Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Antivirus 2009 [Solved]

Started by Cdn_Red , Jul 10 2009 08:18 AM

  • This topic is locked This topic is locked

#61
chamber
Posted 05 August 2009 - 04:23 PM

chamber

    Face Burnin' Malware Fighter

  • Visiting Consultant
  • 2,712 posts
Ok Cdn_Red,

Here is the plan of attack.

I need you to delete the copy of ComboFix that you have and then, re download it, don't run it just yet though, we will run AVZ in between the re download and the running.

1) ComboFix - part 1

Download Combofix from any of the links below and save it to your desktop. You must rename it to winlogon.exe before saving it.

Link 1
Link 2

Posted Image

Posted Image

Do not run it just yet

2) AVZ

  • Close all windows then double click on AVZ.exe
  • Click File > Custom scripts
  • Copy & paste the contents of the following codebox in the box in the program

    begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
 QuarantineFile('C:\Windows\system32\drivers\gnklknt.sys','');
 StopService('hftrnn');
 SetServiceStart('hftrnn', 4);
 QuarantineFile('C:\Windows\System32\Drivers\spml.sys','');
 TerminateProcessByName('c:\windows\system32\svchost.exe');
 QuarantineFile('\\?\globalroot\systemroot\system32\UACgbrxtpotauhqvobag.dll','');
 DeleteFile('\\?\globalroot\systemroot\system32\UACgbrxtpotauhqvobag.dll');
 BC_DeleteFile('\\?\globalroot\systemroot\system32\UACgbrxtpotauhqvobag.dll');
 DeleteFile('C:\Windows\System32\Drivers\spml.sys');
 BC_DeleteFile('C:\Windows\System32\Drivers\spml.sys');
 BC_DeleteFile('C:\Windows\system32\drivers\gnklknt.sys');
BC_ImportDeletedList;
ExecuteSysClean;
ExecuteRepair(1);
BC_Activate;
RebootWindows(true);
end.

  • Note: When you run the script, your PC will be restarted
  • Click Run
  • Restart your PC if it doesn't do it automatically

3) ComboFix - part 2

Double click on winlogon.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt log so we can continue cleaning the system.

  • 0

Advertisements

#62
Cdn_Red
Posted 06 August 2009 - 05:17 PM

Cdn_Red

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
I followed the steps here but I still can't open the ComboFix log.
  • 0

#63
Cdn_Red
Posted 06 August 2009 - 07:06 PM

Cdn_Red

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Update:

Miraculously, the next time I rebooted, the computer rebooted in normal mode. It has since rebooted a few times - all normally. It also installed the windows updates it was supposed to and still booted normally. Because I could now disable the antivirus, I ran ComboFix again. It proceeded fine, did not warn me about my antivirus and did not detect any rootkit activity. It ran a bunch of steps then showed a number of winlogon\filename then said "The batch file could not be found" and stalled completely. I could not get a screenshot as Window Explorer had not yet rebooted. I could CTRL-ALT-DEL and end task and I could reboot that way as well.

ComboFix still produced a log but again, it tells me that access is denied.
  • 0

#64
chamber
Posted 07 August 2009 - 10:47 AM

chamber

    Face Burnin' Malware Fighter

  • Visiting Consultant
  • 2,712 posts
Hi Cdn_Red,

Thats great about being able to get into normal mode, AVZ obviously managed to kill some of the files.

Lets see if it will find anything else while in normal mode. We wil also see if an antirootkit scan will work now.

1) AVZ

Using the file you downloaded run AVZ again,

  • Double click on kill.pif to run it.
  • Run an update by clicking the Auto Update button on the Right of the Log window: Posted Image
  • Click Start to begin the update
Note: If you recieve an error message, chose a different source, then click Start again


  • Start AVZ.
  • Choose from the menu "File" => "Standard scripts " and mark the "Healing/Quarantine and Advanced System Analysis" check box.
    Posted Image
  • Click on the “Execute selected scripts”.
  • Automatic scanning, healing and system check will be executed.
  • A logfile (avz_sysinfo.htm) will be created and saved in the LOG folder in the AVZ directory as virusinfo_syscure.zip.
  • It is necessary to reboot your machine, because AVZ might disturb some program operations (like antiviruses and firewall) during the system scan.
  • All applications will work properly after the system restart.

When restarted

  • Start AVZ.
  • Choose from the menu "File" => "Standard scripts " and mark the “Advanced System Analysis" check box.
    Posted Image
  • Click on the "Execute selected scripts".
  • A system check will be automatically performed, and the created logfile (avz_sysinfo.htm) will be saved in the LOG folder in the AVZ directory as virusinfo_syscheck.zip.

Attach both virusinfo_syscure.zip and virusinfo_syscheck.zip to your next post

To attach a file, do the following:
  • Click Add Reply
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on Posted Image to insert the attachment into your post

2) RootRepeal

Download RootRepeal from one of the following locations:Unzip it to your Desktop.
  • Double click RootRepeal.exe to start the program
  • Click on the Report tab at the bottom of the program window
  • Click the Scan button
  • In the Select Scan dialog, check:
    • Drivers
    • Files
    • Processes
    • SSDT
    • Stealth Objects
    • Hidden Services
    • Shadow SSDT
  • Click the OK button
  • In the next dialog, select all drives showing
  • Click OK to start the scan

    Note: The scan can take some time. DO NOT run any other programs while the scan is running

  • When the scan is complete, the Save Report button will become available
  • Click this and save the report to your Desktop as RootRepeal.txt
  • Go to File, then Exit to close the program
If the report is not too long, post the contents of RootRepeal.txt in your next reply. If the report is very long, it will not be complete if you post it, so please attach it to your reply instead.

To attach a file, do the following:
  • Click Add Reply
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on Posted Image to insert the attachment into your post

In your reply I would like to see,

1) Both AVZ logs attached
2) RootRepeal log
  • 0

#65
Cdn_Red
Posted 08 August 2009 - 02:08 PM

Cdn_Red

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Here are my AVZ logs.
Attached File  virusinfo_syscheck.zip   22.56KB   93 downloads
Attached File  virusinfo_syscure.zip   20.71KB   103 downloads

When I clisk the Scan button in RootRepeal, I don't get a dialogue box where I can selest different things. I only get the following screenshot:
Capture.JPG
  • 0

#66
chamber
Posted 09 August 2009 - 03:28 AM

chamber

    Face Burnin' Malware Fighter

  • Visiting Consultant
  • 2,712 posts
Hi,

# Click on the Report tab at the bottom of the program window
# Click the Scan button

Is it in there?
  • 0

#67
Cdn_Red
Posted 09 August 2009 - 09:28 AM

Cdn_Red

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Bingo.

Here is the report:
Attached File  RootRepeal.txt   86.47KB   134 downloads

I attached the two AVZ logs to my last post.
  • 0

#68
chamber
Posted 09 August 2009 - 09:36 AM

chamber

    Face Burnin' Malware Fighter

  • Visiting Consultant
  • 2,712 posts
Hi Cdn_Red,

Things are looking better. Looking over rootrepeal now. :)

1) AVZ

  • Close all windows then double click on AVZ.exe
  • Click File > Custom scripts
  • Copy & paste the contents of the following codebox in the box in the program

    begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
 QuarantineFile('wscsvc.sys','');
 SetServiceStart('wscsvc', 4);
 StopService('wscsvc');
 QuarantineFile('C:\Windows\System32\Drivers\spwv.sys','');
 BC_DeleteFile('C:\Windows\System32\Drivers\spwv.sys');
 BC_DeleteFile('wscsvc.sys');
BC_ImportDeletedList;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.

  • Note: When you run the script, your PC will be restarted
  • Click Run
  • Restart your PC if it doesn't do it automatically, and post back with a new OTL log.

2) Malwarebytes

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

3) Security Check

Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

In your reply I would like to see copied and pasted,

1) OTL log
2) Malwarebytes log
3) Security check
  • 0

#69
Cdn_Red
Posted 09 August 2009 - 11:36 AM

Cdn_Red

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Here are my three logs:
1. OTL Log:
OTL logfile created on: 09/08/2009 12:56:29 PM - Run 4
OTL by OldTimer - Version 3.0.7.1 Folder = C:\Users\robert\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18813)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 1.10 Gb Available Physical Memory | 55.47% Memory free
4.00 Gb Paging File | 3.34 Gb Available in Paging File | 83.48% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138.70 Gb Total Space | 84.08 Gb Free Space | 60.62% Space Free | Partition Type: NTFS
Drive D: | 10.35 Gb Total Space | 4.40 Gb Free Space | 42.50% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ROBERT-PC
Current User Name: robert
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Program Files\Trend Micro\BM\TMBMSRV.exe ()
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe ()
PRC - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe ()
PRC - C:\Program Files\Trend Micro\Internet Security\TmPfw.exe ()
PRC - C:\Windows\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe ()
PRC - C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Users\robert\Desktop\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (AgereModemAudio [Disabled | Stopped]) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (Apple Mobile Device [On_Demand | Stopped]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (Bonjour Service [On_Demand | Stopped]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ehRecvr [On_Demand | Stopped]) -- C:\Windows\ehome\ehRecvr.exe (Microsoft Corporation)
SRV - (ehSched [On_Demand | Stopped]) -- C:\Windows\ehome\ehsched.exe (Microsoft Corporation)
SRV - (ehstart [Auto | Stopped]) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation)
SRV - (Eventlog [Auto | Running]) -- C:\Windows\System32\wevtsvc.dll (Microsoft Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (fsssvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (GameConsoleService [Disabled | Stopped]) -- C:\Program Files\Gateway Games\Gateway Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (GoogleDesktopManager-061008-081103 [Disabled | Stopped]) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
SRV - (gusvc [Disabled | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (hpqcxs08 [On_Demand | Running]) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll (Hewlett-Packard Co.)
SRV - (hpqddsvc [Auto | Running]) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll (Hewlett-Packard Co.)
SRV - (IAANTMON [Disabled | Stopped]) -- C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe (Intel Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Stopped]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (Microsoft Office Groove Audit Service [On_Demand | Stopped]) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (Net Driver HPZ12 [Auto | Running]) -- C:\Windows\System32\HPZinw12.dll (Hewlett-Packard)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (Pml Driver HPZ12 [Auto | Running]) -- C:\Windows\System32\HPZipm12.dll (Hewlett-Packard)
SRV - (SeaPort [Auto | Running]) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (SfCtlCom [Auto | Running]) -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe (Trend Micro Inc.)
SRV - (TMBMServer [Auto | Running]) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe (Trend Micro Inc.)
SRV - (TmPfw [Auto | Running]) -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe (Trend Micro Inc.)
SRV - (TmProxy [Auto | Running]) -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe (Trend Micro Inc.)
SRV - (WinDefend [Auto | Stopped]) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Running]) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (ac97intc [On_Demand | Stopped]) -- C:\Windows\System32\drivers\ac97intc.sys (Intel Corporation)
DRV - (adp94xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (adpahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (adpu160m [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (adpu320 [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (AgereSoftModem [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\AGRSM.sys (Agere Systems)
DRV - (aic78xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (aliide [Disabled | Stopped]) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (arc [Disabled | Stopped]) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (arcsas [Disabled | Stopped]) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (bcm4sbxp [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\bcm4sbxp.sys (Broadcom Corporation)
DRV - (BrFiltLo [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (Brserid [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrSerWdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (cmdide [Disabled | Stopped]) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (E1G60 [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\E1G60I32.sys (Intel Corporation)
DRV - (elxstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (fssfltr [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\fssfltr.sys (Microsoft Corporation)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\Windows\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HpCISSs [Disabled | Stopped]) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (ialm [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\ialmnt5.sys (Intel Corporation)
DRV - (iaStor [Boot | Running]) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (iaStorV [Disabled | Stopped]) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (igfx [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\igdkmd32.sys (Intel Corporation)
DRV - (iirsp [Disabled | Stopped]) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (iteatapi [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (iteraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (LSI_FC [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (LSI_SAS [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (LSI_SCSI [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (megasas [Disabled | Stopped]) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (Mraid35x [Disabled | Stopped]) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (NETw2v32 [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\NETw2v32.sys (Intel® Corporation)
DRV - (NETw4v32 [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\NETw4v32.sys (Intel Corporation)
DRV - (nfrd960 [Disabled | Stopped]) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (ntrigdigi [Disabled | Stopped]) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (nvraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (ql2300 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (ql40xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (RTL8169 [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\Rtlh86.sys (Realtek Corporation)
DRV - (RTSTOR [On_Demand | Running]) -- C:\Windows\System32\drivers\RTSTOR.SYS (Realtek Semiconductor Corp.)
DRV - (secdrv [Auto | Running]) -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SiSRaid2 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (SiSRaid4 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (sptd [Boot | Running]) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (STHDA [On_Demand | Running]) -- C:\Windows\System32\drivers\stwrt.sys (SigmaTel, Inc.)
DRV - (Symc8xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_hi [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Sym_u3 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (SynTP [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV - (tmactmon [Auto | Stopped]) -- C:\Windows\System32\DRIVERS\tmactmon.sys (Trend Micro Inc.)
DRV - (tmcomm [Auto | Running]) -- C:\Windows\System32\DRIVERS\tmcomm.sys (Trend Micro Inc.)
DRV - (tmevtmgr [Auto | Stopped]) -- C:\Windows\System32\DRIVERS\tmevtmgr.sys (Trend Micro Inc.)
DRV - (tmlwf [System | Running]) -- C:\Windows\System32\DRIVERS\tmlwf.sys (Trend Micro Inc.)
DRV - (tmpreflt [Auto | Running]) -- C:\Windows\System32\DRIVERS\tmpreflt.sys (Trend Micro Inc.)
DRV - (tmtdi [System | Running]) -- C:\Windows\System32\DRIVERS\tmtdi.sys (Trend Micro Inc.)
DRV - (tmwfp [Auto | Running]) -- C:\Windows\System32\DRIVERS\tmwfp.sys (Trend Micro Inc.)
DRV - (tmxpflt [Auto | Running]) -- C:\Windows\System32\DRIVERS\tmxpflt.sys (Trend Micro Inc.)
DRV - (uliahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (UlSata [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (ulsata2 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (USBAAPL [On_Demand | Stopped]) -- C:\Windows\System32\Drivers\usbaapl.sys (Apple, Inc.)
DRV - (UVCFTR [On_Demand | Running]) -- C:\Windows\System32\Drivers\UVCFTR_S.SYS (Chicony Electronics Co., Ltd.)
DRV - (viaide [Disabled | Stopped]) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (vsapint [Auto | Running]) -- C:\Windows\System32\DRIVERS\vsapint.sys (Trend Micro Inc.)
DRV - (vsmraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.c...h...B&M=T-6816H
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.c...h...B&M=T-6816H
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://sympatico.msn...aspx?lang=en-ca
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.live.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.live.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://sympatico.msn...en-CA&ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E6 F4 48 15 0A 00 CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Live Search"
FF - prefs.js..browser.search.defaulturl: "http://search.live.c...?FORM=IEFM1&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.ca/ig?hl=en"
FF - prefs.js..extensions.enabledItems: {463F6CA5-EE3C-4be1-B7E6-7FEE11953374}:3.5.5
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.13
FF - prefs.js..keyword.URL: "http://search.live.c...?FORM=IEFM1&q="
FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/06/25 03:01:12 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/08/04 20:35:09 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/08/04 20:35:09 | 00,000,000 | ---D | M]

