IPBusEnum) PnP-X IP Bus Enumerator [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\System32\IPBusEnum.dll -> [2008-01-19 01:34:34 | 00,074,240 | ---- | M] (Microsoft Corporation) (iphlpsvc) IP Helper [Win32_Shared | Auto | Running] -> %SystemRoot%\System32\iphlpsvc.dll -> [2008-01-19 01:34:34 | 00,188,416 | ---- | M] (Microsoft Corporation) (KeyIso) CNG Key Isolation [Win32_Shared | On_Demand | Running] -> %SystemRoot%\System32\keyiso.dll -> [2006-11-02 03:46:05 | 00,018,944 | ---- | M] (Microsoft Corporation) (KtmRm) KtmRm for Distributed Transaction Coordinator [Win32_Shared | Auto | Running] -> %SystemRoot%\System32\msdtckrm.dll -> [2008-01-19 01:34:56 | 00,344,576 | ---- | M] (Microsoft Corporation) (LightScribeService) LightScribeService Direct Disc Labeling Service [Win32_Own | Auto | Running] -> -> File not found (LiveUpdate) LiveUpdate [Win32_Shared | On_Demand | Stopped] -> -> File not found (lltdsvc) Link-Layer Topology Discovery Mapper [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\System32\lltdsvc.dll -> [2008-01-19 01:34:42 | 00,188,928 | ---- | M] (Microsoft Corporation) (Mcx2Svc) Windows Media Center Extender Service [Win32_Shared | Disabled | Stopped] -> %SystemRoot%\System32\Mcx2Svc.dll -> [2008-01-19 01:34:44 | 00,053,760 | ---- | M] (Microsoft Corporation) (MMCSS) Multimedia Class Scheduler [Win32_Shared | Auto | Running] -> %SystemRoot%\System32\mmcss.dll -> [2008-01-19 01:34:49 | 00,045,056 | ---- | M] (Microsoft Corporation) (MpsSvc) Windows Firewall [Win32_Shared | Auto | Running] -> %SystemRoot%\System32\MPSSVC.dll -> [2008-01-19 01:34:53 | 00,393,216 | ---- | M] (Microsoft Corporation) (MSDTC) Distributed Transaction Coordinator [Win32_Own | Unknown | Stopped] -> %SystemRoot%\System32\Msdtc -> [2006-11-02 07:04:14 | 00,000,000 | ---D | M] (MSiSCSI) Microsoft iSCSI Initiator Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\System32\iscsiexe.dll -> [2008-01-19 01:34:35 | 00,111,616 | ---- | M] (Microsoft Corporation) (msiserver) Windows Installer [Win32_Own | On_Demand | Stopped] -> -> File not found (napagent) Network Access Protection Agent [Win32_Shared | On_Demand | Stopped] -> -> File not found (Netlogon) Netlogon [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\System32\netlogon.dll -> [2008-01-19 01:35:36 | 00,592,384 | ---- | M] (Microsoft Corporation) (netprofm) Network List Service [Win32_Shared | Auto | Running] -> %SystemRoot%\System32\netprofm.dll -> [2008-01-19 01:35:36 | 00,237,056 | ---- | M] (Microsoft Corporation) (NetTcpPortSharing) Net.Tcp Port Sharing Service [Win32_Shared | On_Demand | Stopped] -> -> File not found (NlaSvc) Network Location Awareness [Win32_Shared | Auto | Running] -> %SystemRoot%\System32\nlasvc.dll -> [2008-01-19 01:35:38 | 00,168,448 | ---- | M] (Microsoft Corporation) (nsi) Network Store Interface Service [Win32_Shared | Auto | Running] -> %SystemRoot%\System32\nsisvc.dll -> [2008-01-19 01:35:57 | 00,018,432 | ---- | M] (Microsoft Corporation) (p2pimsvc) Peer Networking Identity Manager [Win32_Shared | On_Demand | Stopped] -> -> File not found (p2psvc) Peer Networking Grouping [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\System32\p2psvc.dll -> [2008-01-19 01:36:09 | 00,658,944 | ---- | M] (Microsoft Corporation) (PcaSvc) Program Compatibility Assistant Service [Win32_Shared | Auto | Running] -> %SystemRoot%\System32\pcasvc.dll -> [2008-01-19 01:36:03 | 00,037,888 | ---- | M] (Microsoft Corporation) (pla) Performance Logs & Alerts [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\System32\pla.dll -> [2008-01-19 01:36:06 | 01,502,208 | ---- | M] (Microsoft Corporation) (PlugPlay) Plug and Play [Win32_Shared | Auto | Running] -> %SystemRoot%\System32\umpnpmgr.dll -> [2008-01-19 01:36:45 | 00,221,696 | ---- | M] (Microsoft Corporation) (PNRPAutoReg) PNRP Machine Name Publication Service [Win32_Shared | On_Demand | Stopped] -> -> File not found (PNRPsvc) Peer Name Resolution Protocol [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\System32\p2psvc.dll -> [2008-01-19 01:36:09 | 00,658,944 | ---- | M] (Microsoft Corporation) (PolicyAgent) IPsec Policy Agent [Win32_Shared | Auto | Running] -> %SystemRoot%\System32\IPSECSVC.DLL -> [2008-06-18 21:31:48 | 00,361,984 | ---- | M] (Microsoft Corporation) (ProfSvc) User Profile Service [Win32_Shared | Auto | Running] -> %SystemRoot%\System32\profsvc.dll -> [2008-01-19 01:36:11 | 00,153,600 | ---- | M] (Microsoft Corporation) (ProtectedStorage) Protected Storage [Win32_Shared | On_Demand | Stopped] -> -> File not found (QWAVE) Quality Windows Audio Video Experience [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\System32\qwave.dll -> [2008-01-19 01:36:14 | 00,243,712 | ---- | M] (Microsoft Corporation) (RpcLocator) Remote Procedure Call (RPC) Locator [Win32_Own | On_Demand | Stopped] -> -> File not found (SamSs) Security Accounts Manager [Win32_Shared | Auto | Running] -> -> File not found (SBSDWSCService) SBSD Security Center Service [Win32_Own | Auto | Running] -> -> File not found (SCardSvr) Smart Card [Win32_Shared | Unknown | Stopped] -> %SystemRoot%\System32\SCardSvr.dll -> [2008-01-19 01:36:19 | 00,095,232 | ---- | M] (Microsoft Corporation) (SCPolicySvc) Smart Card Removal Policy [Win32_Shared | Unknown | Stopped] -> %SystemRoot%\System32\certprop.dll -> [2008-01-19 01:33:51 | 00,040,448 | ---- | M] (Microsoft Corporation) (SDRSVC) Windows Backup [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\System32\sdrsvc.dll -> [2008-01-19 01:36:20 | 00,104,960 | ---- | M] (Microsoft Corporation) (SessionEnv) Terminal Services Configuration [Win32_Shared | On_Demand | Running] -> %SystemRoot%\System32\SessEnv.dll -> [2008-01-19 01:36:21 | 00,084,992 | ---- | M] (Microsoft Corporation) (slsvc) Software Licensing [Win32_Own | Auto | Running] -> %SystemRoot%\System32\SLsvc.exe -> [2008-01-19 01:33:22 | 02,623,488 | ---- | M] (Microsoft Corporation) (SLUINotify) SL UI Notification Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\System32\SLUINotify.dll -> [2008-01-19 01:36:30 | 00,057,856 | ---- | M] (Microsoft Corporation) (SNMPTRAP) SNMP Trap [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\System32\snmptrap.exe -> [2006-11-02 03:45:46 | 00,012,800 | ---- | M] (Microsoft Corporation) (Spooler) Print Spooler [Win32_Own | Auto | Running] -> -> File not found (SstpSvc) Secure Socket Tunneling Protocol Service [Win32_Shared | On_Demand | Running] -> %SystemRoot%\System32\sstpsvc.dll -> [2008-01-19 01:36:36 | 00,116,736 | ---- | M] (Microsoft Corporation) (stisvc) Windows Image Acquisition (WIA) [Win32_Own | Auto | Running] -> -> File not found (stllssvr) stllssvr [Win32_Own | On_Demand | Stopped] -> -> File not found (swprv) Microsoft Software Shadow Copy Provider [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\System32\swprv.dll -> [2008-01-19 01:36:37 | 00,310,784 | ---- | M] (Microsoft Corporation) (SysMain) Superfetch [Win32_Shared | Auto | Running] -> %SystemRoot%\System32\sysmain.dll -> [2008-01-19 01:36:38 | 00,574,976 | ---- | M] (Microsoft Corporation) (TabletInputService) Tablet PC Input Service [Win32_Shared | Auto | Running] -> %SystemRoot%\System32\TabSvc.dll -> [2006-11-02 06:35:24 | 00,068,096 | ---- | M] (Microsoft Corporation) (TBS) TPM Base Services [Win32_Shared | Auto | Stopped] -> %SystemRoot%\System32\tbs.dll -> [2008-01-19 01:36:39 | 00,011,776 | ---- | M] (Microsoft Corporation) (THREADORDER) Thread Ordering Server [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\System32\mmcss.dll -> [2008-01-19 01:34:49 | 00,045,056 | ---- | M] (Microsoft Corporation) (UI0Detect) Interactive Services Detection [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\System32\UI0Detect.exe -> [2008-01-19 01:33:33 | 00,035,840 | ---- | M] (Microsoft Corporation) (UxSms) Desktop Window Manager Session Manager [Win32_Shared | Auto | Running] -> %SystemRoot%\System32\uxsms.dll -> [2008-01-19 01:36:47 | 00,028,672 | ---- | M] (Microsoft Corporation) (vds) Virtual Disk [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\System32\vds.exe -> [2008-01-19 01:33:33 | 00,382,976 | ---- | M] (Microsoft Corporation) (VSS) Volume Shadow Copy [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\System32\wbem\vss.mof -> [2006-11-02 00:35:15 | 00,055,846 | ---- | M] () (wcncsvc) Windows Connect Now - Config Registrar [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\System32\wcncsvc.dll -> [2008-01-19 01:36:49 | 00,412,672 | ---- | M] (Microsoft Corporation) (WcsPlugInService) Windows Color System [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\System32\WcsPlugInService.dll -> [2006-11-02 03:46:13 | 00,032,256 | ---- | M] (Microsoft Corporation) (WdiServiceHost) Diagnostic Service Host [Win32_Shared | Unknown | Stopped] -> -> File not found (WdiSystemHost) Diagnostic System Host [Win32_Shared | Unknown | Running] -> -> File not found (Wecsvc) Windows Event Collector [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\System32\wecsvc.dll -> [2008-01-19 01:36:52 | 00,145,408 | ---- | M] (Microsoft Corporation) (wercplsupport) Problem Reports and Solutions Control Panel Support [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\System32\wercplsupport.dll -> [2008-01-19 01:36:52 | 00,062,976 | ---- | M] (Microsoft Corporation) (WerSvc) Windows Error Reporting Service [Win32_Shared | Auto | Running] -> %SystemRoot%\System32\wersvc.dll -> [2008-09-17 22:56:07 | 00,125,952 | ---- | M] (Microsoft Corporation) (WinDefend) Windows Defender [Win32_Shared | Auto | Stopped] -> %ProgramFiles%\Windows Defender\MpSvc.dll -> [2008-01-19 01:38:24 | 00,272,952 | ---- | M] (Microsoft Corporation) (WinHttpAutoProxySvc) WinHTTP Web Proxy Auto-Discovery Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\System32\winhttp.dll -> [2008-01-19 01:36:55 | 00,376,832 | ---- | M] (Microsoft Corporation) (WinRM) Windows Remote Management (WS-Management) [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\System32\WsmSvc.dll -> [2008-01-19 01:37:11 | 00,745,472 | ---- | M] (Microsoft Corporation) (Wlansvc) WLAN AutoConfig [Win32_Shared | Auto | Running] -> %SystemRoot%\System32\wlansvc.dll -> [2008-01-19 01:36:57 | 00,513,536 | ---- | M] (Microsoft Corporation) (WMPNetworkSvc) Windows Media Player Network Sharing Service [Win32_Own | On_Demand | Stopped] -> -> File not found (WPCSvc) Parental Controls [Win32_Shared | Auto | Running] -> %SystemRoot%\System32\wpcsvc.dll -> [2008-01-19 01:37:08 | 00,140,288 | ---- | M] (Microsoft Corporation) (WPDBusEnum) Portable Device Enumerator Service [Win32_Shared | Auto | Running] -> %SystemRoot%\System32\wpdbusenum.dll -> [2008-01-19 01:37:08 | 00,070,144 | ---- | M] (Microsoft Corporation) (WSearch) Windows Search [Win32_Own | Auto | Running] -> -> File not found (wuauserv) Windows Update [Win32_Shared | Auto | Running] -> %SystemRoot%\System32\wuaueng.dll -> [2008-10-16 15:13:38 | 01,809,944 | ---- | M] (Microsoft Corporation) (wudfsvc) Windows Driver Foundation - User-mode Driver Framework [Win32_Shared | Auto | Running] -> %SystemRoot%\System32\WUDFSvc.dll -> [2008-01-19 01:37:12 | 00,055,296 | ---- | M] (Microsoft Corporation) [Driver Services - Safe List] (adp94xx) adp94xx [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\adp94xx.sys -> [2006-11-02 03:51:38 | 00,420,968 | ---- | M] (Adaptec, Inc.) (adpahci) adpahci [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\adpahci.sys -> [2006-11-02 03:51:32 | 00,297,576 | ---- | M] (Adaptec, Inc.) (adpu160m) adpu160m [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\adpu160m.sys -> [2006-11-02 03:50:35 | 00,098,408 | ---- | M] (Adaptec, Inc.) (adpu320) adpu320 [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\adpu320.sys -> [2006-11-02 03:51:00 | 00,147,048 | ---- | M] (Adaptec, Inc.) (aic78xx) aic78xx [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\djsvs.sys -> [2006-11-02 03:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) (aliide) aliide [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\aliide.sys -> [2006-11-02 03:49:20 | 00,014,952 | ---- | M] (Acer Laboratories Inc.) (amdagp) AMD AGP Bus Filter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\AMDAGP.SYS -> [2006-11-02 03:49:59 | 00,054,888 | ---- | M] (Microsoft Corporation) (amdide) amdide [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\amdide.sys -> [2006-11-02 03:49:26 | 00,015,464 | ---- | M] (Microsoft Corporation) (AmdK7) AMD K7 Processor Driver [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\amdk7.sys -> [2006-11-02 02:30:18 | 00,038,912 | ---- | M] (Microsoft Corporation) (AmdK8) AMD K8 Processor Driver [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\amdk8.sys -> [2008-01-18 23:27:20 | 00,044,032 | ---- | M] (Microsoft Corporation) (arc) arc [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\arc.sys -> [2006-11-02 03:50:09 | 00,067,688 | ---- | M] (Adaptec, Inc.) (arcsas) arcsas [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\arcsas.sys -> [2006-11-02 03:50:10 | 00,067,688 | ---- | M] (Adaptec, Inc.) (aswFsBlk) aswFsBlk [File_System | Auto | Running] -> %SystemRoot%\System32\drivers\aswFsBlk.sys -> [2008-11-26 11:17:25 | 00,020,560 | ---- | M] (ALWIL Software) (aswMonFlt) aswMonFlt [File_System | Auto | Running] -> %SystemRoot%\System32\drivers\aswMonFlt.sys -> [2008-11-26 11:17:15 | 00,051,792 | ---- | M] (ALWIL Software) (aswRdr) aswRdr [Kernel | System | Running] -> %SystemRoot%\System32\drivers\aswRdr.sys -> [2008-11-26 11:16:29 | 00,023,152 | ---- | M] (ALWIL Software) (aswSP) avast! Self Protection [Kernel | System | Running] -> %SystemRoot%\System32\drivers\aswSP.sys -> [2008-11-26 11:17:36 | 00,111,184 | ---- | M] (ALWIL Software) (aswTdi) avast! Network Shield Support [Kernel | System | Running] -> %SystemRoot%\System32\drivers\aswTdi.sys -> [2008-11-26 11:16:38 | 00,050,864 | ---- | M] (ALWIL Software) (athr) Atheros Extensible Wireless LAN device driver [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\athr.sys -> [2008-05-07 08:55:22 | 00,767,488 | ---- | M] (Atheros Communications, Inc.) (bowser) bowser [File_System | On_Demand | Running] -> %SystemRoot%\System32\drivers\bowser.sys -> [2008-01-18 23:28:26 | 00,069,632 | ---- | M] (Microsoft Corporation) (BrFiltLo) Brother USB Mass-Storage Lower Filter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\BrFiltLo.sys -> [2006-11-02 02:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) (BrFiltUp) Brother USB Mass-Storage Upper Filter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\BrFiltUp.sys -> [2006-11-02 02:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) (Brserid) Brother MFC Serial Port Interface Driver (WDM) [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\BrSerId.sys -> [2006-11-02 02:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) (BrSerWdm) Brother WDM Serial driver [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\BrSerWdm.sys -> [2006-11-02 02:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) (BrUsbMdm) Brother MFC USB Fax Only Modem [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\BrUsbMdm.sys -> [2006-11-02 02:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) (BrUsbSer) Brother MFC USB Serial WDM Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\BrUsbSer.sys -> [2006-11-02 02:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) (BTHMODEM) Bluetooth Serial Communications Driver [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\bthmodem.sys -> [2006-11-02 02:55:23 | 00,039,936 | ---- | M] (Microsoft Corporation) (circlass) Consumer IR Devices [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\circlass.sys -> [2006-11-02 02:55:08 | 00,035,328 | ---- | M] (Microsoft Corporation) (CLFS) Common Log (CLFS) [Kernel | Unknown | Running] -> %SystemRoot%\System32\clfs.sys -> [2008-01-19 01:42:58 | 00,247,352 | ---- | M] (Microsoft Corporation) (cmdide) cmdide [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\cmdide.sys -> [2006-11-02 03:49:28 | 00,016,488 | ---- | M] (CMD Technology, Inc.) (crcdisk) Crcdisk Filter Driver [Kernel | Boot | Running] -> %SystemRoot%\System32\drivers\crcdisk.sys -> [2006-11-02 03:49:43 | 00,022,632 | ---- | M] (Microsoft Corporation) (Crusoe) Transmeta Crusoe Processor Driver [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\crusoe.sys -> [2006-11-02 02:30:18 | 00,038,912 | ---- | M] (Microsoft Corporation) (DfsC) DFS Namespace Client Driver [File_System | System | Running] -> %SystemRoot%\System32\drivers\dfsc.sys -> [2008-01-18 23:28:20 | 00,075,264 | ---- | M] (Microsoft Corporation) (DXGKrnl) LDDM Graphics Subsystem [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\dxgkrnl.sys -> [2008-08-01 19:01:23 | 00,625,152 | ---- | M] (Microsoft Corporation) (E1G60) Intel(R) PRO/1000 NDIS 6 Adapter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\E1G60I32.sys -> [2006-11-02 01:30:54 | 00,117,760 | ---- | M] (Intel Corporation) (EagleNT) EagleNT [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\EagleNt.sys -> [2008-05-13 14:45:11 | 00,448,384 | ---- | M] (AhnLab, Inc.) (Ecache) ReadyBoost Caching Driver [Kernel | Boot | Running] -> %SystemRoot%\System32\drivers\ecache.sys -> [2008-01-19 01:42:11 | 00,143,416 | ---- | M] (Microsoft Corporation) (elxstor) elxstor [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\elxstor.sys -> [2006-11-02 03:51:34 | 00,316,520 | ---- | M] (Emulex) (exfat) exFAT File System Driver [File_System | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\exfat.sys -> [2008-01-18 23:28:01 | 00,136,192 | ---- | M] (Microsoft Corporation) (FileInfo) File Information FS MiniFilter [File_System | Boot | Running] -> %SystemRoot%\System32\drivers\fileinfo.sys -> [2008-01-19 01:42:31 | 00,058,936 | ---- | M] (Microsoft Corporation) (Filetrace) Filetrace [File_System | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\filetrace.sys -> [2008-01-18 23:30:23 | 00,027,648 | ---- | M] (Microsoft