[2008/09/03 17:45:32 | 00,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\mozilla\Extensions
[2008/09/03 17:45:32 | 00,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/08/08 15:51:18 | 00,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\mozilla\Firefox\Profiles\qg0bydd0.default\extensions
[2009/06/25 16:42:31 | 00,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\mozilla\Firefox\Profiles\qg0bydd0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/05/08 00:34:35 | 00,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\mozilla\Firefox\Profiles\qg0bydd0.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}
[2009/03/31 09:27:07 | 00,001,632 | ---- | M] () -- C:\Users\robert\AppData\Roaming\Mozilla\FireFox\Profiles\qg0bydd0.default\searchplugins\live-search.xml
[2008/05/25 08:58:02 | 00,002,386 | ---- | M] () -- C:\Users\robert\AppData\Roaming\Mozilla\FireFox\Profiles\qg0bydd0.default\searchplugins\siteadvisor.xml
[2007/09/05 22:49:37 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/08/04 20:35:07 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/09/03 17:45:26 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\[email protected]
[2009/08/04 20:35:07 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/08/04 20:35:07 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/07/25 10:24:11 | 00,122,880 | ---- | M] (Google) -- C:\Program Files\mozilla firefox\components\GoogleDesktopMozilla.dll
[2007/04/10 17:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll
[2007/08/07 13:35:32 | 00,049,152 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\np32dsw.dll
[2008/01/04 17:57:08 | 01,335,600 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll
[2008/01/07 19:14:26 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll
[2007/02/05 00:02:56 | 01,642,496 | ---- | M] (LizardTech) -- C:\Program Files\mozilla firefox\plugins\npdjvu.dll
[2007/12/19 08:57:38 | 00,310,272 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
[2009/08/04 20:35:08 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2006/10/26 23:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL
[2007/05/10 23:52:34 | 00,095,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2009/06/02 09:51:54 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/06/02 09:51:54 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/06/02 09:51:54 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/06/02 09:51:55 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/06/02 09:51:55 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/06/02 09:51:55 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/06/02 09:51:55 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2009/03/29 13:25:40 | 00,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2009/03/29 13:25:40 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/03/29 13:25:40 | 00,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2009/03/29 13:25:40 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/03/29 13:25:40 | 00,000,759 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2009/03/29 13:25:40 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/07/25 10:24:11 | 00,000,686 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\GoogleDesktopMozilla.png
[2008/07/25 10:24:11 | 00,000,531 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\GoogleDesktopMozilla.src
[2009/03/29 13:25:40 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/03/29 13:25:40 | 00,000,831 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: (734 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O4 - HKLM..\Run: [UfSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\launcher.exe (soft thinks)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - x-sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/08/08 16:06:19 | 00,099,364 | ---- | C] () -- C:\Users\robert\Desktop\Capture.JPG
[2009/08/08 16:03:57 | 00,000,000 | ---D | C] -- C:\Users\robert\Desktop\RootRepeal
[2009/08/08 16:03:40 | 00,462,996 | ---- | C] () -- C:\Users\robert\Desktop\RootRepeal.zip
[2009/08/06 21:28:32 | 00,318,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CF31044.exe
[2009/08/06 21:28:32 | 00,000,000 | --SD | C] -- C:\winlogon
[2009/08/06 20:48:57 | 00,000,000 | ---D | C] -- C:\Windows\System32\Service
[2009/08/06 20:28:18 | 00,318,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CF19072.exe
[2009/08/06 20:09:30 | 00,318,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CF15552.exe
[2009/08/06 20:08:41 | 01,220,120 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\vsapint.sys
[2009/08/06 20:08:41 | 00,225,296 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmxpflt.sys
[2009/08/06 20:08:41 | 00,036,368 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmpreflt.sys
[2009/08/06 19:48:43 | 03,252,153 | -H-- | C] () -- C:\Users\robert\AppData\Local\IconCache.db
[2009/08/06 19:48:40 | 00,000,939 | ---- | C] () -- C:\Users\Public\Desktop\Trend Micro Internet Security.lnk
[2009/08/06 19:45:41 | 00,000,000 | ---D | C] -- C:\Users\robert\AppData\Local\Trend Micro
[2009/08/06 19:42:48 | 00,256,528 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmwfp.sys
[2009/08/06 19:42:48 | 00,153,104 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmcomm.sys
[2009/08/06 19:42:48 | 00,145,424 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmlwf.sys
[2009/08/06 19:42:48 | 00,080,400 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmtdi.sys
[2009/08/06 19:42:48 | 00,050,192 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmevtmgr.sys
[2009/08/06 19:42:48 | 00,050,192 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmactmon.sys
[2009/08/06 19:41:22 | 00,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2009/08/06 19:41:22 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2009/08/06 19:41:22 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2009/08/06 19:41:22 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dciman32.dll
[2009/08/06 19:40:52 | 05,937,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009/08/06 19:40:51 | 11,067,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
[2009/08/06 19:40:49 | 01,985,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
[2009/08/06 19:40:49 | 01,208,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
[2009/08/06 19:40:49 | 00,915,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
[2009/08/06 19:40:48 | 01,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2009/08/06 19:40:48 | 00,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2009/08/06 19:40:48 | 00,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2009/08/06 19:40:48 | 00,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\occache.dll
[2009/08/06 19:40:48 | 00,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2009/08/06 19:40:47 | 01,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009/08/06 19:40:47 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2009/08/06 19:40:47 | 00,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2009/08/06 19:40:47 | 00,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2009/08/06 19:40:47 | 00,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2009/08/06 19:40:47 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2009/08/06 19:40:47 | 00,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2009/08/06 19:40:47 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2009/08/06 19:40:47 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2009/08/06 19:40:47 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2009/08/06 19:40:47 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2009/08/06 19:33:32 | 00,000,000 | ---- | C] () -- C:\Users\robert\Desktop\TrendMicro_TIS_17.10_en-US_32-bit.exe
[2009/08/06 19:30:21 | 00,000,394 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{5FBBB694-C5BA-4A98-B637-1BB8E2BB85B1}.job
[2009/08/06 19:26:25 | 21,374,48448 | -HS- | C] () -- C:\hiberfil.sys
[2009/08/06 19:09:59 | 00,318,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CF3815.exe
[2009/08/06 19:02:21 | 00,000,000 | ---D | C] -- C:\Users\robert\Desktop\Backup
[2009/08/06 19:02:18 | 00,000,000 | ---D | C] -- C:\Users\robert\Desktop\Quarantine
[2009/08/06 19:00:24 | 03,155,573 | R--- | C] () -- C:\Users\robert\Desktop\winlogon.exe
[2009/08/04 20:04:47 | 00,000,000 | ---D | C] -- C:\Users\robert\Desktop\LOG
[2009/08/04 20:03:10 | 05,350,912 | ---- | C] () -- C:\Users\robert\Desktop\Kill.pif
[2009/08/03 18:13:21 | 73,290,9568 | ---- | C] () -- C:\Users\robert\Desktop\ubuntu-9.04-desktop-i386.iso
[2009/08/03 18:06:57 | 00,000,000 | ---D | C] -- C:\Users\robert\Desktop\IceSword122en
[2009/08/03 18:06:13 | 02,205,157 | ---- | C] () -- C:\Users\robert\Desktop\IceSword122en.zip
[2009/08/02 16:05:06 | 00,318,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CF18589.exe
[2009/07/30 18:00:17 | 00,318,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CF13981.exe
[2009/07/29 20:17:13 | 00,318,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CF20796.exe
[2009/07/29 19:56:36 | 00,000,000 | --SD | C] -- C:\Combo-Fix
[2009/07/29 19:56:35 | 00,318,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CF16665.exe
[2009/07/29 17:40:32 | 00,219,648 | ---- | C] () -- C:\Windows\PEV.exe
[2009/07/29 17:40:32 | 00,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2009/07/29 17:40:32 | 00,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2009/07/29 17:40:32 | 00,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2009/07/29 17:40:32 | 00,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2009/07/29 17:40:32 | 00,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2009/07/29 17:40:32 | 00,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2009/07/29 17:40:32 | 00,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2009/07/29 17:40:24 | 00,318,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CF22916.exe
[2009/07/29 17:40:24 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\swsc.exe
[2009/07/27 21:15:15 | 00,318,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CF24940.exe
[2009/07/27 21:09:01 | 00,318,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CF23735.exe
[2009/07/25 16:53:21 | 00,318,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CF31873.exe
[2009/07/24 01:07:05 | 00,318,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CF23177.exe
[2009/07/23 23:42:03 | 00,318,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CF3087.exe
[2009/07/22 21:23:10 | 00,000,859 | ---- | C] () -- C:\Users\robert\Desktop\Active@ ISO Burner.lnk
[2009/07/22 21:16:29 | 00,717,296 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009/07/22 21:16:25 | 00,000,000 | ---D | C] -- C:\Program Files\LSoft Technologies
[2009/07/21 18:20:50 | 00,318,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CF1884.exe
[2009/07/20 17:40:00 | 00,000,000 | ---D | C] -- C:\Avenger
[2009/07/19 20:48:03 | 00,000,000 | ---D | C] -- C:\Users\robert\Desktop\Program setups
[2009/07/19 20:46:17 | 00,000,000 | ---D | C] -- C:\Users\robert\Desktop\Physics
[2009/07/19 20:45:28 | 00,000,000 | ---D | C] -- C:\Users\robert\Desktop\LOGS
[2009/07/19 20:39:51 | 00,000,506 | ---- | C] () -- C:\Users\robert\Desktop\gmer.lnk
[2009/07/19 14:04:31 | 00,000,816 | ---- | C] () -- C:\Users\robert\Desktop\BitZipper.lnk
[2009/07/19 14:04:31 | 00,000,000 | ---D | C] -- C:\Users\robert\AppData\Roaming\BitZipper
[2009/07/19 14:04:29 | 00,000,000 | ---D | C] -- C:\Program Files\BitZipper
[2009/07/19 14:00:12 | 00,000,000 | ---D | C] -- C:\ProgramData\WinZipSE
[2009/07/19 14:00:11 | 00,000,000 | ---D | C] -- C:\Program Files\WinZip Self-Extractor
[2009/07/19 13:47:01 | 00,318,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CF6488.exe
[2009/07/19 11:23:18 | 00,318,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CF11130.exe
[2009/07/19 11:20:06 | 00,318,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CF10043.exe
[2009/07/18 21:11:52 | 00,318,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CF7910.exe
[2009/07/18 21:10:25 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/07/18 14:45:59 | 00,000,000 | ---D | C] -- C:\Windows\pss
[2009/07/17 20:23:33 | 00,318,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CF11453.exe
[2009/07/17 20:12:21 | 00,318,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CF8972.exe
[2009/07/15 08:55:37 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/07/15 08:51:10 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Users\robert\Desktop\OTL.exe
[2009/07/10 22:00:19 | 00,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/07/10 22:00:13 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/07/10 22:00:12 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/07/10 22:00:12 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/07/10 22:00:12 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/01/04 17:58:50 | 03,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/01/04 17:57:22 | 00,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest
[2008/01/04 17:57:22 | 00,000,416 | ---- | C] () -- C:\Windows\System32\dpl100.dll.manifest
[2008/01/04 17:56:24 | 00,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2008/01/02 17:57:36 | 00,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2008/01/02 17:47:22 | 01,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2008/01/02 17:47:22 | 01,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2008/01/02 17:47:22 | 00,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2007/10/22 18:54:34 | 00,002,528 | ---- | C] () -- C:\Windows\FCIC.INI
[2007/09/16 23:27:16 | 00,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2007/06/04 08:53:17 | 00,910,304 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/06/04 08:53:17 | 00,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1244.dll
[2007/06/04 08:48:56 | 01,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2006/11/02 08:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:23:31 | 00,000,359 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 06:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 03:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[1999/01/22 14:46:58 | 00,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL

========== Files - Modified Within 30 Days ==========

[2009/08/09 12:53:17 | 00,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/08/09 12:53:17 | 00,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/08/09 12:53:12 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/08/09 12:53:09 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/08/09 12:53:07 | 21,374,48448 | -HS- | M] () -- C:\hiberfil.sys
[2009/08/09 12:48:57 | 00,000,394 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{5FBBB694-C5BA-4A98-B637-1BB8E2BB85B1}.job
[2009/08/08 22:47:04 | 03,252,153 | -H-- | M] () -- C:\Users\robert\AppData\Local\IconCache.db
[2009/08/08 16:06:21 | 00,099,364 | ---- | M] () -- C:\Users\robert\Desktop\Capture.JPG
[2009/08/08 16:03:41 | 00,462,996 | ---- | M] () -- C:\Users\robert\Desktop\RootRepeal.zip
[2009/08/06 21:28:26 | 00,318,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CF31044.exe
[2009/08/06 20:57:23 | 00,379,656 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/08/06 20:31:01 | 00,694,964 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/08/06 20:31:01 | 00,601,842 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/08/06 20:31:01 | 00,105,256 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/08/06 20:27:20 | 00,318,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CF19072.exe
[2009/08/06 20:09:20 | 00,318,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CF15552.exe
[2009/08/06 19:48:40 | 00,000,939 | ---- | M] () -- C:\Users\Public\Desktop\Trend Micro Internet Security.lnk
[2009/08/06 19:42:48 | 00,256,528 | ---- | M] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmwfp.sys
[2009/08/06 19:42:48 | 00,145,424 | ---- | M] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmlwf.sys
[2009/08/06 19:42:48 | 00,080,400 | ---- | M] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmtdi.sys
[2009/08/06 19:33:32 | 00,000,000 | ---- | M] () -- C:\Users\robert\Desktop\TrendMicro_TIS_17.10_en-US_32-bit.exe
[2009/08/06 19:09:28 | 00,318,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CF3815.exe
[2009/08/06 19:00:24 | 03,155,573 | R--- | M] () -- C:\Users\robert\Desktop\winlogon.exe
[2009/08/04 20:03:28 | 05,350,912 | ---- | M] () -- C:\Users\robert\Desktop\Kill.pif
[2009/08/03 18:26:30 | 73,290,9568 | ---- | M] () -- C:\Users\robert\Desktop\ubuntu-9.04-desktop-i386.iso
[2009/08/03 18:06:14 | 02,205,157 | ---- | M] () -- C:\Users\robert\Desktop\IceSword122en.zip
[2009/08/02 16:04:15 | 00,318,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CF18589.exe
[2009/08/02 16:00:59 | 21,789,7249 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2009/07/30 17:59:45 | 00,318,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CF13981.exe
[2009/07/29 20:16:37 | 00,318,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CF20796.exe
[2009/07/29 19:55:32 | 00,318,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CF16665.exe
[2009/07/29 17:40:10 | 00,318,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CF22916.exe
[2009/07/27 21:14:42 | 00,318,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CF24940.exe
[2009/07/27 21:08:33 | 00,318,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CF23735.exe
[2009/07/25 16:52:32 | 00,318,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CF31873.exe
[2009/07/24 01:06:48 | 00,318,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CF23177.exe
[2009/07/23 23:24:16 | 00,318,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CF3087.exe
[2009/07/22 21:23:10 | 00,000,859 | ---- | M] () -- C:\Users\robert\Desktop\Active@ ISO Burner.lnk
[2009/07/22 21:16:29 | 00,717,296 | ---- | M] () -- C:\Windows\System32\drivers\sptd.sys
[2009/07/21 18:20:35 | 00,318,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CF1884.exe
[2009/07/21 17:52:28 | 00,915,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
[2009/07/21 17:52:13 | 01,208,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
[2009/07/21 17:50:46 | 00,206,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\occache.dll
[2009/07/21 17:48:31 | 05,937,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009/07/21 17:48:27 | 00,594,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2009/07/21 17:48:27 | 00,055,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2009/07/21 17:47:47 | 00,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2009/07/21 17:47:41 | 01,469,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2009/07/21 17:47:28 | 00,164,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2009/07/21 17:47:28 | 00,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2009/07/21 17:47:27 | 01,985,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
[2009/07/21 17:47:27 | 00,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2009/07/21 17:47:26 | 11,067,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
[2009/07/21 17:47:26 | 00,184,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2009/07/21 17:47:26 | 00,055,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2009/07/21 17:47:21 | 00,386,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2009/07/21 16:13:58 | 00,133,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2009/07/21 16:13:51 | 00,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2009/07/21 16:13:15 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2009/07/21 16:12:49 | 01,638,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009/07/21 14:31:43 | 00,057,667 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2009/07/19 20:40:06 | 00,000,506 | ---- | M] () -- C:\Users\robert\Desktop\gmer.lnk
[2009/07/19 14:04:31 | 00,000,816 | ---- | M] () -- C:\Users\robert\Desktop\BitZipper.lnk
[2009/07/19 13:46:32 | 00,318,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CF6488.exe
[2009/07/19 11:22:59 | 00,318,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CF11130.exe
[2009/07/19 11:17:26 | 00,318,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CF10043.exe
[2009/07/18 21:10:21 | 00,318,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CF7910.exe
[2009/07/17 20:23:17 | 00,318,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CF11453.exe
[2009/07/17 20:10:37 | 00,318,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CF8972.exe
[2009/07/15 09:18:42 | 00,001,356 | ---- | M] () -- C:\Users\robert\AppData\Local\d3d9caps.dat
[2009/07/15 08:51:11 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\robert\Desktop\OTL.exe
[2009/07/13 05:48:54 | 00,219,648 | ---- | M] () -- C:\Windows\PEV.exe
[2009/07/10 22:00:19 | 00,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
< End of report >

2. Malwarebytes log:
Malwarebytes' Anti-Malware 1.40
Database version: 2586
Windows 6.0.6001 Service Pack 1

09/08/2009 1:20:36 PM
mbam-log-2009-08-09 (13-20-36).txt

Scan type: Quick Scan
Objects scanned: 89419
Time elapsed: 4 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 15
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\explorerbar.funexplorer (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\explorerbar.funexplorer.1 (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\explorerbar.funredirector (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\explorerbar.funredirector.1 (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{480098c6-f6ad-4c61-9b5c-2bae228a34d1} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{877f3eab-4462-44df-8475-6064eafd7fbf} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{883dfc00-8a21-411d-956c-73a4e4b7d16f} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c28a0312-c403-417b-a425-a915bc0519cd} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\{5617ECA9-488D-4BA2-8562-9710B9AB78D2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Internet Saving Optimizer (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Rootkit.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\UACd.sys (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\Environment\avapp (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Environment\avuninst (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\Common Files\Uninstall\PersonalAV (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\PersonalAV (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\Common Files\Uninstall\PersonalAV\Uninstall.lnk (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\PersonalAV\Personal Antivirus.lnk (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\PersonalAV\Uninstall.lnk (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully.
C:\Users\robert\Desktop\winlogon.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

3. Secority Check:
Results of screen317's Security Check version 0.98.7
Windows Vista Service Pack 1
Out of date service pack!!
``````````````````````````````
Antivirus/Firewall Check:
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Disabled!
Trend Micro Internet Security
Trend Micro Internet Security


Antivirus up to date! (On Access scanning disabled!)
``````````````````````````````
Anti-malware/Other Utilities Check:
Out of date HijackThis installed!
Malwarebytes' Anti-Malware
HijackThis 1.99.1
Java™ SE Runtime Environment 6 Update 1
Adobe Flash Player 10
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Out of date Adobe Reader installed!
``````````````````````````````
Process Check:
objlist.exe by Laurent