Corporation) (gagp30kx) Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\GAGP30KX.SYS -> [2006-11-02 03:50:04 | 00,058,984 | ---- | M] (Microsoft Corporation) (HdAudAddService) Microsoft 1.1 UAA Function Driver for High Definition Audio Service [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\HdAudio.sys -> [2006-11-02 01:36:49 | 00,235,520 | ---- | M] (Microsoft Corporation) (HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\hdaudbus.sys -> [2008-01-18 22:30:49 | 00,053,760 | ---- | M] (Microsoft Corporation) (HidBth) Microsoft Bluetooth HID Miniport [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\hidbth.sys -> [2006-11-02 02:55:22 | 00,029,184 | ---- | M] (Microsoft Corporation) (HidIr) Microsoft Infrared HID Driver [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\hidir.sys -> [2006-11-02 02:55:01 | 00,021,504 | ---- | M] (Microsoft Corporation) (HpCISSs) HpCISSs [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\HpCISSs.sys -> [2006-11-02 03:50:10 | 00,037,480 | ---- | M] (Hewlett-Packard Company) (iaStorV) Intel RAID Controller Vista [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\iaStorV.sys -> [2006-11-02 03:51:25 | 00,232,040 | ---- | M] (Intel Corporation) (iirsp) iirsp [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\iirsp.sys -> [2006-11-02 03:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) (IntcAzAudAddService) Service for Realtek HD Audio (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\RTKVHDA.sys -> [2007-10-25 05:26:10 | 02,015,192 | ---- | M] (Realtek Semiconductor Corp.) (IPMIDRV) IPMIDRV [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\IPMIDrv.sys -> [2006-11-02 02:42:03 | 00,065,536 | ---- | M] (Microsoft Corporation) (iScsiPrt) iScsiPort Driver [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\msiscsi.sys -> [2008-01-19 01:42:35 | 00,181,304 | ---- | M] (Microsoft Corporation) (iteatapi) ITEATAPI_Service_Install [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\iteatapi.sys -> [2006-11-02 03:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) (iteraid) ITERAID_Service_Install [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\iteraid.sys -> [2006-11-02 03:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) (kbdhid) Keyboard HID Driver [Kernel | System | Stopped] -> %SystemRoot%\System32\drivers\kbdhid.sys -> [2008-01-18 23:49:17 | 00,015,872 | ---- | M] (Microsoft Corporation) (lltdio) Link-Layer Topology Discovery Mapper I/O Driver [Kernel | Auto | Running] -> %SystemRoot%\System32\drivers\lltdio.sys -> [2008-01-18 23:55:03 | 00,047,104 | ---- | M] (Microsoft Corporation) (LSI_FC) LSI_FC [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\lsi_fc.sys -> [2006-11-02 03:50:04 | 00,065,640 | ---- | M] (LSI Logic) (LSI_SAS) LSI_SAS [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\lsi_sas.sys -> [2006-11-02 03:50:05 | 00,065,640 | ---- | M] (LSI Logic) (LSI_SCSI) LSI_SCSI [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\lsi_scsi.sys -> [2006-11-02 03:50:10 | 00,065,640 | ---- | M] (LSI Logic) (luafv) UAC File Virtualization [File_System | Auto | Running] -> %SystemRoot%\System32\drivers\luafv.sys -> [2008-01-18 23:30:36 | 00,084,480 | ---- | M] (Microsoft Corporation) (megasas) megasas [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\megasas.sys -> [2006-11-02 03:49:53 | 00,028,776 | ---- | M] (LSI Logic Corporation) (monitor) Microsoft Monitor Class Function Driver Service [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\monitor.sys -> [2008-01-18 23:52:19 | 00,041,984 | ---- | M] (Microsoft Corporation) (mpio) Microsoft Multi-Path Bus Driver [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\mpio.sys -> [2006-11-02 03:50:16 | 00,078,952 | ---- | M] (Microsoft Corporation) (mpsdrv) Windows Firewall Authorization Driver [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\mpsdrv.sys -> [2008-01-18 23:54:46 | 00,064,000 | ---- | M] (Microsoft Corporation) (Mraid35x) Mraid35x [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\Mraid35x.sys -> [2006-11-02 03:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) (mrxsmb10) SMB 1.x MiniRedirector [File_System | On_Demand | Running] -> %SystemRoot%\System32\drivers\mrxsmb10.sys -> [2008-08-26 19:05:41 | 00,212,480 | ---- | M] (Microsoft Corporation) (mrxsmb20) SMB 2.0 MiniRedirector [File_System | On_Demand | Running] -> %SystemRoot%\System32\drivers\mrxsmb20.sys -> [2008-01-18 23:28:37 | 00,078,848 | ---- | M] (Microsoft Corporation) (msahci) msahci [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\msahci.sys -> [2006-11-02 03:49:44 | 00,023,144 | ---- | M] (Microsoft Corporation) (msdsm) Microsoft Multi-Path Device Specific Module [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\msdsm.sys -> [2006-11-02 03:50:17 | 00,080,488 | ---- | M] (Microsoft Corporation) (msisadrv) ISA/EISA Class Driver [Kernel | Boot | Running] -> %SystemRoot%\System32\drivers\msisadrv.sys -> [2008-01-19 01:41:14 | 00,016,440 | ---- | M] (Microsoft Corporation) (MsRPC) MsRPC [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\msrpc.sys -> [2008-01-19 01:42:29 | 00,163,384 | ---- | M] (Microsoft Corporation) (NativeWifiP) NativeWiFi Filter [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\nwifi.sys -> [2008-05-19 20:07:31 | 00,148,480 | ---- | M] (Microsoft Corporation) (nfrd960) nfrd960 [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\nfrd960.sys -> [2006-11-02 03:50:19 | 00,045,160 | ---- | M] (IBM Corporation) (nsiproxy) NSI proxy service [Kernel | System | Running] -> %SystemRoot%\System32\drivers\nsiproxy.sys -> [2008-01-18 23:55:50 | 00,016,384 | ---- | M] (Microsoft Corporation) (ntrigdigi) N-trig HID Tablet Driver [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\ntrigdigi.sys -> [2006-11-02 01:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) (NVENETFD) NVIDIA nForce Networking Controller Driver [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\nvmfdx32.sys -> [2007-05-04 01:29:10 | 01,065,384 | ---- | M] (NVIDIA Corporation) (nvlddmkm) nvlddmkm [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\nvlddmkm.sys -> [2007-11-06 19:00:00 | 08,230,496 | ---- | M] (NVIDIA Corporation) (nvraid) NVIDIA nForce RAID Driver [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\nvraid.sys -> [2006-12-11 12:34:28 | 00,129,320 | ---- | M] (NVIDIA Corporation) (nvstor) nvstor [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\nvstor.sys -> [2006-11-02 03:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) (nvstor32) nvstor32 [Kernel | Boot | Running] -> %SystemRoot%\System32\drivers\nvstor32.sys -> [2007-10-26 18:51:24 | 00,110,624 | ---- | M] (NVIDIA Corporation) (nv_agp) NVIDIA nForce AGP Bus Filter [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\NV_AGP.SYS -> [2006-11-02 03:50:40 | 00,106,600 | ---- | M] (Microsoft Corporation) (PEAUTH) PEAUTH [Kernel | Auto | Running] -> %SystemRoot%\System32\drivers\PEAuth.sys -> [2006-11-02 03:04:35 | 00,878,080 | ---- | M] (Microsoft Corporation) (pelmouse) Mouse Suite Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\PELMOUSE.SYS -> [2007-04-17 19:08:44 | 00,018,944 | ---- | M] (Primax Electronics Ltd.) (pelusblf) USB Mouse Low Filter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\pelusblf.sys -> [2007-04-11 16:08:08 | 00,017,920 | ---- | M] (Primax Electronics Ltd.) (PSched) QoS Packet Scheduler [Kernel | System | Running] -> %SystemRoot%\System32\drivers\pacer.sys -> [2008-04-04 19:21:42 | 00,072,192 | ---- | M] (Microsoft Corporation) (ql2300) QLogic Fibre Channel Miniport Driver [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\ql2300.sys -> [2006-11-02 03:51:45 | 00,900,712 | ---- | M] (QLogic Corporation) (ql40xx) QLogic iSCSI Miniport Driver [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\ql40xx.sys -> [2006-11-02 03:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) (QWAVEdrv) QWAVE driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\qwavedrv.sys -> [2008-01-18 23:56:07 | 00,031,232 | ---- | M] (Microsoft Corporation) (RasSstp) WAN Miniport (SSTP) [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\rassstp.sys -> [2008-01-18 23:56:43 | 00,069,120 | ---- | M] (Microsoft Corporation) (RDPENCDD) RDP Encoder Mirror Driver [Kernel | System | Running] -> %SystemRoot%\System32\drivers\RDPENCDD.sys -> [2008-01-19 00:01:09 | 00,006,144 | ---- | M] (Microsoft Corporation) (rspndr) Link-Layer Topology Discovery Responder [Kernel | Auto | Running] -> %SystemRoot%\System32\drivers\rspndr.sys -> [2008-01-18 23:55:03 | 00,060,416 | ---- | M] (Microsoft Corporation) (SASDIFSV) SASDIFSV [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\sasdifsv.sys -> [2008-12-04 13:50:04 | 00,008,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) (SASENUM) SASENUM [Kernel | On_Demand | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASENUM.SYS -> [2008-12-04 13:50:06 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) (SASKUTIL) SASKUTIL [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASKUTIL.SYS -> [2008-12-04 13:50:02 | 00,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) (sbp2port) SBP-2 Transport/Protocol Bus Driver [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\sbp2port.sys -> [2006-11-02 03:50:16 | 00,076,392 | ---- | M] (Microsoft Corporation) (secdrv) Security Driver [Kernel | Auto | Running] -> %SystemRoot%\System32\drivers\secdrv.sys -> [2006-11-02 00:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) (sermouse) Serial Mouse Driver [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\sermouse.sys -> [2008-01-18 23:49:16 | 00,019,968 | ---- | M] (Microsoft Corporation) (sffdisk) SFF Storage Class Driver [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\sffdisk.sys -> [2006-11-02 02:51:38 | 00,013,312 | ---- | M] (Microsoft Corporation) (sffp_mmc) SFF Storage Protocol Driver for MMC [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\sffp_mmc.sys -> [2006-11-02 02:51:40 | 00,012,800 | ---- | M] (Microsoft Corporation) (sffp_sd) SFF Storage Protocol Driver for SDBus [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\sffp_sd.sys -> [2006-11-02 02:51:40 | 00,012,800 | ---- | M] (Microsoft Corporation) (sisagp) SIS AGP Bus Filter [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\SISAGP.SYS -> [2006-11-02 03:49:51 | 00,053,352 | ---- | M] (Microsoft Corporation) (SiSRaid2) SiSRaid2 [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\sisraid2.sys -> [2006-11-02 03:50:10 | 00,038,504 | ---- | M] (Silicon Integrated Systems Corp.) (SiSRaid4) SiSRaid4 [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\sisraid4.sys -> [2006-11-02 03:50:16 | 00,071,784 | ---- | M] (Silicon Integrated Systems) (Smb) Message-oriented TCP/IP and TCP/IPv6 Protocol (SMB session) [Kernel | System | Running] -> %SystemRoot%\System32\drivers\smb.sys -> [2008-01-18 23:55:27 | 00,066,560 | ---- | M] (Microsoft Corporation) (spldr) Security Processor Loader Driver [Kernel | Boot | Running] -> %SystemRoot%\System32\drivers\spldr.sys -> [2008-01-19 01:41:30 | 00,021,048 | ---- | M] (Microsoft Corporation) (srv2) srv2 [File_System | On_Demand | Running] -> %SystemRoot%\System32\drivers\srv2.sys -> [2008-01-18 23:29:15 | 00,144,384 | ---- | M] (Microsoft Corporation) (srvnet) srvnet [File_System | On_Demand | Running] -> %SystemRoot%\System32\drivers\srvnet.sys -> [2008-01-18 23:29:12 | 00,098,304 | ---- | M] (Microsoft Corporation) (Symc8xx) Symc8xx [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\symc8xx.sys -> [2006-11-02 03:50:05 | 00,035,944 | ---- | M] (LSI Logic) (Sym_hi) Sym_hi [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\sym_hi.sys -> [2006-11-02 03:49:56 | 00,031,848 | ---- | M] (LSI Logic) (Sym_u3) Sym_u3 [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\sym_u3.sys -> [2006-11-02 03:50:03 | 00,034,920 | ---- | M] (LSI Logic) (tcpipreg) TCP/IP Registry Compatibility [Kernel | Auto | Running] -> %SystemRoot%\System32\drivers\tcpipreg.sys -> [2008-01-18 23:56:07 | 00,030,208 | ---- | M] (Microsoft Corporation) (tdx) NetIO Legacy TDI Support Driver [Kernel | System | Running] -> %SystemRoot%\System32\drivers\tdx.sys -> [2008-01-18 23:55:58 | 00,071,680 | ---- | M] (Microsoft Corporation) (tssecsrv) Terminal Services Security Filter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\tssecsrv.sys -> [2008-01-19 00:01:15 | 00,023,552 | ---- | M] (Microsoft Corporation) (tunmp) Microsoft Tun Miniport Adapter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\TUNMP.SYS -> [2008-01-18 23:55:41 | 00,015,360 | ---- | M] (Microsoft Corporation) (tunnel) Microsoft IPv6 Tunnel Miniport Adapter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\tunnel.sys -> [2008-01-18 23:55:50 | 00,023,040 | ---- | M] (Microsoft Corporation) (uagp35) Microsoft AGPv3.5 Filter [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\UAGP35.SYS -> [2006-11-02 03:49:59 | 00,056,936 | ---- | M] (Microsoft Corporation) (uliagpkx) Uli AGP Bus Filter [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\ULIAGPKX.SYS -> [2006-11-02 03:50:04 | 00,058,472 | ---- | M] (Microsoft Corporation) (uliahci) uliahci [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\uliahci.sys -> [2006-11-02 03:51:25 | 00,235,112 | ---- | M] (ULi Electronics Inc.) (UlSata) UlSata [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\ulsata.sys -> [2006-11-02 03:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) (ulsata2) ulsata2 [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\ulsata2.sys -> [2006-11-02 03:50:45 | 00,115,816 | ---- | M] (Promise Technology, Inc.) (umbus) UMBus Enumerator Driver [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\umbus.sys -> [2008-01-18 23:53:40 | 00,034,816 | ---- | M] (Microsoft Corporation) (usbcir) eHome Infrared Receiver (USBCIR) [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\usbcir.sys -> [2006-11-02 02:55:09 | 00,068,608 | ---- | M] (Microsoft Corporation) (vga) vga [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\vgapnp.sys -> [2006-11-02 02:53:56 | 00,026,112 | ---- | M] (Microsoft Corporation) (ViaC7) VIA C7 Processor Driver [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\viac7.sys -> [2006-11-02 02:30:19 | 00,039,424 | ---- | M] (Microsoft Corporation) (viaide) viaide [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\viaide.sys -> [2006-11-02 03:49:30 | 00,017,512 | ---- | M] (VIA Technologies, Inc.) (volmgr) Volume Manager Driver [Kernel | Boot | Running] -> %SystemRoot%\System32\drivers\volmgr.sys -> [2008-01-19 01:42:18 | 00,052,792 | ---- | M] (Microsoft Corporation) (volmgrx) Dynamic Volume Manager [Kernel | Boot | Running] -> %SystemRoot%\System32\drivers\volmgrx.sys -> [2008-01-19 01:43:03 | 00,294,456 | ---- | M] (Microsoft Corporation) (vsmraid) vsmraid [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\vsmraid.sys -> [2006-11-02 03:50:41 | 00,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) (WacomPen) Wacom Serial Pen HID Driver [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\wacompen.sys -> [2006-11-02 02:52:52 | 00,020,608 | ---- | M] (Microsoft Corporation) (Wd) Microsoft Watchdog Timer Driver [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\wd.sys -> [2006-11-02 03:49:38 | 00,019,560 | ---- | M] (Microsoft Corporation) (Wdf01000) Kernel Mode Driver Frameworks service [Kernel | Boot | Running] -> %SystemRoot%\System32\drivers\Wdf01000.sys -> [2008-01-19 01:43:27 | 00,503,864 | ---- | M] (Microsoft Corporation) (WmiAcpi) Microsoft Windows Management Interface for ACPI [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\wmiacpi.sys -> [2006-11-02 02:35:03 | 00,011,264 | ---- | M] (Microsoft Corporation) (ws2ifsl) Windows Socket 2.0 Non-IFS Service Provider Support Environment [Kernel | System | Running] -> %SystemRoot%\System32\drivers\ws2ifsl.sys -> [2008-01-18 23:56:49 | 00,015,872 | ---- | M] (Microsoft Corporation) [Registry - Safe List] < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" -> -> HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons -> HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk -> HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://www.yahoo.com -> HKEY_LOCAL_MACHINE\: Search\\"CustomizeSearch" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_LOCAL_MACHINE\: Search\\"SearchAssistant" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\"Local Page" -> C:\Windows\system32\blank.htm -> HKEY_CURRENT_USER\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_CURRENT_USER\: Main\\"Start Page" -> http://www.yahoo.com/ -> HKEY_CURRENT_USER\: Main\\"StartPageCache" -> -> HKEY_CURRENT_USER\: "ProxyEnable" -> 0 -> < FireFox Settings [Default Profile] > -> C:\Users\ADMIN\AppData\Roaming\Mozilla\FireFox\Profiles\c8uvamk6.default\prefs.js -> browser.search.defaultenginename -> "Google" -> browser.search.defaulturl -> "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=" -> browser.search.selectedEngine -> "Google" -> browser.startup.homepage_override.mstone -> "rv:1.8.1" -> < HOSTS File > (266075 bytes and 9261 lines) -> C:\Windows\System32\drivers\etc\Hosts -> First 25 entries... 