``````````````````````````````
DNS Vulnerability Check:
GREAT! (Very random)

`````````End of Log```````````
  • 0

#70
chamber
Posted 10 August 2009 - 01:29 PM

chamber

    Face Burnin' Malware Fighter

  • Visiting Consultant
  • 2,712 posts
Hi Cdn_Red,

Things are looking better, how is the computer running now?

I think that ComboFix should be able to produce a log now so we'll give it a whirl.

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**
  • If you are using Firefox, make sure that your download settings are as follows:
    • Tools->Options->Main tab
    • Set to "Always ask me where to Save the files".
  • During the download, rename Combofix to Combo-Fix as follows:

    Posted Image

    Posted Image

  • It is important you rename Combofix during the download, but not after.
  • Please do not rename Combofix to other names, but only to the one indicated.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combo-Fix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\Combo-Fix.txt" along with a new OTL log for further review.
**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**
  • 0

Advertisements

#71
Cdn_Red
Posted 10 August 2009 - 06:08 PM

Cdn_Red

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
We seem to be trucking along nicely!

Here is the ComboFix log (yay!)
ComboFix 09-08-10.01 - robert 10/08/2009 19:33.4.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.2.1033.18.2038.1122 [GMT -4:00]
Running from: c:\users\robert\Desktop\Combo-Fix.exe
AV: Trend Micro Internet Security *On-access scanning disabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

?
C:\WinLogon


.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_UACd.sys


((((((((((((((((((((((((( Files Created from 2009-07-10 to 2009-08-10 )))))))))))))))))))))))))))))))
.

2009-08-10 23:40 . 2009-08-10 23:44 -------- d-----w- c:\users\robert\AppData\Local\temp
2009-08-10 23:40 . 2009-08-10 23:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-08-10 23:40 . 2009-08-10 23:40 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2009-08-09 17:14 . 2009-08-03 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-09 17:14 . 2009-08-09 17:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-09 17:14 . 2009-08-09 17:14 -------- d-----w- c:\programdata\Malwarebytes
2009-08-09 17:14 . 2009-08-03 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-09 17:05 . 2009-08-09 17:05 -------- d-----w- c:\users\robert\AppData\Roaming\Malwarebytes
2009-08-07 00:48 . 2009-08-07 00:48 -------- d-----w- c:\windows\system32\Service
2009-08-07 00:08 . 2009-05-22 08:02 225296 ----a-w- c:\windows\system32\drivers\tmxpflt.sys
2009-08-07 00:08 . 2009-05-22 08:00 36368 ----a-w- c:\windows\system32\drivers\tmpreflt.sys
2009-08-07 00:08 . 2009-05-22 07:45 1220120 ----a-w- c:\windows\system32\drivers\vsapint.sys
2009-08-06 23:45 . 2009-08-06 23:45 -------- d-----w- c:\users\robert\AppData\Local\Trend Micro
2009-08-06 23:42 . 2009-08-06 23:42 80400 ----a-w- c:\windows\system32\drivers\tmtdi.sys
2009-08-06 23:42 . 2009-08-06 23:42 256528 ----a-w- c:\windows\system32\drivers\tmwfp.sys
2009-08-06 23:42 . 2009-08-06 23:42 145424 ----a-w- c:\windows\system32\drivers\tmlwf.sys
2009-08-06 23:42 . 2009-04-02 23:08 50192 ----a-w- c:\windows\system32\drivers\tmactmon.sys
2009-08-06 23:42 . 2009-04-02 23:08 50192 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys
2009-08-06 23:42 . 2009-04-02 23:08 153104 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-08-06 23:41 . 2009-06-15 15:24 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-08-06 23:41 . 2009-06-15 15:20 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-08-06 23:41 . 2009-06-15 15:20 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-08-06 23:41 . 2009-06-15 12:52 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-07-23 01:16 . 2009-07-23 01:16 717296 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-07-23 01:16 . 2009-07-23 01:16 -------- d-----w- c:\program files\LSoft Technologies
2009-07-19 18:04 . 2009-07-19 18:04 -------- d-----w- c:\users\robert\AppData\Roaming\BitZipper
2009-07-19 18:04 . 2009-07-19 18:04 -------- d-----w- c:\program files\BitZipper
2009-07-19 18:00 . 2009-07-19 18:00 -------- d-----w- c:\programdata\WinZipSE
2009-07-19 18:00 . 2009-07-19 18:00 -------- d-----w- c:\program files\WinZip Self-Extractor
2009-07-15 12:55 . 2009-07-15 12:55 -------- d-----w- C:\_OTL

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-09 17:20 . 2009-06-29 14:34 -------- d-----w- c:\program files\Common Files\Uninstall
2009-08-07 00:56 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-08-07 00:56 . 2009-03-30 20:17 -------- d-----w- c:\program files\Microsoft Silverlight
2009-08-07 00:54 . 2007-06-04 12:37 -------- d-----w- c:\programdata\Microsoft Help
2009-08-07 00:06 . 2008-12-09 04:47 -------- d-----w- c:\programdata\Trend Micro
2009-08-06 23:53 . 2008-12-09 04:46 -------- d-----w- c:\program files\Trend Micro
2009-07-23 01:16 . 2007-06-04 12:18 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-21 21:52 . 2009-08-06 23:40 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-08-06 23:40 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-08-06 23:40 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-08-06 23:40 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-15 13:18 . 2009-04-06 20:41 1356 ----a-w- c:\users\robert\AppData\Local\d3d9caps.dat
2009-07-08 20:14 . 2009-07-08 03:30 -------- d-----w- c:\program files\a-squared Anti-Malware
2009-06-02 13:43 . 2009-06-02 13:43 75048 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-05-29 17:36 . 2009-05-29 17:36 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-05-29 17:36 . 2009-05-29 17:36 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2008-07-25 14:24 . 2008-07-25 14:24 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-23 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2009-04-01 995528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2007-05-04 40072]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{99A822D7-DE8A-41DA-91A5-916465268685}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{8962B4F1-0EE6-4F77-9EE3-7FFEDD676374}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{50E56E3B-18F4-4C74-8EF0-8DC0DAF73423}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{8A11A7ED-F232-4963-9776-3CC5BFE7217D}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{6104A977-41D2-4930-B4D5-9FBB5D7F253A}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{EEA9ADE1-7ACA-4A92-B0D9-870E2F595C8B}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{185371F0-06D7-41A2-A39A-23620D28E1D1}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{13E686B6-BF67-4E30-82BC-B671C2151C20}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{048C5779-E66D-424D-8282-AC479A3A9213}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{EFECDE17-02A7-4987-8A0B-3FBE003E83E4}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{5E1125A2-66AE-4CF3-9038-D4512D5DD165}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{D76C7B80-95D2-47F5-87AA-6A883BF622A3}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{936FB7A6-DA34-4A9D-AFFF-C07A9CDC0ECF}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{BEFA4014-20FC-4A72-8BCB-09DCC3943290}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{A25A7509-591A-418C-A871-732F7906E622}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{ECA0F2DA-E77C-4B86-B9A4-C9D13A21EEBA}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{8EF7B576-BFB7-47F0-B4D5-7BAABA6FC4B6}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\System32\drivers\tmlwf.sys [06/08/2009 7:42 PM 145424]
R2 tmevtmgr;tmevtmgr;c:\windows\System32\drivers\tmevtmgr.sys [06/08/2009 7:42 PM 50192]
R2 TmPfw;Trend Micro Personal Firewall;c:\program files\Trend Micro\Internet Security\TmPfw.exe [06/08/2009 7:56 PM 497008]
R2 tmpreflt;tmpreflt;c:\windows\System32\drivers\tmpreflt.sys [06/08/2009 8:08 PM 36368]
R2 TmProxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [06/08/2009 7:56 PM 677128]
R2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\System32\drivers\tmwfp.sys [06/08/2009 7:42 PM 256528]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [31/03/2009 9:19 AM 55280]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [06/02/2009 6:08 PM 533360]
S3 NETw2v32;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\System32\drivers\NETw2v32.sys [02/11/2006 6:25 AM 2589184]
S4 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [04/06/2007 8:42 AM 29744]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-08-10 c:\windows\Tasks\User_Feed_Synchronization-{5FBBB694-C5BA-4A98-B637-1BB8E2BB85B1}.job
- c:\windows\system32\msfeedssync.exe [2009-08-06 20:13]
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)


.
------- Supplementary Scan -------
.
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_CA&Sys=PTB&M=T-6816H
uInternet Settings,ProxyOverride = <local>;*.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\qg0bydd0.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/ig?hl=en
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\qg0bydd0.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdjvu.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\audiodg.exe
c:\program files\Trend Micro\BM\TMBMSRV.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Trend Micro\Internet Security\SfCtlCom.exe
c:\windows\System32\conime.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2009-08-10 19:51 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-10 23:51

Pre-Run: 90,282,954,752 bytes free
Post-Run: 89,657,671,680 bytes free

194 --- E O F --- 2009-08-07 00:54


OTL log:
OTL logfile created on: 10/08/2009 7:52:31 PM - Run 5
OTL by OldTimer - Version 3.0.7.1 Folder = C:\Users\robert\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18813)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 1.07 Gb Available Physical Memory | 53.62% Memory free
4.00 Gb Paging File | 3.32 Gb Available in Paging File | 82.88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138.70 Gb Total Space | 83.55 Gb Free Space | 60.24% Space Free | Partition Type: NTFS
Drive D: | 10.35 Gb Total Space | 4.40 Gb Free Space | 42.50% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ROBERT-PC
Current User Name: robert
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Program Files\Trend Micro\BM\TMBMSRV.exe ()
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe ()
PRC - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe ()
PRC - C:\Program Files\Trend Micro\Internet Security\TmPfw.exe ()
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Windows\Explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Users\robert\Desktop\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (AgereModemAudio [Disabled | Stopped]) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (Apple Mobile Device [On_Demand | Stopped]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (Bonjour Service [On_Demand | Stopped]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ehRecvr [On_Demand | Stopped]) -- C:\Windows\ehome\ehRecvr.exe (Microsoft Corporation)
SRV - (ehSched [On_Demand | Stopped]) -- C:\Windows\ehome\ehsched.exe (Microsoft Corporation)
SRV - (ehstart [Auto | Stopped]) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation)
SRV - (Eventlog [Auto | Running]) -- C:\Windows\System32\wevtsvc.dll (Microsoft Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (fsssvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (GameConsoleService [Disabled | Stopped]) -- C:\Program Files\Gateway Games\Gateway Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (GoogleDesktopManager-061008-081103 [Disabled | Stopped]) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
SRV - (gusvc [Disabled | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (hpqcxs08 [On_Demand | Running]) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll (Hewlett-Packard Co.)
SRV - (hpqddsvc [Auto | Running]) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll (Hewlett-Packard Co.)
SRV - (IAANTMON [Disabled | Stopped]) -- C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe (Intel Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Stopped]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (Microsoft Office Groove Audit Service [On_Demand | Stopped]) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (Net Driver HPZ12 [Auto | Running]) -- C:\Windows\System32\HPZinw12.dll (Hewlett-Packard)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (Pml Driver HPZ12 [Auto | Running]) -- C:\Windows\System32\HPZipm12.dll (Hewlett-Packard)
SRV - (SeaPort [Auto | Running]) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (SfCtlCom [Auto | Running]) -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe ()
SRV - (TMBMServer [Auto | Running]) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe ()
SRV - (TmPfw [Auto | Running]) -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe ()
SRV - (TmProxy [Auto | Running]) -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe ()
SRV - (WinDefend [Auto | Stopped]) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Running]) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (ac97intc [On_Demand | Stopped]) -- C:\Windows\System32\drivers\ac97intc.sys (Intel Corporation)
DRV - (adp94xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (adpahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (adpu160m [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (adpu320 [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (AgereSoftModem [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\AGRSM.sys (Agere Systems)
DRV - (aic78xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (aliide [Disabled | Stopped]) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (arc [Disabled | Stopped]) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (arcsas [Disabled | Stopped]) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (bcm4sbxp [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\bcm4sbxp.sys (Broadcom Corporation)
DRV - (BrFiltLo [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (Brserid [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrSerWdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (catchme [On_Demand | Running]) -- File not found
DRV - (cmdide [Disabled | Stopped]) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (E1G60 [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\E1G60I32.sys (Intel Corporation)
DRV - (elxstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (fssfltr [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\fssfltr.sys (Microsoft Corporation)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\Windows\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HpCISSs [Disabled | Stopped]) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (ialm [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\ialmnt5.sys (Intel Corporation)
DRV - (iaStor [Boot | Running]) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (iaStorV [Disabled | Stopped]) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (igfx [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\igdkmd32.sys (Intel Corporation)
DRV - (iirsp [Disabled | Stopped]) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (iteatapi [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (iteraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (LSI_FC [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (LSI_SAS [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (LSI_SCSI [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (megasas [Disabled | Stopped]) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (Mraid35x [Disabled | Stopped]) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (NETw2v32 [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\NETw2v32.sys (Intel® Corporation)
DRV - (NETw4v32 [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\NETw4v32.sys (Intel Corporation)
DRV - (nfrd960 [Disabled | Stopped]) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (ntrigdigi [Disabled | Stopped]) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (nvraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (ql2300 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (ql40xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (RTL8169 [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\Rtlh86.sys (Realtek Corporation)
DRV - (RTSTOR [On_Demand | Running]) -- C:\Windows\System32\drivers\RTSTOR.SYS (Realtek Semiconductor Corp.)
DRV - (secdrv [Auto | Running]) -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SiSRaid2 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (SiSRaid4 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (sptd [Boot | Running]) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (STHDA [On_Demand | Running]) -- C:\Windows\System32\drivers\stwrt.sys (SigmaTel, Inc.)
DRV - (Symc8xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_hi [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Sym_u3 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (SynTP [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV - (tmactmon [Auto | Running]) -- C:\Windows\System32\DRIVERS\tmactmon.sys ()
DRV - (tmcomm [Auto | Running]) -- C:\Windows\System32\DRIVERS\tmcomm.sys ()
DRV - (tmevtmgr [Auto | Running]) -- C:\Windows\System32\DRIVERS\tmevtmgr.sys ()
DRV - (tmlwf [System | Running]) -- C:\Windows\System32\DRIVERS\tmlwf.sys (Trend Micro Inc.)
DRV - (tmpreflt [Auto | Running]) -- C:\Windows\System32\DRIVERS\tmpreflt.sys (Trend Micro Inc.)
DRV - (tmtdi [System | Running]) -- C:\Windows\System32\DRIVERS\tmtdi.sys (Trend Micro Inc.)
DRV - (tmwfp [Auto | Running]) -- C:\Windows\System32\DRIVERS\tmwfp.sys (Trend Micro Inc.)
DRV - (tmxpflt [Auto | Running]) -- C:\Windows\System32\DRIVERS\tmxpflt.sys (Trend Micro Inc.)
DRV - (uliahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (UlSata [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (ulsata2 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (USBAAPL [On_Demand | Stopped]) -- C:\Windows\System32\Drivers\usbaapl.sys (Apple, Inc.)
DRV - (UVCFTR [On_Demand | Running]) -- C:\Windows\System32\Drivers\UVCFTR_S.SYS (Chicony Electronics Co., Ltd.)
DRV - (viaide [Disabled | Stopped]) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (vsapint [Auto | Running]) -- C:\Windows\System32\DRIVERS\vsapint.sys (Trend Micro Inc.)
DRV - (vsmraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.c...h...B&M=T-6816H
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.live.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://sympatico.msn...en-CA&ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E6 F4 48 15 0A 00 CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Live Search"
FF - prefs.js..browser.search.defaulturl: "http://search.live.c...?FORM=IEFM1&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.ca/ig?hl=en"
FF - prefs.js..extensions.enabledItems: {463F6CA5-EE3C-4be1-B7E6-7FEE11953374}:3.5.5
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.13
FF - prefs.js..keyword.URL: "http://search.live.c...?FORM=IEFM1&q="
FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/06/25 03:01:12 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/08/04 20:35:09 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/08/04 20:35:09 | 00,000,000 | ---D | M]

[2008/09/03 17:45:32 | 00,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\mozilla\Extensions
[2008/09/03 17:45:32 | 00,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/08/10 19:24:07 | 00,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\mozilla\Firefox\Profiles\qg0bydd0.default\extensions
[2009/06/25 16:42:31 | 00,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\mozilla\Firefox\Profiles\qg0bydd0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/05/08 00:34:35 | 00,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\mozilla\Firefox\Profiles\qg0bydd0.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}
[2009/03/31 09:27:07 | 00,001,632 | ---- | M] () -- C:\Users\robert\AppData\Roaming\Mozilla\FireFox\Profiles\qg0bydd0.default\searchplugins\live-search.xml
[2008/05/25 08:58:02 | 00,002,386 | ---- | M] () -- C:\Users\robert\AppData\Roaming\Mozilla\FireFox\Profiles\qg0bydd0.default\searchplugins\siteadvisor.xml
[2007/09/05 22:49:37 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/08/04 20:35:07 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/09/03 17:45:26 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\[email protected]
[2009/08/04 20:35:07 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/08/04 20:35:07 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/07/25 10:24:11 | 00,122,880 | ---- | M] (Google) -- C:\Program Files\mozilla firefox\components\GoogleDesktopMozilla.dll
[2007/04/10 17:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll
[2007/08/07 13:35:32 | 00,049,152 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\np32dsw.dll
[2008/01/04 17:57:08 | 01,335,600 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll
[2008/01/07 19:14:26 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll
[2007/02/05 00:02:56 | 01,642,496 | ---- | M] (LizardTech) -- C:\Program Files\mozilla firefox\plugins\npdjvu.dll
[2007/12/19 08:57:38 | 00,310,272 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
[2009/08/04 20:35:08 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2006/10/26 23:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL
[2007/05/10 23:52:34 | 00,095,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2009/06/02 09:51:54 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/06/02 09:51:54 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/06/02 09:51:54 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/06/02 09:51:55 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/06/02 09:51:55 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/06/02 09:51:55 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/06/02 09:51:55 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2009/03/29 13:25:40 | 00,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2009/03/29 13:25:40 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/03/29 13:25:40 | 00,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2009/03/29 13:25:40 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/03/29 13:25:40 | 00,000,759 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2009/03/29 13:25:40 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/07/25 10:24:11 | 00,000,686 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\GoogleDesktopMozilla.png
[2008/07/25 10:24:11 | 00,000,531 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\GoogleDesktopMozilla.src
[2009/03/29 13:25:40 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/03/29 13:25:40 | 00,000,831 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: (27 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O4 - HKLM..\Run: [UfSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe ()
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\launcher.exe (soft thinks)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - x-sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/08/10 19:51:08 | 00,000,000 | ---D | C] -- C:\Windows\temp
[2009/08/10 19:51:08 | 00,000,000 | ---D | C] -- C:\Users\robert\AppData\Local\temp
[2009/08/10 19:44:17 | 00,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2009/08/10 19:31:30 | 00,000,000 | --SD | C] -- C:\Combo-Fix
[2009/08/10 18:26:55 | 03,123,573 | R--- | C] () -- C:\Users\robert\Desktop\Combo-Fix.exe
[2009/08/09 13:32:56 | 00,563,372 | ---- | C] () -- C:\Users\robert\Desktop\SecurityCheck.exe
[2009/08/09 13:14:11 | 00,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/08/09 13:14:09 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/08/09 13:14:07 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/08/09 13:14:07 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/08/09 13:14:07 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/08/09 13:11:55 | 03,942,048 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\robert\Desktop\mbam-setup.exe
[2009/08/09 13:05:43 | 00,000,000 | ---D | C] -- C:\Users\robert\AppData\Roaming\Malwarebytes
[2009/08/08 16:06:19 | 00,099,364 | ---- | C] () -- C:\Users\robert\Desktop\Capture.JPG
[2009/08/08 16:03:57 | 00,000,000 | ---D | C] -- C:\Users\robert\Desktop\RootRepeal
[2009/08/08 16:03:40 | 00,462,996 | ---- | C] () -- C:\Users\robert\Desktop\RootRepeal.zip
[2009/08/06 20:48:57 | 00,000,000 | ---D | C] -- C:\Windows\System32\Service
[2009/08/06 20:08:41 | 01,220,120 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\vsapint.sys
[2009/08/06 20:08:41 | 00,225,296 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmxpflt.sys
[2009/08/06 20:08:41 | 00,036,368 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmpreflt.sys
[2009/08/06 19:48:43 | 01,651,527 | -H-- | C] () -- C:\Users\robert\AppData\Local\IconCache.db
[2009/08/06 19:48:40 | 00,000,939 | ---- | C] () -- C:\Users\Public\Desktop\Trend Micro Internet Security.lnk
[2009/08/06 19:45:41 | 00,000,000 | ---D | C] -- C:\Users\robert\AppData\Local\Trend Micro
[2009/08/06 19:42:48 | 00,256,528 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmwfp.sys
[2009/08/06 19:42:48 | 00,153,104 | ---- | C] () -- C:\Windows\System32\drivers\tmcomm.sys
[2009/08/06 19:42:48 | 00,145,424 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmlwf.sys
[2009/08/06 19:42:48 | 00,080,400 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmtdi.sys
[2009/08/06 19:42:48 | 00,050,192 | ---- | C] () -- C:\Windows\System32\drivers\tmevtmgr.sys
[2009/08/06 19:42:48 | 00,050,192 | ---- | C] () -- C:\Windows\System32\drivers\tmactmon.sys
[2009/08/06 19:41:22 | 00,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2009/08/06 19:41:22 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2009/08/06 19:41:22 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2009/08/06 19:41:22 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dciman32.dll
[2009/08/06 19:40:52 | 05,937,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009/08/06 19:40:51 | 11,067,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
[2009/08/06 19:40:49 | 01,985,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
[2009/08/06 19:40:49 | 01,208,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
[2009/08/06 19:40:49 | 00,915,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
[2009/08/06 19:40:48 | 01,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2009/08/06 19:40:48 | 00,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2009/08/06 19:40:48 | 00,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2009/08/06 19:40:48 | 00,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\occache.dll