127.0.0.1 localhost ::1 localhost 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com 127.0.0.1 www.100sexlinks.com 127.0.0.1 100sexlinks.com 127.0.0.1 10sek.com 127.0.0.1 www.10sek.com 127.0.0.1 123topsearch.com 127.0.0.1 www.123topsearch.com 127.0.0.1 132.com 127.0.0.1 www.132.com 127.0.0.1 www.136136.net 127.0.0.1 136136.net 127.0.0.1 163ns.com 127.0.0.1 www.163ns.com 127.0.0.1 171203.com 127.0.0.1 17-plus.com < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {02478D38-C3F9-4efb-9B51-7695ECA05670} [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> [2006-01-12 22:38:22 | 00,063,128 | ---- | M] (Adobe Systems Incorporated) {53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> [2008-09-15 13:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited) {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_05\bin\ssv.dll [SSVHelper Class] -> [2008-02-22 03:25:19 | 00,509,328 | ---- | M] (Sun Microsystems, Inc.) < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "avast!" -> %ProgramFiles%\Alwil Software\Avast4\ashDisp [C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe] -> File not found "WPCUMI" -> %SystemRoot%\System32\wpcumi [C:\Windows\system32\WpcUmi.exe] -> File not found < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "SUPERAntiSpyware" -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware [C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe] -> File not found < Software Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer -> < CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDrives" -> [0] -> File not found < CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System \\"ConsentPromptBehaviorAdmin" -> [2] -> File not found \\"ConsentPromptBehaviorUser" -> [1] -> File not found \\"EnableInstallerDetection" -> [1] -> File not found \\"EnableLUA" -> [1] -> File not found \\"EnableSecureUIAPaths" -> [1] -> File not found \\"EnableVirtualization" -> [1] -> File not found \\"PromptOnSecureDesktop" -> [1] -> File not found \\"ValidateAdminCodeSignatures" -> [0] -> File not found \\"dontdisplaylastusername" -> [0] -> File not found \\"legalnoticecaption" -> [] -> File not found \\"legalnoticetext" -> [] -> File not found \\"scforceoption" -> [0] -> File not found \\"shutdownwithoutlogon" -> [1] -> File not found \\"undockwithoutlogon" -> [1] -> File not found \\"FilterAdministratorToken" -> [0] -> File not found \\"EnableUIADesktopToggle" -> [0] -> File not found \\"DisableRegistryTools" -> [0] -> File not found \\"HideLegacyLogonScripts" -> [0] -> File not found \\"HideLogoffScripts" -> [0] -> File not found \\"RunLogonScriptSync" -> [1] -> File not found \\"RunStartupScriptSync" -> [0] -> File not found \\"HideStartupScripts" -> [0] -> File not found HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats \UIPI\Clipboard\ExceptionFormats\\"CF_TEXT" -> [1] -> File not found \UIPI\Clipboard\ExceptionFormats\\"CF_BITMAP" -> [2] -> File not found \UIPI\Clipboard\ExceptionFormats\\"CF_OEMTEXT" -> [7] -> File not found \UIPI\Clipboard\ExceptionFormats\\"CF_DIB" -> [8] -> File not found \UIPI\Clipboard\ExceptionFormats\\"CF_PALETTE" -> [9] -> File not found \UIPI\Clipboard\ExceptionFormats\\"CF_UNICODETEXT" -> [13] -> File not found \UIPI\Clipboard\ExceptionFormats\\"CF_DIBV5" -> [17] -> File not found < CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [145] -> File not found \\"NoDrives" -> [0] -> File not found < CurrentVersion Policy Settings - System [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System \\"LogonHoursAction" -> [2] -> File not found \\"DontDisplayLogonHoursWarnings" -> [1] -> File not found \\"HideLegacyLogonScripts" -> [0] -> File not found \\"HideLogoffScripts" -> [0] -> File not found \\"HideStartupScripts" -> [0] -> File not found \\"RunLogonScriptSync" -> [1] -> File not found \\"RunStartupScriptSync" -> [0] -> File not found < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_05\bin\ssv.dll [Menu: Sun Java Console] -> [2008-02-22 03:25:19 | 00,509,328 | ---- | M] (Sun Microsystems, Inc.) {DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Menu: Spybot - Search & Destroy Configuration] -> [2008-09-15 13:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited) < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix "" -> http:// < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4844 domain(s) found. -> 45 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4846 domain(s) found. -> 45 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {149E45D8-163E-4189-86FC-45022AB2B6C9} [HKLM] -> file:///C:/Program%20Files/Turbo%20Pizza/Images/stg_drm.ocx[SpinTop DRM Control] -> {166B1BCA-3F9C-11CF-8075-444553540000} [HKLM] -> http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab[Shockwave ActiveX Control] -> {8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [HKLM] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] -> {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab[Java Plug-in 1.5.0_12] -> {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> {CC450D71-CC90-424C-8638-1F2DBAC87A54} [HKLM] -> file:///C:/Program%20Files/Pastry%20Passion/Images/armhelper.ocx[ArmHelper Control] -> < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {3462F948-DAD6-4AD6-BF49-DC530B4CB235} -> (D-Link WDA-2320 Desktop Adapter) -> {44C858E0-E31A-4EF0-B07F-D1217CAE41CC} -> (D-Link AirPlus G DWL-G510 Wireless PCI Adapter(rev.B)) -> {5D7DA6A9-2293-4EA0-93AD-795923C73395} -> (NVIDIA nForce Networking Controller) -> {DF980A01-88C5-4C07-B148-326977A859D7} -> (D-Link AirPlus G DWL-G510 Wireless PCI Adapter(rev.B)) -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> *Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> Explorer.exe -> %SystemRoot%\explorer -> File not found *MultiFile Done* -> -> *UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> C:\Windows\system32\userinit.exe -> %SystemRoot%\System32\userinit -> File not found *MultiFile Done* -> -> < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> !SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.dll -> [2008-12-03 14:56:38 | 00,352,256 | ---- | M] (SUPERAntiSpyware.com) < ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" [HKLM] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> [2008-05-13 09:13:36 | 00,077,824 | ---- | M] (SuperAdBlocker.com) < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> *SecurityProviders* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> credssp.dll -> %SystemRoot%\System32\credssp.dll -> [2008-01-19 01:33:59 | 00,015,872 | ---- | M] (Microsoft Corporation) *MultiFile Done* -> -> < LSA Authentication Packages [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> *LSA Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> tspkg -> %SystemRoot%\System32\TSpkg.dll -> [2008-01-19 01:36:42 | 00,062,464 | ---- | M] (Microsoft Corporation) *MultiFile Done* -> -> < Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> < SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> "AlternateShell" -> cmd.exe -> < CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom -> "AutoRun" -> 1 -> "DisplayName" -> CD-ROM Driver -> "ImagePath" -> %SystemRoot%\System32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> [2008-01-18 23:49:51 | 00,067,072 | ---- | M] (Microsoft Corporation) < Drives with AutoRun files > -> -> C:\autoexec.bat [REM Dummy file for NTVDMPATH=%PATH%;C:\PROGRA~1\COMMON~1\MUVEET~1\030625 | ] -> %SystemDrive%\autoexec [ NTFS ] -> File not found < MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> \{a4959ca6-813c-11dd-b209-806e6f6e6963} HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a4959ca6-813c-11dd-b209-806e6f6e6963}\shell \{a4959ca6-813c-11dd-b209-806e6f6e6963}\shell\\"" -> [AutoRun] -> File not found HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a4959ca6-813c-11dd-b209-806e6f6e6963}\shell\AutoRun\command \{a4959ca6-813c-11dd-b209-806e6f6e6963}\shell\AutoRun\command\\"" -> D:\Launch.exe [D:\Launch.exe] -> File not found [Files/Folders - Created Within 90 Days] 3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> IconCache.db -> %UserProfile%\AppData\Local\IconCache.db -> [2008-12-26 08:58:44 | 01,330,258 | -H-- | C] () rsit -> %SystemDrive%\rsit -> [2008-12-25 08:37:48 | 00,000,000 | ---D | C] inetpub -> %SystemDrive%\inetpub -> [2008-12-22 21:41:56 | 00,000,000 | ---D | C] Minidump -> %SystemRoot%\Minidump -> [2008-12-22 21:22:35 | 00,000,000 | ---D | C] MEMORY.DMP -> %SystemRoot%\MEMORY.DMP -> [2008-12-22 21:22:02 | 28,239,8805 | ---- | C] () PSEXESVC.EXE -> %SystemRoot%\PSEXESVC.EXE -> [2008-12-22 21:15:25 | 00,053,248 | ---- | C] (Sysinternals) temp -> %SystemRoot%\temp -> [2008-12-22 21:15:15 | 00,000,000 | ---D | C] ComboFix -> %SystemDrive%\ComboFix -> [2008-12-22 21:13:28 | 00,000,000 | ---D | C] CF349.exe -> %SystemRoot%\System32\CF349.exe -> [2008-12-22 21:13:27 | 00,318,976 | ---- | C] (Microsoft Corporation) swsc.exe -> %SystemRoot%\System32\swsc.exe -> [2008-12-22 21:13:23 | 00,031,744 | ---- | C] (Microsoft Corporation) SWXCACLS.exe -> %SystemRoot%\SWXCACLS.exe -> [2008-12-22 20:37:58 | 00,212,480 | ---- | C] (SteelWerX) SWREG.exe -> %SystemRoot%\SWREG.exe -> [2008-12-22 20:37:58 | 00,161,792 | ---- | C] (SteelWerX) SWSC.exe -> %SystemRoot%\SWSC.exe -> [2008-12-22 20:37:58 | 00,136,704 | ---- | C] (SteelWerX) sed.exe -> %SystemRoot%\sed.exe -> [2008-12-22 20:37:58 | 00,098,816 | ---- | C] () fdsv.exe -> %SystemRoot%\fdsv.exe -> [2008-12-22 20:37:58 | 00,089,504 | ---- | C] (Smallfrogs Studio) grep.exe -> %SystemRoot%\grep.exe -> [2008-12-22 20:37:58 | 00,080,412 | ---- | C] () zip.exe -> %SystemRoot%\zip.exe -> [2008-12-22 20:37:58 | 00,068,096 | ---- | C] () VFIND.exe -> %SystemRoot%\VFIND.exe -> [2008-12-22 20:37:58 | 00,049,152 | ---- | C] () NIRCMD.exe -> %SystemRoot%\NIRCMD.exe -> [2008-12-22 20:37:58 | 00,028,672 | ---- | C] (NirSoft) Qoobox -> %SystemDrive%\Qoobox -> [2008-12-22 20:37:52 | 00,000,000 | ---D | C] ComboFix.exe -> %UserProfile%\Desktop\ComboFix.exe -> [2008-12-22 20:34:16 | 02,885,687 | R--- | C] () SUPERAntiSpyware.com -> %AllUsersProfile%\SUPERAntiSpyware.com -> [2008-12-21 21:25:21 | 00,000,000 | ---D | C] SUPERAntiSpyware Free Edition.lnk -> %UserProfile%\Desktop\SUPERAntiSpyware Free Edition.lnk -> [2008-12-21 21:25:04 | 00,000,904 | ---- | C] () SUPERAntiSpyware.com -> %AppData%\SUPERAntiSpyware.com -> [2008-12-21 21:25:02 | 00,000,000 | ---D | C] SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware -> [2008-12-21 21:25:02 | 00,000,000 | ---D | C] Microsoft Games -> %UserProfile%\AppData\Local\Microsoft Games -> [2008-12-21 10:02:52 | 00,000,000 | ---D | C] LuUninstall.LiveUpdate -> %AllUsersProfile%\LuUninstall.LiveUpdate -> [2008-12-21 09:47:20 | 00,131,522 | ---- | C] () HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [2008-12-21 09:08:57 | 00,001,876 | ---- | C] () Trend Micro -> %ProgramFiles%\Trend Micro -> [2008-12-21 09:08:57 | 00,000,000 | ---D | C] mshtml.dll -> %SystemRoot%\System32\mshtml.dll -> [2008-12-21 03:00:22 | 03,578,880 | ---- | C] (Microsoft Corporation) mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> [2008-12-20 20:51:25 | 00,015,504 | ---- | C] (Malwarebytes Corporation) Malwarebytes' Anti-Malware.lnk -> %SystemDrive%\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk -> [2008-12-20 20:51:25 | 00,000,820 | ---- | C] () Malwarebytes -> %AppData%\Malwarebytes -> [2008-12-20 20:51:25 | 00,000,000 | ---D | C] mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> [2008-12-20 20:51:22 | 00,038,496 | ---- | C] (Malwarebytes Corporation) Malwarebytes' Anti-Malware -> %ProgramFiles%\Malwarebytes' Anti-Malware -> [2008-12-20 20:51:21 | 00,000,000 | ---D | C] Malwarebytes -> %AllUsersProfile%\Malwarebytes -> [2008-12-20 20:51:21 | 00,000,000 | ---D | C] ERDNT -> %SystemRoot%\ERDNT -> [2008-12-20 20:50:17 | 00,000,000 | ---D | C] ERUNT AutoBackup.lnk -> %AppData%\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk -> [2008-12-20 20:49:38 | 00,000,915 | ---- | C] () NTREGOPT.lnk -> %UserProfile%\Desktop\NTREGOPT.lnk -> [2008-12-20 20:49:22 | 00,000,735 | ---- | C] () ERUNT.lnk -> %UserProfile%\Desktop\ERUNT.lnk -> [2008-12-20 20:49:22 | 00,000,716 | ---- | C] () desktop.ini -> %AppData%\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -> [2008-12-20 20:49:21 | 00,000,174 | -HS- | C] () ERUNT -> %ProgramFiles%\ERUNT -> [2008-12-20 20:49:21 | 00,000,000 | ---D | C] Clean System -> %UserProfile%\Desktop\Clean System -> [2008-12-20 20:41:19 | 00,000,000 | ---D | C] aswSP.sys -> %SystemRoot%\System32\drivers\aswSP.sys -> [2008-12-20 19:30:20 | 00,111,184 | ---- | C] (ALWIL Software) AvastSS.scr -> %SystemRoot%\System32\AvastSS.scr -> [2008-12-20 19:30:20 | 00,097,480 | ---- | C] (ALWIL Software) aswTdi.sys -> %SystemRoot%\System32\drivers\aswTdi.sys -> [2008-12-20 19:30:20 | 00,050,864 | ---- | C] (ALWIL Software) aswRdr.sys -> %SystemRoot%\System32\drivers\aswRdr.sys -> [2008-12-20 19:30:20 | 00,023,152 | ---- | C] (ALWIL Software) aswFsBlk.sys -> %SystemRoot%\System32\drivers\aswFsBlk.sys -> [2008-12-20 19:30:20 | 00,020,560 | ---- | C] (ALWIL Software) avast! Antivirus.lnk -> %SystemDrive%\Users\Public\Desktop\avast! Antivirus.lnk -> [2008-12-20 19:30:20 | 00,001,851 | ---- | C] () aswBoot.exe -> %SystemRoot%\System32\aswBoot.exe -> [2008-12-20 19:30:10 | 01,236,208 | ---- | C] (ALWIL Software) actskin4.ocx -> %SystemRoot%\System32\actskin4.ocx -> [2008-12-20 19:30:10 | 00,380,928 | ---- | C] () aswMonFlt.sys -> %SystemRoot%\System32\drivers\aswMonFlt.sys -> [2008-12-20 19:30:10 | 00,051,792 | ---- | C] (ALWIL Software) VirtualStore -> %UserProfile%\AppData\Local\VirtualStore -> [2008-12-20 18:43:55 | 00,000,000 | ---D | C] E80F62FF5D3C4A1984099721F2928206.TMP -> %SystemRoot%\E80F62FF5D3C4A1984099721F2928206.TMP -> [2008-12-20 18:28:37 | 00,000,000 | ---D | C] PCSettings -> %AllUsersProfile%\PCSettings -> [2008-12-20 18:21:22 | 00,000,000 | ---D | C] Norton -> %AllUsersProfile%\Norton -> [2008-12-20 18:21:20 | 00,000,000 | ---D | C] NortonInstaller -> %AllUsersProfile%\NortonInstaller -> [2008-12-20 18:09:53 | 00,000,000 | ---D | C] NIS09EN.exe -> %UserProfile%\Desktop\NIS09EN.exe -> [2008-12-20 18:09:18 | 64,504,152 | ---- | C] (Symantec Corporation) Temp -> %UserProfile%\AppData\Local\Temp -> [2008-12-20 17:50:47 | 00,000,000 | ---D | C] Alwil Software -> %ProgramFiles%\Alwil Software -> [2008-12-20 12:56:59 | 00,000,000 | ---D | C] ntuser.pol -> %AllUsersProfile%\ntuser.pol -> [2008-12-18 21:47:14 | 00,000,258 | RHS- | C] () tzres.dll -> %SystemRoot%\System32\tzres.dll -> [2008-12-10 03:02:06 | 00,002,048 | ---- | C] (Microsoft Corporation) urlmon.dll -> %SystemRoot%\System32\urlmon.dll -> [2008-12-09 16:17:15 | 01,166,336 | ---- | C] (Microsoft Corporation) ieframe.dll -> %SystemRoot%\System32\ieframe.dll -> [2008-12-09 16:17:14 | 06,068,736 | ---- | C] (Microsoft Corporation) wininet.dll -> %SystemRoot%\System32\wininet.dll -> [2008-12-09 16:17:14 | 00,827,392 | ---- | C] (Microsoft Corporation) mstime.dll -> %SystemRoot%\System32\mstime.dll -> [2008-12-09 16:17:14 | 00,671,232 | ---- | C] (Microsoft Corporation) iertutil.dll -> %SystemRoot%\System32\iertutil.dll -> [2008-12-09 16:17:13 | 00,270,336 | ---- | C] (Microsoft Corporation) jsproxy.dll -> %SystemRoot%\System32\jsproxy.dll -> [2008-12-09 16:17:13 | 00,028,160 | ---- | C] (Microsoft Corporation) mf.dll -> %SystemRoot%\System32\mf.dll -> [2008-12-09 16:16:53 | 02,868,736 | ---- | C] (Microsoft Corporation) WMVCORE.DLL -> %SystemRoot%\System32\WMVCORE.DLL -> [2008-12-09 16:16:53 | 02,386,944 | ---- | C] (Microsoft Corporation) WMNetMgr.dll -> %SystemRoot%\System32\WMNetMgr.dll -> [2008-12-09 16:16:52 | 00,996,352 | ---- | C] (Microsoft Corporation) logagent.exe -> %SystemRoot%\System32\logagent.exe -> [2008-12-09 16:16:52 | 00,094,720 | ---- | C] (Microsoft Corporation) shell32.dll -> %SystemRoot%\System32\shell32.dll -> [2008-12-09 16:16:33 | 11,580,928 | ---- | C] (Microsoft Corporation) explorer.exe -> %SystemRoot%\explorer.exe -> [2008-12-09 16:16:29 | 02,927,104 | ---- | C] (Microsoft Corporation) gdi32.dll -> %SystemRoot%\System32\gdi32.dll -> [2008-12-09 16:12:30 | 00,296,960 | ---- | C] (Microsoft Corporation) Apphlpdm.dll -> %SystemRoot%\System32\Apphlpdm.dll -> [2008-12-09 16:12:19 | 00,028,672 | ---- | C] (Microsoft Corporation) GameUXLegacyGDFs.dll -> %SystemRoot%\System32\GameUXLegacyGDFs.dll -> [2008-12-09 16:12:18 | 04,240,384 | ---- | C] (Microsoft) Microbiology_Final.doc -> %UserProfile%\Documents\Microbiology_Final.doc -> [2008-12-02 08:19:28 | 00,104,448 | ---- | C] () config.bin -> %UserProfile%\Documents\config.bin -> [2008-11-30 10:17:29 | 00,027,384 | ---- | C] () PortableDeviceApi.dll -> %SystemRoot%\System32\PortableDeviceApi.dll -> [2008-11-25 16:54:36 | 00,241,152 | ---- | C] (Microsoft Corporation) PhotoMetadataHandler.dll -> %SystemRoot%\System32\PhotoMetadataHandler.dll -> [2008-11-25 16:54:28 | 00,425,472 | ---- | C] (Microsoft Corporation) WindowsCodecs.dll -> %SystemRoot%\System32\WindowsCodecs.dll -> [2008-11-25 16:54:27 | 00,712,704 | ---- | C] (Microsoft Corporation) WindowsCodecsExt.dll -> %SystemRoot%\System32\WindowsCodecsExt.dll -> [2008-11-25 16:54:27 | 00,347,136 | ---- | C] (Microsoft Corporation) connect.dll -> %SystemRoot%\System32\connect.dll -> [2008-11-25 16:54:21 | 01,645,568 | ---- | C] (Microsoft Corporation) wuaueng.dll -> %SystemRoot%\System32\wuaueng.dll -> [2008-11-14 06:40:49 | 01,809,944 | ---- | C] (Microsoft Corporation) wucltux.dll -> %SystemRoot%\System32\wucltux.dll -> [2008-11-14 06:40:49 | 01,524,736 | ---- | C] (Microsoft Corporation) wuauclt.exe -> %SystemRoot%\System32\wuauclt.exe -> [2008-11-14 06:40:49 | 00,051,224 | ---- | C] (Microsoft Corporation) wups2.dll -> %SystemRoot%\System32\wups2.dll -> [2008-11-14 06:40:49 | 00,043,544 | ---- | C] (Microsoft Corporation) wups.dll -> %SystemRoot%\System32\wups.dll -> [2008-11-14 06:40:43 | 00,034,328 | ---- | C] (Microsoft Corporation) wuapi.dll -> %SystemRoot%\System32\wuapi.dll -> [2008-11-14 06:40:42 | 00,561,688 | ---- | C] (Microsoft Corporation) wudriver.dll -> %SystemRoot%\System32\wudriver.dll -> [2008-11-14 06:40:42 | 00,083,456 | ---- | C] (Microsoft Corporation) wuwebv.dll -> %SystemRoot%\System32\wuwebv.dll -> [2008-11-14 06:40:41 | 00,162,064 | ---- | C] (Microsoft Corporation) wuapp.exe -> %SystemRoot%\System32\wuapp.exe -> [2008-11-14 06:40:41 | 00,031,232 | ---- | C] (Microsoft Corporation) World of Warcraft -> %SystemDrive%\World of Warcraft -> [2008-11-13 07:14:55 | 00,000,000 | ---D | C] mrxsmb10.sys -> %SystemRoot%\System32\drivers\mrxsmb10.sys -> [2008-11-12 18:49:42 | 00,212,480 | ---- | C] (Microsoft Corporation) msxml3.dll -> %SystemRoot%\System32\msxml3.dll -> [2008-11-12 