[2009/08/06 19:40:48 | 00,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2009/08/06 19:40:47 | 01,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009/08/06 19:40:47 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2009/08/06 19:40:47 | 00,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2009/08/06 19:40:47 | 00,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2009/08/06 19:40:47 | 00,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2009/08/06 19:40:47 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2009/08/06 19:40:47 | 00,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2009/08/06 19:40:47 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2009/08/06 19:40:47 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2009/08/06 19:40:47 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2009/08/06 19:40:47 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2009/08/06 19:33:32 | 00,000,000 | ---- | C] () -- C:\Users\robert\Desktop\TrendMicro_TIS_17.10_en-US_32-bit.exe
[2009/08/06 19:30:21 | 00,000,394 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{5FBBB694-C5BA-4A98-B637-1BB8E2BB85B1}.job
[2009/08/06 19:26:25 | 21,353,84064 | -HS- | C] () -- C:\hiberfil.sys
[2009/08/06 19:02:21 | 00,000,000 | ---D | C] -- C:\Users\robert\Desktop\Backup
[2009/08/06 19:02:18 | 00,000,000 | ---D | C] -- C:\Users\robert\Desktop\Quarantine
[2009/08/04 20:04:47 | 00,000,000 | ---D | C] -- C:\Users\robert\Desktop\LOG
[2009/08/04 20:03:10 | 05,350,912 | ---- | C] () -- C:\Users\robert\Desktop\Kill.pif
[2009/08/03 18:13:21 | 73,290,9568 | ---- | C] () -- C:\Users\robert\Desktop\ubuntu-9.04-desktop-i386.iso
[2009/08/03 18:06:57 | 00,000,000 | ---D | C] -- C:\Users\robert\Desktop\IceSword122en
[2009/08/03 18:06:13 | 02,205,157 | ---- | C] () -- C:\Users\robert\Desktop\IceSword122en.zip
[2009/07/29 17:40:32 | 00,216,064 | ---- | C] () -- C:\Windows\PEV.exe
[2009/07/29 17:40:32 | 00,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2009/07/29 17:40:32 | 00,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2009/07/29 17:40:32 | 00,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2009/07/29 17:40:32 | 00,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2009/07/29 17:40:32 | 00,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2009/07/29 17:40:32 | 00,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2009/07/29 17:40:32 | 00,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2009/07/22 21:23:10 | 00,000,859 | ---- | C] () -- C:\Users\robert\Desktop\Active@ ISO Burner.lnk
[2009/07/22 21:16:29 | 00,717,296 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009/07/22 21:16:25 | 00,000,000 | ---D | C] -- C:\Program Files\LSoft Technologies
[2009/07/19 20:48:03 | 00,000,000 | ---D | C] -- C:\Users\robert\Desktop\Program setups
[2009/07/19 20:46:17 | 00,000,000 | ---D | C] -- C:\Users\robert\Desktop\Physics
[2009/07/19 20:45:28 | 00,000,000 | ---D | C] -- C:\Users\robert\Desktop\LOGS
[2009/07/19 20:39:51 | 00,000,506 | ---- | C] () -- C:\Users\robert\Desktop\gmer.lnk
[2009/07/19 14:04:31 | 00,000,816 | ---- | C] () -- C:\Users\robert\Desktop\BitZipper.lnk
[2009/07/19 14:04:31 | 00,000,000 | ---D | C] -- C:\Users\robert\AppData\Roaming\BitZipper
[2009/07/19 14:04:29 | 00,000,000 | ---D | C] -- C:\Program Files\BitZipper
[2009/07/19 14:00:12 | 00,000,000 | ---D | C] -- C:\ProgramData\WinZipSE
[2009/07/19 14:00:11 | 00,000,000 | ---D | C] -- C:\Program Files\WinZip Self-Extractor
[2009/07/18 21:10:25 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/07/18 14:45:59 | 00,000,000 | ---D | C] -- C:\Windows\pss
[2009/07/15 08:55:37 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/07/15 08:51:10 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Users\robert\Desktop\OTL.exe
[2008/01/04 17:58:50 | 03,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/01/04 17:57:22 | 00,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest
[2008/01/04 17:57:22 | 00,000,416 | ---- | C] () -- C:\Windows\System32\dpl100.dll.manifest
[2008/01/04 17:56:24 | 00,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2008/01/02 17:57:36 | 00,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2008/01/02 17:47:22 | 01,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2008/01/02 17:47:22 | 01,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2008/01/02 17:47:22 | 00,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2007/10/22 18:54:34 | 00,002,528 | ---- | C] () -- C:\Windows\FCIC.INI
[2007/09/16 23:27:16 | 00,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2007/06/04 08:53:17 | 00,910,304 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/06/04 08:53:17 | 00,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1244.dll
[2007/06/04 08:48:56 | 01,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2006/11/02 08:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:23:31 | 00,000,359 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 06:23:31 | 00,000,215 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 03:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[1999/01/22 14:46:58 | 00,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL

========== Files - Modified Within 30 Days ==========

[2009/08/10 19:45:11 | 00,000,394 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{5FBBB694-C5BA-4A98-B637-1BB8E2BB85B1}.job
[2009/08/10 19:44:35 | 00,000,215 | ---- | M] () -- C:\Windows\system.ini
[2009/08/10 19:43:43 | 00,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2009/08/10 19:43:07 | 00,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/08/10 19:43:06 | 00,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/08/10 19:43:00 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/08/10 19:42:56 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/08/10 19:42:52 | 21,353,84064 | -HS- | M] () -- C:\hiberfil.sys
[2009/08/10 18:26:56 | 03,123,573 | R--- | M] () -- C:\Users\robert\Desktop\Combo-Fix.exe
[2009/08/09 19:45:44 | 01,651,527 | -H-- | M] () -- C:\Users\robert\AppData\Local\IconCache.db
[2009/08/09 13:32:56 | 00,563,372 | ---- | M] () -- C:\Users\robert\Desktop\SecurityCheck.exe
[2009/08/09 13:14:11 | 00,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/08/09 13:11:59 | 03,942,048 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\robert\Desktop\mbam-setup.exe
[2009/08/08 16:06:21 | 00,099,364 | ---- | M] () -- C:\Users\robert\Desktop\Capture.JPG
[2009/08/08 16:03:41 | 00,462,996 | ---- | M] () -- C:\Users\robert\Desktop\RootRepeal.zip
[2009/08/08 12:10:14 | 00,216,064 | ---- | M] () -- C:\Windows\PEV.exe
[2009/08/06 20:57:23 | 00,379,656 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/08/06 20:31:01 | 00,694,964 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/08/06 20:31:01 | 00,601,842 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/08/06 20:31:01 | 00,105,256 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/08/06 19:48:40 | 00,000,939 | ---- | M] () -- C:\Users\Public\Desktop\Trend Micro Internet Security.lnk
[2009/08/06 19:42:48 | 00,256,528 | ---- | M] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmwfp.sys
[2009/08/06 19:42:48 | 00,145,424 | ---- | M] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmlwf.sys
[2009/08/06 19:42:48 | 00,080,400 | ---- | M] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmtdi.sys
[2009/08/06 19:33:32 | 00,000,000 | ---- | M] () -- C:\Users\robert\Desktop\TrendMicro_TIS_17.10_en-US_32-bit.exe
[2009/08/04 20:03:28 | 05,350,912 | ---- | M] () -- C:\Users\robert\Desktop\Kill.pif
[2009/08/03 18:26:30 | 73,290,9568 | ---- | M] () -- C:\Users\robert\Desktop\ubuntu-9.04-desktop-i386.iso
[2009/08/03 18:06:14 | 02,205,157 | ---- | M] () -- C:\Users\robert\Desktop\IceSword122en.zip
[2009/08/03 13:36:28 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/08/03 13:36:06 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/08/02 16:00:59 | 21,789,7249 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2009/07/22 21:23:10 | 00,000,859 | ---- | M] () -- C:\Users\robert\Desktop\Active@ ISO Burner.lnk
[2009/07/22 21:16:29 | 00,717,296 | ---- | M] () -- C:\Windows\System32\drivers\sptd.sys
[2009/07/21 17:52:28 | 00,915,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
[2009/07/21 17:52:13 | 01,208,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
[2009/07/21 17:50:46 | 00,206,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\occache.dll
[2009/07/21 17:48:31 | 05,937,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009/07/21 17:48:27 | 00,594,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2009/07/21 17:48:27 | 00,055,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2009/07/21 17:47:47 | 00,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2009/07/21 17:47:41 | 01,469,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2009/07/21 17:47:28 | 00,164,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2009/07/21 17:47:28 | 00,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2009/07/21 17:47:27 | 01,985,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
[2009/07/21 17:47:27 | 00,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2009/07/21 17:47:26 | 11,067,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
[2009/07/21 17:47:26 | 00,184,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2009/07/21 17:47:26 | 00,055,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2009/07/21 17:47:21 | 00,386,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2009/07/21 16:13:58 | 00,133,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2009/07/21 16:13:51 | 00,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2009/07/21 16:13:15 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2009/07/21 16:12:49 | 01,638,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009/07/21 14:31:43 | 00,057,667 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2009/07/19 20:40:06 | 00,000,506 | ---- | M] () -- C:\Users\robert\Desktop\gmer.lnk
[2009/07/19 14:04:31 | 00,000,816 | ---- | M] () -- C:\Users\robert\Desktop\BitZipper.lnk
[2009/07/15 09:18:42 | 00,001,356 | ---- | M] () -- C:\Users\robert\AppData\Local\d3d9caps.dat
[2009/07/15 08:51:11 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\robert\Desktop\OTL.exe
< End of report >
  • 0

#72
chamber
Posted 11 August 2009 - 02:05 PM

chamber

    Face Burnin' Malware Fighter

  • Visiting Consultant
  • 2,712 posts
Hi Cdn_Red,

Things are looking a lot better!

Lets be sure though.

1) CFScript

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::

Folder::
c:\program files\uTorrent

DirLook::
c:\windows\system32\Service

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{5E1125A2-66AE-4CF3-9038-D4512D5DD165}"=-
"{D76C7B80-95D2-47F5-87AA-6A883BF622A3}"=-

Driver::


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

2) JavaRa

Please download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

3) Kaspersky

Please do an online scan with Kaspersky WebScanner

Click on Accept

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Kaspersky scans have been causing a bit of trouble lately, should that fail then please do the following,

Please click here to download AVP Tool by Kaspersky.
  • Save it to your desktop.
  • Reboot your computer into SafeMode.

    You can do this by restarting your computer and continually tapping the F8 key until a menu appears.
    Use your up arrow key to highlight SafeMode then hit enter    .

  • Double click the setup file to run it.
  • Click Next to continue.
  • It will by default install it to your desktop folder.Click Next.
  • Hit ok at the prompt for scanning in Safe Mode.
  • It will then open a box There will be a tab that says Automatic scan.
  • Under Automatic scan make sure these are checked.

  • System Memory
  • Startup Objects
  • Disk Boot Sectors.
  • My Computer.
  • Also any other drives (Removable that you may have)


After that click on Security level then choose Customize then click on the tab that says Heuristic Analyzer then choose Enable Deep rootkit search then choose ok.
Then choose OK again then you are back to the main screen.

  • Then click on Scan at the to right hand Corner.
  • It will automatically Neutralize any objects found.
  • If some objects are left un-neutralized then click the button that says Neutralize all
  • If it says it cannot be Neutralized then chooose The delete option when prompted.
  • After that is done click on the reports button at the bottom and save it to file name it Kas.
  • Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

    Note: This tool will self uninstall when you close it so please save the log before closing it.



In your reply I would like to see copied and pasted,

1) ComboFix log
2) Kaspersky scan log or the AVP log, depending on Kaspersky working
  • 0

#73
Cdn_Red
Posted 12 August 2009 - 07:44 PM

Cdn_Red

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Hi chamber,

I had to use the AVP Tool. After a few crashes, the scan completed saying it had found no threats. Here are my ComboFix and Kaspersky logs:
ComboFix 09-08-10.06 - robert 11/08/2009 19:52.5.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.2.1033.18.2038.1052 [GMT -4:00]
Running from: c:\users\robert\Desktop\Combo-Fix.exe
Command switches used :: c:\users\robert\Desktop\CFScript.txt
AV: Trend Micro Internet Security *On-access scanning disabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\uTorrent
c:\program files\uTorrent\uTorrent.exe