18:49:29 | 01,191,936 | ---- | C] (Microsoft Corporation) msxml6.dll -> %SystemRoot%\System32\msxml6.dll -> [2008-11-12 18:49:19 | 01,334,272 | ---- | C] (Microsoft Corporation) World of Warcraft.lnk -> %SystemDrive%\Users\Public\Desktop\World of Warcraft.lnk -> [2008-11-08 17:38:18 | 00,000,749 | ---- | C] () Blizzard -> %AllUsersProfile%\Blizzard -> [2008-11-08 17:38:12 | 00,000,000 | ---D | C] jagex_runescape_preferences.dat -> %UserProfile%\jagex_runescape_preferences.dat -> [2008-11-01 07:43:18 | 00,000,030 | ---- | C] () EncDec.dll -> %SystemRoot%\System32\EncDec.dll -> [2008-10-31 14:22:00 | 00,428,544 | ---- | C] (Microsoft Corporation) psisrndr.ax -> %SystemRoot%\System32\psisrndr.ax -> [2008-10-31 14:22:00 | 00,217,088 | ---- | C] (Microsoft Corporation) psisdecd.dll -> %SystemRoot%\System32\psisdecd.dll -> [2008-10-31 14:21:59 | 00,293,376 | ---- | C] (Microsoft Corporation) mpg2splt.ax -> %SystemRoot%\System32\mpg2splt.ax -> [2008-10-31 14:21:59 | 00,177,664 | ---- | C] (Microsoft Corporation) MSNP.ax -> %SystemRoot%\System32\MSNP.ax -> [2008-10-31 14:21:59 | 00,080,896 | ---- | C] (Microsoft Corporation) Faultrep.dll -> %SystemRoot%\System32\Faultrep.dll -> [2008-10-29 06:53:21 | 00,147,456 | ---- | C] (Microsoft Corporation) wersvc.dll -> %SystemRoot%\System32\wersvc.dll -> [2008-10-29 06:53:21 | 00,125,952 | ---- | C] (Microsoft Corporation) win32spl.dll -> %SystemRoot%\System32\win32spl.dll -> [2008-10-29 06:53:13 | 00,443,392 | ---- | C] (Microsoft Corporation) netapi32.dll -> %SystemRoot%\System32\netapi32.dll -> [2008-10-23 21:47:02 | 00,466,944 | ---- | C] (Microsoft Corporation) win32k.sys -> %SystemRoot%\System32\win32k.sys -> [2008-10-15 21:42:18 | 02,032,640 | ---- | C] (Microsoft Corporation) srv.sys -> %SystemRoot%\System32\drivers\srv.sys -> [2008-10-15 21:42:09 | 00,288,768 | ---- | C] (Microsoft Corporation) ntkrnlpa.exe -> %SystemRoot%\System32\ntkrnlpa.exe -> [2008-10-15 21:42:01 | 03,601,464 | ---- | C] (Microsoft Corporation) ntoskrnl.exe -> %SystemRoot%\System32\ntoskrnl.exe -> [2008-10-15 21:42:01 | 03,549,240 | ---- | C] (Microsoft Corporation) mshtml.tlb -> %SystemRoot%\System32\mshtml.tlb -> [2008-10-15 21:41:48 | 01,383,424 | ---- | C] (Microsoft Corporation) tmcomm.sys -> %SystemRoot%\System32\drivers\tmcomm.sys -> [2008-10-11 11:03:43 | 00,102,664 | ---- | C] (Trend Micro Inc.) .housecall6.6 -> %UserProfile%\.housecall6.6 -> [2008-10-11 11:02:27 | 00,000,000 | ---D | C] Sun -> %SystemRoot%\Sun -> [2008-10-11 11:02:05 | 00,000,000 | ---D | C] Spybot - Search & Destroy.lnk -> %UserProfile%\Desktop\Spybot - Search & Destroy.lnk -> [2008-10-10 19:42:17 | 00,001,057 | ---- | C] () Spybot - Search & Destroy -> %ProgramFiles%\Spybot - Search & Destroy -> [2008-10-10 19:42:12 | 00,000,000 | ---D | C] Spybot - Search & Destroy -> %AllUsersProfile%\Spybot - Search & Destroy -> [2008-10-10 19:42:12 | 00,000,000 | ---D | C] Leadertech -> %AppData%\Leadertech -> [2008-10-01 17:43:31 | 00,000,000 | ---D | C] Disney Interactive -> %ProgramFiles%\Disney Interactive -> [2008-10-01 17:42:57 | 00,000,000 | ---D | C] disney.ini -> %SystemRoot%\disney.ini -> [2008-10-01 17:42:30 | 00,003,604 | ---- | C] () msxml4.dll -> %SystemRoot%\System32\msxml4.dll -> [2008-09-30 16:43:34 | 01,286,152 | ---- | C] (Microsoft Corporation) [Files/Folders - Modified Within 90 Days] 3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> NTUSER.DAT -> %UserProfile%\NTUSER.DAT -> [2008-12-27 10:25:40 | 04,718,592 | -HS- | M] () User_Feed_Synchronization-{5ABF9491-355D-425D-982E-507CAA06DBC9}.job -> %SystemRoot%\tasks\User_Feed_Synchronization-{5ABF9491-355D-425D-982E-507CAA06DBC9}.job -> [2008-12-27 10:25:13 | 00,000,416 | -H-- | M] () PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [2008-12-27 09:35:08 | 00,771,162 | ---- | M] () perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [2008-12-27 09:35:08 | 00,654,082 | ---- | M] () perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [2008-12-27 09:35:08 | 00,120,958 | ---- | M] () SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [2008-12-27 09:30:42 | 00,000,006 | -H-- | M] () 7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> %SystemRoot%\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> [2008-12-27 09:30:41 | 00,005,552 | -H-- | M] () 7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> %SystemRoot%\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> [2008-12-27 09:30:41 | 00,005,552 | -H-- | M] () bootstat.dat -> %SystemRoot%\bootstat.dat -> [2008-12-27 09:30:37 | 00,067,584 | --S- | M] () NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms -> %UserProfile%\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms -> [2008-12-26 08:58:47 | 00,524,288 | -HS- | M] () NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf -> %UserProfile%\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf -> [2008-12-26 08:58:47 | 00,065,536 | -HS- | M] () IconCache.db -> %UserProfile%\AppData\Local\IconCache.db -> [2008-12-26 08:58:44 | 01,330,258 | -H-- | M] () PublishedRacMonAFLTable.DAT -> %AllUsersProfile%\Microsoft\RAC\PublishedData\PublishedRacMonAFLTable.DAT -> [2008-12-25 08:42:13 | 00,744,924 | ---- | M] () PublishedRacMonSWITable.DAT -> %AllUsersProfile%\Microsoft\RAC\PublishedData\PublishedRacMonSWITable.DAT -> [2008-12-25 08:42:13 | 00,059,924 | ---- | M] () PublishedRacMonOSFTable.DAT -> %AllUsersProfile%\Microsoft\RAC\PublishedData\PublishedRacMonOSFTable.DAT -> [2008-12-25 08:42:13 | 00,015,180 | ---- | M] () PublishedRacMonIndex.DAT -> %AllUsersProfile%\Microsoft\RAC\PublishedData\PublishedRacMonIndex.DAT -> [2008-12-25 08:42:13 | 00,003,720 | ---- | M] () PublishedRacMonCLKTable.DAT -> %AllUsersProfile%\Microsoft\RAC\PublishedData\PublishedRacMonCLKTable.DAT -> [2008-12-25 08:42:13 | 00,000,048 | ---- | M] () PublishedRacMonHFLTable.DAT -> %AllUsersProfile%\Microsoft\RAC\PublishedData\PublishedRacMonHFLTable.DAT -> [2008-12-25 08:42:13 | 00,000,000 | ---- | M] () LuUninstall.LiveUpdate -> %AllUsersProfile%\LuUninstall.LiveUpdate -> [2008-12-22 21:37:16 | 00,131,522 | ---- | M] () MEMORY.DMP -> %SystemRoot%\MEMORY.DMP -> [2008-12-22 21:22:35 | 28,239,8805 | ---- | M] () PSLOG -> %SystemRoot%\System32\PSLOG -> [2008-12-22 21:22:11 | 00,000,202 | ---- | M] () system.ini -> %SystemRoot%\system.ini -> [2008-12-22 21:15:27 | 00,000,215 | ---- | M] () PSEXESVC.EXE -> %SystemRoot%\PSEXESVC.EXE -> [2008-12-22 21:15:25 | 00,053,248 | ---- | M] (Sysinternals) CF349.exe -> %SystemRoot%\System32\CF349.exe -> [2008-12-22 21:13:20 | 00,318,976 | ---- | M] (Microsoft Corporation) ComboFix.exe -> %UserProfile%\Desktop\ComboFix.exe -> [2008-12-22 20:02:56 | 02,885,687 | R--- | M] () SUPERAntiSpyware Free Edition.lnk -> %UserProfile%\Desktop\SUPERAntiSpyware Free Edition.lnk -> [2008-12-21 21:25:04 | 00,000,904 | ---- | M] () HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [2008-12-21 09:08:57 | 00,001,876 | ---- | M] () Malwarebytes' Anti-Malware.lnk -> %SystemDrive%\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk -> [2008-12-20 20:51:25 | 00,000,820 | ---- | M] () ERUNT AutoBackup.lnk -> %AppData%\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk -> [2008-12-20 20:49:38 | 00,000,915 | ---- | M] () NTREGOPT.lnk -> %UserProfile%\Desktop\NTREGOPT.lnk -> [2008-12-20 20:49:22 | 00,000,735 | ---- | M] () ERUNT.lnk -> %UserProfile%\Desktop\ERUNT.lnk -> [2008-12-20 20:49:22 | 00,000,716 | ---- | M] () desktop.ini -> %AppData%\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -> [2008-12-20 20:49:21 | 00,000,174 | -HS- | M] () config.nt -> %SystemRoot%\System32\config.nt -> [2008-12-20 19:30:20 | 00,002,577 | ---- | M] () avast! Antivirus.lnk -> %SystemDrive%\Users\Public\Desktop\avast! Antivirus.lnk -> [2008-12-20 19:30:20 | 00,001,851 | ---- | M] () qmgr1.dat -> %AllUsersProfile%\Microsoft\Network\Downloader\qmgr1.dat -> [2008-12-20 18:46:54 | 04,194,304 | ---- | M] () qmgr0.dat -> %AllUsersProfile%\Microsoft\Network\Downloader\qmgr0.dat -> [2008-12-20 18:46:54 | 04,194,304 | ---- | M] () ntuser.pol -> %UserProfile%\ntuser.pol -> [2008-12-20 12:55:08 | 00,000,632 | RHS- | M] () ntuser.pol -> %AllUsersProfile%\ntuser.pol -> [2008-12-18 21:47:14 | 00,000,258 | RHS- | M] () Norton Security Scan.lnk -> %SystemDrive%\Users\Public\Desktop\Norton Security Scan.lnk -> [2008-12-18 21:39:53 | 00,002,279 | ---- | M] () mshtml.dll -> %SystemRoot%\System32\mshtml.dll -> [2008-12-11 23:52:52 | 03,578,880 | ---- | M] (Microsoft Corporation) NIS09EN.exe -> %UserProfile%\Desktop\NIS09EN.exe -> [2008-12-07 16:07:48 | 64,504,152 | ---- | M] (Symantec Corporation) mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> [2008-12-03 19:58:36 | 00,038,496 | ---- | M] (Malwarebytes Corporation) mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> [2008-12-03 19:58:32 | 00,015,504 | ---- | M] (Malwarebytes Corporation) mrt.exe -> %SystemRoot%\System32\mrt.exe -> [2008-12-02 15:26:30 | 17,593,280 | ---- | M] (Microsoft Corporation) Microbiology_Final.doc -> %UserProfile%\Documents\Microbiology_Final.doc -> [2008-12-02 08:19:28 | 00,104,448 | ---- | M] () hosts -> %SystemRoot%\System32\drivers\etc\hosts -> [2008-11-30 10:29:16 | 00,266,075 | R--- | M] () config.bin -> %UserProfile%\Documents\config.bin -> [2008-11-30 10:17:30 | 00,027,384 | ---- | M] () aswBoot.exe -> %SystemRoot%\System32\aswBoot.exe -> [2008-11-26 11:21:30 | 01,236,208 | ---- | M] (ALWIL Software) aswSP.sys -> %SystemRoot%\System32\drivers\aswSP.sys -> [2008-11-26 11:17:36 | 00,111,184 | ---- | M] (ALWIL Software) aswFsBlk.sys -> %SystemRoot%\System32\drivers\aswFsBlk.sys -> [2008-11-26 11:17:25 | 00,020,560 | ---- | M] (ALWIL Software) aswMonFlt.sys -> %SystemRoot%\System32\drivers\aswMonFlt.sys -> [2008-11-26 11:17:15 | 00,051,792 | ---- | M] (ALWIL Software) aswTdi.sys -> %SystemRoot%\System32\drivers\aswTdi.sys -> [2008-11-26 11:16:38 | 00,050,864 | ---- | M] (ALWIL Software) aswRdr.sys -> %SystemRoot%\System32\drivers\aswRdr.sys -> [2008-11-26 11:16:29 | 00,023,152 | ---- | M] (ALWIL Software) AvastSS.scr -> %SystemRoot%\System32\AvastSS.scr -> [2008-11-26 11:15:10 | 00,097,480 | ---- | M] (ALWIL Software) World of Warcraft.lnk -> %SystemDrive%\Users\Public\Desktop\World of Warcraft.lnk -> [2008-11-13 00:41:46 | 00,000,749 | ---- | M] () shell32.dll -> %SystemRoot%\System32\shell32.dll -> [2008-11-06 07:14:25 | 11,580,928 | ---- | M] (Microsoft Corporation) jagex_runescape_preferences.dat -> %UserProfile%\jagex_runescape_preferences.dat -> [2008-11-01 07:43:36 | 00,000,030 | ---- | M] () Apphlpdm.dll -> %SystemRoot%\System32\Apphlpdm.dll -> [2008-10-31 21:44:34 | 00,028,672 | ---- | M] (Microsoft Corporation) GameUXLegacyGDFs.dll -> %SystemRoot%\System32\GameUXLegacyGDFs.dll -> [2008-10-31 19:21:40 | 04,240,384 | ---- | M] (Microsoft) explorer.exe -> %SystemRoot%\explorer.exe -> [2008-10-29 00:29:41 | 02,927,104 | ---- | M] (Microsoft Corporation) PortableDeviceApi.dll -> %SystemRoot%\System32\PortableDeviceApi.dll -> [2008-10-21 21:57:30 | 00,241,152 | ---- | M] (Microsoft Corporation) tzres.dll -> %SystemRoot%\System32\tzres.dll -> [2008-10-21 19:22:11 | 00,002,048 | ---- | M] (Microsoft Corporation) gdi32.dll -> %SystemRoot%\System32\gdi32.dll -> [2008-10-20 23:25:18 | 00,296,960 | ---- | M] (Microsoft Corporation) connect.dll -> %SystemRoot%\System32\connect.dll -> [2008-10-20 23:25:17 | 01,645,568 | ---- | M] (Microsoft Corporation) wuaueng.dll -> %SystemRoot%\System32\wuaueng.dll -> [2008-10-16 15:13:38 | 01,809,944 | ---- | M] (Microsoft Corporation) wuapi.dll -> %SystemRoot%\System32\wuapi.dll -> [2008-10-16 15:12:19 | 00,561,688 | ---- | M] (Microsoft Corporation) wuauclt.exe -> %SystemRoot%\System32\wuauclt.exe -> [2008-10-16 15:09:43 | 00,051,224 | ---- | M] (Microsoft Corporation) wups2.dll -> %SystemRoot%\System32\wups2.dll -> [2008-10-16 15:09:43 | 00,043,544 | ---- | M] (Microsoft Corporation) wups.dll -> %SystemRoot%\System32\wups.dll -> [2008-10-16 15:08:57 | 00,034,328 | ---- | M] (Microsoft Corporation) wucltux.dll -> %SystemRoot%\System32\wucltux.dll -> [2008-10-16 14:56:28 | 01,524,736 | ---- | M] (Microsoft Corporation) wudriver.dll -> %SystemRoot%\System32\wudriver.dll -> [2008-10-16 14:55:59 | 00,083,456 | ---- | M] (Microsoft Corporation) wuwebv.dll -> %SystemRoot%\System32\wuwebv.dll -> [2008-10-16 14:08:00 | 00,162,064 | ---- | M] (Microsoft Corporation) wuapp.exe -> %SystemRoot%\System32\wuapp.exe -> [2008-10-16 13:56:04 | 00,031,232 | ---- | M] (Microsoft Corporation) FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [2008-10-16 02:09:21 | 00,281,592 | ---- | M] () wininet.dll -> %SystemRoot%\System32\wininet.dll -> [2008-10-15 22:47:35 | 00,827,392 | ---- | M] (Microsoft Corporation) urlmon.dll -> %SystemRoot%\System32\urlmon.dll -> [2008-10-15 22:47:34 | 01,166,336 | ---- | M] (Microsoft Corporation) netapi32.dll -> %SystemRoot%\System32\netapi32.dll -> [2008-10-15 22:47:33 | 00,466,944 | ---- | M] (Microsoft Corporation) mstime.dll -> %SystemRoot%\System32\mstime.dll -> [2008-10-15 22:47:32 | 00,671,232 | ---- | M] (Microsoft Corporation) jsproxy.dll -> %SystemRoot%\System32\jsproxy.dll -> [2008-10-15 22:47:30 | 00,028,160 | ---- | M] (Microsoft Corporation) ieframe.dll -> %SystemRoot%\System32\ieframe.dll -> [2008-10-15 22:47:29 | 06,068,736 | ---- | M] (Microsoft Corporation) iertutil.dll -> %SystemRoot%\System32\iertutil.dll -> [2008-10-15 22:47:29 | 00,270,336 | ---- | M] (Microsoft Corporation) hosts.20081130-102916.backup -> %SystemRoot%\System32\drivers\etc\hosts.20081130-102916.backup -> [2008-10-11 15:38:00 | 00,263,303 | ---- | M] () tmcomm.sys -> %SystemRoot%\System32\drivers\tmcomm.sys -> [2008-10-11 11:02:43 | 00,102,664 | ---- | M] (Trend Micro Inc.) hosts.bak -> %SystemRoot%\System32\drivers\etc\hosts.bak -> [2008-10-10 19:44:55 | 00,266,075 | R--- | M] () Spybot - Search & Destroy.lnk -> %UserProfile%\Desktop\Spybot - Search & Destroy.lnk -> [2008-10-10 19:42:17 | 00,001,057 | ---- | M] () mshtml.tlb -> %SystemRoot%\System32\mshtml.tlb -> [2008-10-01 19:32:38 | 01,383,424 | ---- | M] (Microsoft Corporation) disney.ini -> %SystemRoot%\disney.ini -> [2008-10-01 17:47:06 | 00,003,604 | ---- | M] () msxml4.dll -> %SystemRoot%\System32\msxml4.dll -> [2008-09-30 16:43:34 | 01,286,152 | ---- | M] (Microsoft Corporation) KIDS.dat -> %AllUsersProfile%\Microsoft\User Account Pictures\KIDS.dat -> [2008-09-13 12:26:45 | 00,000,000 | ---- | M] () wklntsk1.dat -> %AllUsersProfile%\Microsoft\Works\wklntsk1.dat -> [2008-08-25 13:10:53 | 00,155,262 | ---- | M] () wkcalcat.dat -> %AllUsersProfile%\Microsoft\Works\wkcalcat.dat -> [2008-08-25 13:03:16 | 00,016,384 | ---- | M] () ADMIN.dat -> %AllUsersProfile%\Microsoft\User Account Pictures\ADMIN.dat -> [2007-12-07 19:22:28 | 00,000,000 | ---- | M] () [File - Lop Check] C:\Windows\Tasks\ -> C:\Windows\Tasks -> [2008-12-20 18:22:39 | 00,000,000 | ---D | M] SA.DAT -> C:\Windows\Tasks\SA.DAT -> [2008-12-27 09:30:42 | 00,000,006 | -H-- | M] () SCHEDLGU.TXT -> C:\Windows\Tasks\SCHEDLGU -> [2008-12-26 16:31:39 | 00,032,654 | ---- | M] () User_Feed_Synchronization-{5ABF9491-355D-425D-982E-507CAA06DBC9}.job -> C:\Windows\Tasks\User_Feed_Synchronization-{5ABF9491-355D-425D-982E-507CAA06DBC9} -> [2008-12-27 10:25:13 | 00,000,416 | -H-- | M] () [File - Purity Scan] [CatchMe Rootkit Scan by GMER] < Windows folder & sub-folders > scanning hidden processes ... IPC error: 2 The system cannot find the file specified. scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... C:\Windows\winsxs\x86_microsoft-windows-p..rastructureconsumer_31bf3856ad364e35_6.0.6000.16386_none_b1a5cca33386fc09\System Diagnostics.xml:0v1ieca3Feahez0jAwxjjk5uRh 5384 bytes C:\Windows\winsxs\x86_microsoft-windows-p..rastructureconsumer_31bf3856ad364e35_6.0.6000.16386_none_b1a5cca33386fc09\System Diagnostics.xml:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 2 < Document and Settings folder & sub folders > scanning hidden files ... IPC error: 2 The system cannot find the file specified. C:\ProgramData\TEMP:002A177A 123 bytes C:\ProgramData\TEMP:03777453 129 bytes C:\ProgramData\TEMP:07F32517 101 bytes C:\ProgramData\TEMP:0A03CEDC 124 bytes C:\ProgramData\TEMP:0E799D7F 118 bytes C:\ProgramData\TEMP:0EC44AEB 134 bytes C:\ProgramData\TEMP:2E99787D 126 bytes C:\ProgramData\TEMP:3D69B4B5 124 bytes C:\ProgramData\TEMP:3DB0B938 124 bytes C:\ProgramData\TEMP:40520FC3 114 bytes C:\ProgramData\TEMP:45F31C4F 129 bytes C:\ProgramData\TEMP:48D45EF0 114 bytes C:\ProgramData\TEMP:56DA0F9E 118 bytes C:\ProgramData\TEMP:5A823589 112 bytes C:\ProgramData\TEMP:5C68FD2C 118 bytes C:\ProgramData\TEMP:5DAABF18 125 bytes C:\ProgramData\TEMP:6AB7FCDF 112 bytes C:\ProgramData\TEMP:6C58385A 121 bytes C:\ProgramData\TEMP:72211901 122 bytes C:\ProgramData\TEMP:771E6DA1 121 bytes C:\ProgramData\TEMP:7877A7F7 132 bytes C:\ProgramData\TEMP:7F8DF0C6 144 bytes C:\ProgramData\TEMP:8BE2CBE9 130 bytes C:\ProgramData\TEMP:8DE807EE 120 bytes C:\ProgramData\TEMP:8FC9A41B 153 bytes C:\ProgramData\TEMP:928218FA 124 bytes C:\ProgramData\TEMP:96F4AB89 119 bytes C:\ProgramData\TEMP:98F0614F 113 bytes C:\ProgramData\TEMP:9AB56A06 117 bytes C:\ProgramData\TEMP:A988B257 140 bytes C:\ProgramData\TEMP:B0A3DB99 120 bytes C:\ProgramData\TEMP:BDBBA690 124 bytes C:\ProgramData\TEMP:C4532973 119 bytes C:\ProgramData\TEMP:CBCF563D 136 bytes C:\ProgramData\TEMP:D0030B7B 124 bytes C:\ProgramData\TEMP:D3BEF2E1 124 bytes C:\ProgramData\TEMP:D455373F 132 bytes C:\ProgramData\TEMP:D5ED3FFD 106 bytes C:\ProgramData\TEMP:E0AF4473 106 bytes C:\ProgramData\TEMP:E5D28A2A 105 bytes C:\ProgramData\TEMP:E5EADA0D 116 bytes C:\ProgramData\TEMP:E837C81C 119 bytes C:\ProgramData\TEMP:F061428B 116 bytes C:\ProgramData\TEMP:F0D5155A 107 bytes C:\ProgramData\TEMP:F3D40992 123 bytes C:\ProgramData\TEMP:F3F95A98 142 bytes C:\ProgramData\TEMP:FA7FE636 108 bytes C:\ProgramData\TEMP:FEA16326 120 bytes scan completed successfully hidden files: 51 < End of report > [/code]