.
((((((((((((((((((((((((( Files Created from 2009-07-11 to 2009-08-11 )))))))))))))))))))))))))))))))
.

2009-08-11 23:57 . 2009-08-11 23:57 -------- d-----w- c:\users\robert\AppData\Local\temp
2009-08-11 23:57 . 2009-08-11 23:57 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-08-11 23:57 . 2009-08-11 23:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-08-11 23:57 . 2009-08-11 23:57 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2009-08-09 17:14 . 2009-08-03 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-09 17:14 . 2009-08-09 17:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-09 17:14 . 2009-08-09 17:14 -------- d-----w- c:\programdata\Malwarebytes
2009-08-09 17:14 . 2009-08-03 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-09 17:05 . 2009-08-09 17:05 -------- d-----w- c:\users\robert\AppData\Roaming\Malwarebytes
2009-08-07 00:48 . 2009-08-07 00:48 -------- d-----w- c:\windows\system32\Service
2009-08-07 00:08 . 2009-05-22 08:02 225296 ----a-w- c:\windows\system32\drivers\tmxpflt.sys
2009-08-07 00:08 . 2009-05-22 08:00 36368 ----a-w- c:\windows\system32\drivers\tmpreflt.sys
2009-08-07 00:08 . 2009-05-22 07:45 1220120 ----a-w- c:\windows\system32\drivers\vsapint.sys
2009-08-06 23:45 . 2009-08-06 23:45 -------- d-----w- c:\users\robert\AppData\Local\Trend Micro
2009-08-06 23:42 . 2009-08-06 23:42 80400 ----a-w- c:\windows\system32\drivers\tmtdi.sys
2009-08-06 23:42 . 2009-08-06 23:42 256528 ----a-w- c:\windows\system32\drivers\tmwfp.sys
2009-08-06 23:42 . 2009-08-06 23:42 145424 ----a-w- c:\windows\system32\drivers\tmlwf.sys
2009-08-06 23:42 . 2009-04-02 23:08 50192 ----a-w- c:\windows\system32\drivers\tmactmon.sys
2009-08-06 23:42 . 2009-04-02 23:08 50192 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys
2009-08-06 23:42 . 2009-04-02 23:08 153104 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-08-06 23:41 . 2009-06-15 15:24 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-08-06 23:41 . 2009-06-15 15:20 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-08-06 23:41 . 2009-06-15 15:20 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-08-06 23:41 . 2009-06-15 12:52 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-07-23 01:16 . 2009-07-23 01:16 717296 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-07-23 01:16 . 2009-07-23 01:16 -------- d-----w- c:\program files\LSoft Technologies
2009-07-19 18:04 . 2009-07-19 18:04 -------- d-----w- c:\users\robert\AppData\Roaming\BitZipper
2009-07-19 18:04 . 2009-07-19 18:04 -------- d-----w- c:\program files\BitZipper
2009-07-19 18:00 . 2009-07-19 18:00 -------- d-----w- c:\programdata\WinZipSE
2009-07-19 18:00 . 2009-07-19 18:00 -------- d-----w- c:\program files\WinZip Self-Extractor
2009-07-15 12:55 . 2009-07-15 12:55 -------- d-----w- C:\_OTL

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-09 17:20 . 2009-06-29 14:34 -------- d-----w- c:\program files\Common Files\Uninstall
2009-08-07 00:56 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-08-07 00:56 . 2009-03-30 20:17 -------- d-----w- c:\program files\Microsoft Silverlight
2009-08-07 00:54 . 2007-06-04 12:37 -------- d-----w- c:\programdata\Microsoft Help
2009-08-07 00:06 . 2008-12-09 04:47 -------- d-----w- c:\programdata\Trend Micro
2009-08-06 23:53 . 2008-12-09 04:46 -------- d-----w- c:\program files\Trend Micro
2009-07-23 01:16 . 2007-06-04 12:18 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-21 21:52 . 2009-08-06 23:40 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-08-06 23:40 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-08-06 23:40 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-08-06 23:40 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-15 13:18 . 2009-04-06 20:41 1356 ----a-w- c:\users\robert\AppData\Local\d3d9caps.dat
2009-07-08 20:14 . 2009-07-08 03:30 -------- d-----w- c:\program files\a-squared Anti-Malware
2009-06-02 13:43 . 2009-06-02 13:43 75048 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-05-29 17:36 . 2009-05-29 17:36 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-05-29 17:36 . 2009-05-29 17:36 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2008-07-25 14:24 . 2008-07-25 14:24 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\windows\system32\Service ----

2009-08-07 00:48 . 2009-08-07 01:35 1856 ----a-w- c:\windows\system32\Service\06082009_TIS17_SfFniAU.log


((((((((((((((((((((((((((((( SnapShot@2009-08-10_23.44.34 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-09-20 00:02 . 2008-01-19 07:35 31232 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6002.18049_none_93f62b2f8600b455\msvidc32.dll
+ 2006-11-02 09:03 . 2006-11-02 09:46 12800 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6002.18049_none_93f62b2f8600b455\msrle32.dll
+ 2006-11-02 09:03 . 2006-11-02 09:46 82944 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6002.18049_none_93f62b2f8600b455\mciavi32.dll
+ 2006-11-02 09:03 . 2006-11-02 09:46 65024 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6002.18049_none_93f62b2f8600b455\avicap32.dll
+ 2008-09-20 00:02 . 2008-01-19 07:35 31232 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6001.18270_none_91e6450388fad1ce\msvidc32.dll
+ 2006-11-02 09:03 . 2006-11-02 09:46 12800 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6001.18270_none_91e6450388fad1ce\msrle32.dll
+ 2006-11-02 09:03 . 2006-11-02 09:46 82944 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6001.18270_none_91e6450388fad1ce\mciavi32.dll
+ 2006-11-02 09:03 . 2006-11-02 09:46 65024 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6001.18270_none_91e6450388fad1ce\avicap32.dll
+ 2008-09-20 00:05 . 2008-01-19 07:36 53248 c:\windows\winsxs\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.0.6001.18266_none_2fb32dbcc5d3707b\tsgqec.dll
+ 2006-06-12 00:05 . 2009-08-11 23:44 63450 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-08-11 23:44 65746 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2006-11-02 13:05 . 2009-08-10 23:44 65746 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2007-08-30 20:08 . 2009-08-11 23:44 15578 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-55627862-2375233665-4226089185-1000_UserData.bin
+ 2009-08-11 23:29 . 2009-08-11 23:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-08-10 23:42 . 2009-08-10 23:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-08-10 23:42 . 2009-08-10 23:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-08-11 23:29 . 2009-08-11 23:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-09-20 00:02 . 2008-01-19 07:35 123904 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6002.18049_none_93f62b2f8600b455\msvfw32.dll
+ 2008-09-20 00:02 . 2008-01-19 07:35 123904 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6001.18270_none_91e6450388fad1ce\msvfw32.dll
+ 2008-09-20 00:05 . 2008-01-19 07:33 136192 c:\windows\winsxs\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.0.6001.18266_none_2fb32dbcc5d3707b\aaclient.dll
+ 2006-11-02 10:22 . 2009-08-11 23:40 6553600 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
- 2006-11-02 10:22 . 2009-08-07 01:37 6553600 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-08-11 23:52 . 2009-08-11 23:52 6402048 c:\windows\ERDNT\Hiv-backup\SCHEMA.DAT
+ 2009-05-12 07:01 . 2009-08-11 23:39 75419028 c:\windows\winsxs\ManifestCache\6.0.6002.18005_001c11ba_blobs.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-23 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2009-04-01 995528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2007-05-04 40072]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{99A822D7-DE8A-41DA-91A5-916465268685}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{8962B4F1-0EE6-4F77-9EE3-7FFEDD676374}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{50E56E3B-18F4-4C74-8EF0-8DC0DAF73423}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{8A11A7ED-F232-4963-9776-3CC5BFE7217D}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{6104A977-41D2-4930-B4D5-9FBB5D7F253A}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{EEA9ADE1-7ACA-4A92-B0D9-870E2F595C8B}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{185371F0-06D7-41A2-A39A-23620D28E1D1}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{13E686B6-BF67-4E30-82BC-B671C2151C20}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{048C5779-E66D-424D-8282-AC479A3A9213}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{EFECDE17-02A7-4987-8A0B-3FBE003E83E4}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{936FB7A6-DA34-4A9D-AFFF-C07A9CDC0ECF}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{BEFA4014-20FC-4A72-8BCB-09DCC3943290}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{A25A7509-591A-418C-A871-732F7906E622}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{ECA0F2DA-E77C-4B86-B9A4-C9D13A21EEBA}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{8EF7B576-BFB7-47F0-B4D5-7BAABA6FC4B6}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\System32\drivers\tmlwf.sys [06/08/2009 7:42 PM 145424]
R2 tmpreflt;tmpreflt;c:\windows\System32\drivers\tmpreflt.sys [06/08/2009 8:08 PM 36368]
R2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\System32\drivers\tmwfp.sys [06/08/2009 7:42 PM 256528]
S2 tmevtmgr;tmevtmgr;c:\windows\System32\drivers\tmevtmgr.sys [06/08/2009 7:42 PM 50192]
S2 TmPfw;Trend Micro Personal Firewall;c:\program files\Trend Micro\Internet Security\TmPfw.exe [06/08/2009 7:56 PM 497008]
S2 TmProxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [06/08/2009 7:56 PM 677128]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [31/03/2009 9:19 AM 55280]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [06/02/2009 6:08 PM 533360]
S3 NETw2v32;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\System32\drivers\NETw2v32.sys [02/11/2006 6:25 AM 2589184]
S4 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [04/06/2007 8:42 AM 29744]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-08-11 c:\windows\Tasks\User_Feed_Synchronization-{5FBBB694-C5BA-4A98-B637-1BB8E2BB85B1}.job
- c:\windows\system32\msfeedssync.exe [2009-08-06 20:13]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_CA&Sys=PTB&M=T-6816H
uInternet Settings,ProxyOverride = <local>;*.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\qg0bydd0.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/ig?hl=en
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\qg0bydd0.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdjvu.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-11 19:57
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2009-08-11 19:59
ComboFix-quarantined-files.txt 2009-08-11 23:59
ComboFix2.txt 2009-08-10 23:51

Pre-Run: 89,291,231,232 bytes free
Post-Run: 88,925,376,512 bytes free

Current=2 Default=2 Failed=1 LastKnownGood=3 Sets=1,2,3,4
212 --- E O F --- 2009-08-07 00:54


Kaspersky:
Scan
----
Scanned: 238289
Detected: 0
Untreated: 0
Start time: 12/08/2009 8:25:01 PM
Duration: 00:47:31
Finish time: 12/08/2009 9:12:32 PM


Detected
--------
Status Object
------ ------


Events
------
Time Name Status Reason
---- ---- ------ ------
12/08/2009 8:21:19 PM Running module: smss.exe\smss.exe ok scanned
12/08/2009 8:21:19 PM File: C:\Windows\System32\smss.exe ok scanned
12/08/2009 8:21:20 PM Running module: smss.exe\ntdll.dll ok scanned
12/08/2009 8:21:20 PM File: C:\Windows\system32\ntdll.dll ok scanned
12/08/2009 8:21:20 PM Running module: csrss.exe\csrss.exe ok scanned
12/08/2009 8:21:20 PM File: C:\Windows\system32\csrss.exe ok scanned
12/08/2009 8:21:20 PM Running module: csrss.exe\ntdll.dll ok scanned
12/08/2009 8:21:20 PM File: C:\Windows\system32\ntdll.dll ok scanned
12/08/2009 8:21:20 PM Running module: csrss.exe\CSRSRV.dll ok scanned
12/08/2009 8:21:20 PM File: C:\Windows\system32\CSRSRV.dll ok scanned
12/08/2009 8:21:20 PM Running module: csrss.exe\basesrv.dll ok scanned
12/08/2009 8:21:20 PM File: C:\Windows\system32\basesrv.dll ok scanned
12/08/2009 8:21:20 PM Running module: csrss.exe\winsrv.dll ok scanned
12/08/2009 8:21:20 PM File: C:\Windows\system32\winsrv.dll ok scanned
12/08/2009 8:21:20 PM Running module: csrss.exe\USER32.dll ok scanned
12/08/2009 8:21:20 PM File: C:\Windows\system32\USER32.dll ok scanned
12/08/2009 8:21:20 PM Running module: csrss.exe\KERNEL32.dll ok scanned
12/08/2009 8:21:20 PM File: C:\Windows\system32\KERNEL32.dll ok scanned
12/08/2009 8:21:20 PM Running module: csrss.exe\GDI32.dll ok scanned
12/08/2009 8:21:20 PM File: C:\Windows\system32\GDI32.dll ok scanned
12/08/2009 8:21:20 PM Running module: csrss.exe\ADVAPI32.dll ok scanned
12/08/2009 8:21:20 PM File: C:\Windows\system32\ADVAPI32.dll ok scanned
12/08/2009 8:21:20 PM Running module: csrss.exe\RPCRT4.dll ok scanned
12/08/2009 8:21:20 PM File: C:\Windows\system32\RPCRT4.dll ok scanned
12/08/2009 8:21:20 PM Running module: csrss.exe\LPK.DLL ok scanned
12/08/2009 8:21:20 PM File: C:\Windows\system32\LPK.DLL ok scanned
12/08/2009 8:21:20 PM Running module: csrss.exe\USP10.dll ok scanned
12/08/2009 8:21:20 PM File: C:\Windows\system32\USP10.dll ok scanned
12/08/2009 8:21:20 PM Running module: csrss.exe\msvcrt.dll ok scanned
12/08/2009 8:21:20 PM File: C:\Windows\system32\msvcrt.dll ok scanned
12/08/2009 8:21:20 PM Running module: csrss.exe\sxs.dll ok scanned
12/08/2009 8:21:20 PM File: C:\Windows\system32\sxs.dll ok scanned
12/08/2009 8:21:20 PM Running module: csrss.exe\csrss.exe ok scanned
12/08/2009 8:21:21 PM File: C:\Windows\system32\csrss.exe ok scanned
12/08/2009 8:21:21 PM Running module: csrss.exe\ntdll.dll ok scanned
12/08/2009 8:21:22 PM File: C:\Windows\system32\ntdll.dll ok scanned
12/08/2009 8:21:22 PM Running module: csrss.exe\CSRSRV.dll ok scanned
12/08/2009 8:21:22 PM File: C:\Windows\system32\CSRSRV.dll ok scanned
12/08/2009 8:21:22 PM Running module: csrss.exe\basesrv.dll ok scanned
12/08/2009 8:21:22 PM File: C:\Windows\system32\basesrv.dll ok scanned
12/08/2009 8:21:22 PM Running module: csrss.exe\winsrv.dll ok scanned
12/08/2009 8:21:22 PM File: C:\Windows\system32\winsrv.dll ok scanned
12/08/2009 8:21:22 PM Running module: csrss.exe\USER32.dll ok scanned
12/08/2009 8:21:22 PM File: C:\Windows\system32\USER32.dll ok scanned
12/08/2009 8:21:22 PM Running module: csrss.exe\KERNEL32.dll ok scanned
12/08/2009 8:21:23 PM File: C:\Windows\system32\KERNEL32.dll ok scanned
12/08/2009 8:21:23 PM Running module: csrss.exe\GDI32.dll ok scanned
12/08/2009 8:21:23 PM File: C:\Windows\system32\GDI32.dll ok scanned
12/08/2009 8:21:23 PM Running module: csrss.exe\ADVAPI32.dll ok scanned
12/08/2009 8:21:23 PM File: C:\Windows\system32\ADVAPI32.dll ok scanned
12/08/2009 8:21:23 PM Running module: csrss.exe\RPCRT4.dll ok scanned
12/08/2009 8:21:23 PM File: C:\Windows\system32\RPCRT4.dll ok scanned
12/08/2009 8:21:23 PM Running module: csrss.exe\LPK.DLL ok scanned
12/08/2009 8:21:23 PM File: C:\Windows\system32\LPK.DLL ok scanned
12/08/2009 8:21:23 PM Running module: csrss.exe\USP10.dll ok scanned
12/08/2009 8:21:23 PM File: C:\Windows\system32\USP10.dll ok scanned
12/08/2009 8:21:23 PM Running module: csrss.exe\msvcrt.dll ok scanned
12/08/2009 8:21:23 PM File: C:\Windows\system32\msvcrt.dll ok scanned
12/08/2009 8:21:23 PM Running module: csrss.exe\sxs.dll ok scanned
12/08/2009 8:21:23 PM File: C:\Windows\system32\sxs.dll ok scanned
12/08/2009 8:21:23 PM Running module: wininit.exe\wininit.exe ok scanned
12/08/2009 8:21:23 PM File: C:\Windows\system32\wininit.exe ok scanned
12/08/2009 8:21:23 PM Running module: wininit.exe\ntdll.dll ok scanned
12/08/2009 8:21:23 PM File: C:\Windows\system32\ntdll.dll ok scanned
12/08/2009 8:21:23 PM Running module: wininit.exe\kernel32.dll ok scanned
12/08/2009 8:21:23 PM File: C:\Windows\system32\kernel32.dll ok scanned
12/08/2009 8:21:23 PM Running module: wininit.exe\ADVAPI32.dll ok scanned
12/08/2009 8:21:23 PM File: C:\Windows\system32\ADVAPI32.dll ok scanned
12/08/2009 8:21:23 PM Running module: wininit.exe\RPCRT4.dll ok scanned
12/08/2009 8:21:23 PM File: C:\Windows\system32\RPCRT4.dll ok scanned
12/08/2009 8:21:23 PM Running module: wininit.exe\USER32.dll ok scanned
12/08/2009 8:21:23 PM File: C:\Windows\system32\USER32.dll ok scanned
12/08/2009 8:21:23 PM Running module: wininit.exe\GDI32.dll ok scanned
12/08/2009 8:21:23 PM File: C:\Windows\system32\GDI32.dll ok scanned
12/08/2009 8:21:23 PM Running module: wininit.exe\msvcrt.dll ok scanned
12/08/2009 8:21:23 PM File: C:\Windows\system32\msvcrt.dll ok scanned
12/08/2009 8:21:23 PM Running module: wininit.exe\USERENV.dll ok scanned
12/08/2009 8:21:23 PM File: C:\Windows\system32\USERENV.dll ok scanned
12/08/2009 8:21:23 PM Running module: wininit.exe\Secur32.dll ok scanned
12/08/2009 8:21:23 PM File: C:\Windows\system32\Secur32.dll ok scanned
12/08/2009 8:21:23 PM Running module: wininit.exe\IMM32.DLL ok scanned
12/08/2009 8:21:23 PM File: C:\Windows\system32\IMM32.DLL ok scanned
12/08/2009 8:21:23 PM Running module: wininit.exe\MSCTF.dll ok scanned
12/08/2009 8:21:23 PM File: C:\Windows\system32\MSCTF.dll ok scanned
12/08/2009 8:21:23 PM Running module: wininit.exe\LPK.DLL ok scanned
12/08/2009 8:21:23 PM File: C:\Windows\system32\LPK.DLL ok scanned
12/08/2009 8:21:23 PM Running module: wininit.exe\USP10.dll ok scanned
12/08/2009 8:21:23 PM File: C:\Windows\system32\USP10.dll ok scanned
12/08/2009 8:21:23 PM Running module: wininit.exe\WS2_32.dll ok scanned
12/08/2009 8:21:23 PM File: C:\Windows\system32\WS2_32.dll ok scanned
12/08/2009 8:21:23 PM Running module: wininit.exe\NSI.dll ok scanned
12/08/2009 8:21:23 PM File: C:\Windows\system32\NSI.dll ok scanned
12/08/2009 8:21:23 PM Running module: wininit.exe\mswsock.dll ok scanned
12/08/2009 8:21:23 PM File: C:\Windows\system32\mswsock.dll ok scanned
12/08/2009 8:21:23 PM Running module: wininit.exe\wshtcpip.dll ok scanned
12/08/2009 8:21:23 PM File: C:\Windows\System32\wshtcpip.dll ok scanned
12/08/2009 8:21:23 PM Running module: services.exe\services.exe ok scanned
12/08/2009 8:21:24 PM File: C:\Windows\system32\services.exe ok scanned
12/08/2009 8:21:24 PM Running module: services.exe\ntdll.dll ok scanned
12/08/2009 8:21:24 PM File: C:\Windows\system32\ntdll.dll ok scanned
12/08/2009 8:21:24 PM Running module: services.exe\kernel32.dll ok scanned
12/08/2009 8:21:24 PM File: C:\Windows\system32\kernel32.dll ok scanned
12/08/2009 8:21:24 PM Running module: services.exe\ADVAPI32.dll ok scanned
12/08/2009 8:21:24 PM File: C:\Windows\system32\ADVAPI32.dll ok scanned
12/08/2009 8:21:24 PM Running module: services.exe\RPCRT4.dll ok scanned
12/08/2009 8:21:24 PM File: C:\Windows\system32\RPCRT4.dll ok scanned
12/08/2009 8:21:24 PM Running module: services.exe\USER32.dll ok scanned
12/08/2009 8:21:24 PM File: C:\Windows\system32\USER32.dll ok scanned
12/08/2009 8:21:24 PM Running module: services.exe\GDI32.dll ok scanned
12/08/2009 8:21:24 PM File: C:\Windows\system32\GDI32.dll ok scanned
12/08/2009 8:21:24 PM Running module: services.exe\msvcrt.dll ok scanned
12/08/2009 8:21:24 PM File: C:\Windows\system32\msvcrt.dll ok scanned
12/08/2009 8:21:24 PM Running module: services.exe\USERENV.dll ok scanned
12/08/2009 8:21:24 PM File: C:\Windows\system32\USERENV.dll ok scanned
12/08/2009 8:21:24 PM Running module: services.exe\Secur32.dll ok scanned
12/08/2009 8:21:24 PM File: C:\Windows\system32\Secur32.dll ok scanned
12/08/2009 8:21:24 PM Running module: services.exe\SCESRV.dll ok scanned
12/08/2009 8:21:24 PM File: C:\Windows\system32\SCESRV.dll ok scanned
12/08/2009 8:21:24 PM Running module: services.exe\AUTHZ.dll ok scanned
12/08/2009 8:21:24 PM File: C:\Windows\system32\AUTHZ.dll ok scanned
12/08/2009 8:21:24 PM Running module: services.exe\NETAPI32.dll ok scanned
12/08/2009 8:21:24 PM File: C:\Windows\system32\NETAPI32.dll ok scanned
12/08/2009 8:21:24 PM Running module: services.exe\PSAPI.DLL ok scanned
12/08/2009 8:21:24 PM File: C:\Windows\system32\PSAPI.DLL ok scanned
12/08/2009 8:21:24 PM Running module: services.exe\NCObjAPI.DLL ok scanned
12/08/2009 8:21:24 PM File: C:\Windows\system32\NCObjAPI.DLL ok scanned
12/08/2009 8:21:24 PM Running module: services.exe\IMM32.DLL ok scanned
12/08/2009 8:21:24 PM File: C:\Windows\system32\IMM32.DLL ok scanned
12/08/2009 8:21:24 PM Running module: services.exe\MSCTF.dll ok scanned
12/08/2009 8:21:24 PM File: C:\Windows\system32\MSCTF.dll ok scanned
12/08/2009 8:21:24 PM Running module: services.exe\LPK.DLL ok scanned
12/08/2009 8:21:24 PM File: C:\Windows\system32\LPK.DLL ok scanned
12/08/2009 8:21:24 PM Running module: services.exe\USP10.dll ok scanned
12/08/2009 8:21:24 PM File: C:\Windows\system32\USP10.dll ok scanned
12/08/2009 8:21:24 PM Running module: services.exe\CRYPT32.dll ok scanned
12/08/2009 8:21:24 PM File: C:\Windows\system32\CRYPT32.dll ok scanned
12/08/2009 8:21:24 PM Running module: services.exe\MSASN1.dll ok scanned
12/08/2009 8:21:24 PM File: C:\Windows\system32\MSASN1.dll ok scanned
12/08/2009 8:21:24 PM Running module: services.exe\credssp.dll ok scanned
12/08/2009 8:21:24 PM File: C:\Windows\system32\credssp.dll ok scanned
12/08/2009 8:21:24 PM Running module: services.exe\schannel.dll ok scanned
12/08/2009 8:21:24 PM File: C:\Windows\system32\schannel.dll ok scanned
12/08/2009 8:21:24 PM Running module: services.exe\NTMARTA.DLL ok scanned
12/08/2009 8:21:24 PM File: C:\Windows\system32\NTMARTA.DLL ok scanned
12/08/2009 8:21:24 PM Running module: services.exe\WLDAP32.dll ok scanned
12/08/2009 8:21:24 PM File: C:\Windows\system32\WLDAP32.dll ok scanned
12/08/2009 8:21:24 PM Running module: services.exe\WS2_32.dll ok scanned
12/08/2009 8:21:24 PM File: C:\Windows\system32\WS2_32.dll ok scanned
12/08/2009 8:21:24 PM Running module: services.exe\NSI.dll ok scanned
12/08/2009 8:21:24 PM File: C:\Windows\system32\NSI.dll ok scanned
12/08/2009 8:21:24 PM Running module: services.exe\SAMLIB.dll ok scanned
12/08/2009 8:21:24 PM File: C:\Windows\system32\SAMLIB.dll ok scanned
12/08/2009 8:21:24 PM Running module: services.exe\ole32.dll ok scanned
12/08/2009 8:21:24 PM File: C:\Windows\system32\ole32.dll ok scanned
12/08/2009 8:21:24 PM Running module: services.exe\mswsock.dll ok scanned
12/08/2009 8:21:24 PM File: C:\Windows\system32\mswsock.dll ok scanned
12/08/2009 8:21:24 PM Running module: services.exe\wshtcpip.dll ok scanned
12/08/2009 8:21:24 PM File: C:\Windows\System32\wshtcpip.dll ok scanned
12/08/2009 8:21:24 PM Running module: winlogon.exe\winlogon.exe ok scanned
12/08/2009 8:21:24 PM File: C:\Windows\system32\winlogon.exe ok scanned
12/08/2009 8:21:24 PM Running module: winlogon.exe\ntdll.dll ok scanned
12/08/2009 8:21:25 PM File: C:\Windows\system32\ntdll.dll ok scanned
12/08/2009 8:21:25 PM Running module: winlogon.exe\kernel32.dll ok scanned
12/08/2009 8:21:25 PM File: C:\Windows\system32\kernel32.dll ok scanned
12/08/2009 8:21:25 PM Running module: winlogon.exe\ADVAPI32.dll ok scanned
12/08/2009 8:21:25 PM File: C:\Windows\system32\ADVAPI32.dll ok scanned
12/08/2009 8:21:25 PM Running module: winlogon.exe\RPCRT4.dll ok scanned
12/08/2009 8:21:25 PM File: C:\Windows\system32\RPCRT4.dll ok scanned
12/08/2009 8:21:25 PM Running module: winlogon.exe\USER32.dll ok scanned
12/08/2009 8:21:25 PM File: C:\Windows\system32\USER32.dll ok scanned
12/08/2009 8:21:25 PM Running module: winlogon.exe\GDI32.dll ok scanned
12/08/2009 8:21:25 PM File: C:\Windows\system32\GDI32.dll ok scanned
12/08/2009 8:21:25 PM Running module: winlogon.exe\msvcrt.dll ok scanned
12/08/2009 8:21:25 PM File: C:\Windows\system32\msvcrt.dll ok scanned
12/08/2009 8:21:25 PM Running module: winlogon.exe\Secur32.dll ok scanned
12/08/2009 8:21:25 PM File: C:\Windows\system32\Secur32.dll ok scanned
12/08/2009 8:21:25 PM Running module: winlogon.exe\WINSTA.dll ok scanned
12/08/2009 8:21:25 PM File: C:\Windows\system32\WINSTA.dll ok scanned
12/08/2009 8:21:25 PM Running module: winlogon.exe\PSAPI.DLL ok scanned
12/08/2009 8:21:25 PM File: C:\Windows\system32\PSAPI.DLL ok scanned
12/08/2009 8:21:25 PM Running module: winlogon.exe\USERENV.dll ok scanned
12/08/2009 8:21:25 PM File: C:\Windows\system32\USERENV.dll ok scanned
12/08/2009 8:21:25 PM Running module: winlogon.exe\IMM32.DLL ok scanned
12/08/2009 8:21:25 PM File: C:\Windows\system32\IMM32.DLL ok scanned
12/08/2009 8:21:25 PM Running module: winlogon.exe\MSCTF.dll ok scanned
12/08/2009 8:21:25 PM File: C:\Windows\system32\MSCTF.dll ok scanned
12/08/2009 8:21:25 PM Running module: winlogon.exe\LPK.DLL ok scanned
12/08/2009 8:21:25 PM File: C:\Windows\system32\LPK.DLL ok scanned
12/08/2009 8:21:25 PM Running module: winlogon.exe\USP10.dll ok scanned
12/08/2009 8:21:25 PM File: C:\Windows\system32\USP10.dll ok scanned
12/08/2009 8:21:25 PM Running module: winlogon.exe\NTMARTA.DLL ok scanned
12/08/2009 8:21:25 PM File: C:\Windows\system32\NTMARTA.DLL ok scanned
12/08/2009 8:21:25 PM Running module: winlogon.exe\WLDAP32.dll ok scanned
12/08/2009 8:21:25 PM File: C:\Windows\system32\WLDAP32.dll ok scanned
12/08/2009 8:21:25 PM Running module: winlogon.exe\WS2_32.dll ok scanned
12/08/2009 8:21:25 PM File: C:\Windows\system32\WS2_32.dll ok scanned
12/08/2009 8:21:25 PM Running module: winlogon.exe\NSI.dll ok scanned
12/08/2009 8:21:25 PM File: C:\Windows\system32\NSI.dll ok scanned
12/08/2009 8:21:25 PM Running module: winlogon.exe\SAMLIB.dll ok scanned
12/08/2009 8:21:25 PM File: C:\Windows\system32\SAMLIB.dll ok scanned
12/08/2009 8:21:25 PM Running module: winlogon.exe\ole32.dll ok scanned
12/08/2009 8:21:25 PM File: C:\Windows\system32\ole32.dll ok scanned
12/08/2009 8:21:25 PM Running module: winlogon.exe\SHSVCS.dll ok scanned
12/08/2009 8:21:25 PM File: C:\Windows\system32\SHSVCS.dll ok scanned
12/08/2009 8:21:25 PM Running module: winlogon.exe\NETAPI32.dll ok scanned
12/08/2009 8:21:25 PM File: C:\Windows\system32\NETAPI32.dll ok scanned
12/08/2009 8:21:25 PM Running module: winlogon.exe\slc.dll ok scanned
12/08/2009 8:21:25 PM File: C:\Windows\system32\slc.dll ok scanned
12/08/2009 8:21:25 PM Running module: winlogon.exe\MPR.dll ok scanned
12/08/2009 8:21:25 PM File: C:\Windows\system32\MPR.dll ok scanned
12/08/2009 8:21:25 PM Running module: lsass.exe\lsass.exe ok scanned
12/08/2009 8:21:25 PM File: C:\Windows\system32\lsass.exe ok scanned
12/08/2009 8:21:25 PM Running module: lsass.exe\ntdll.dll ok scanned
12/08/2009 8:21:25 PM File: C:\Windows\system32\ntdll.dll ok scanned
12/08/2009 8:21:25 PM Running module: lsass.exe\kernel32.dll ok scanned
12/08/2009 8:21:26 PM File: C:\Windows\system32\kernel32.dll ok scanned
12/08/2009 8:21:26 PM Running module: lsass.exe\ADVAPI32.dll ok scanned
12/08/2009 8:21:26 PM File: C:\Windows\system32\ADVAPI32.dll ok scanned
12/08/2009 8:21:26 PM Running module: lsass.exe\RPCRT4.dll ok scanned
12/08/2009 8:21:26 PM File: C:\Windows\system32\RPCRT4.dll ok scanned
12/08/2009 8:21:26 PM Running module: lsass.exe\msvcrt.dll ok scanned
12/08/2009 8:21:26 PM File: C:\Windows\system32\msvcrt.dll ok scanned
12/08/2009 8:21:26 PM Running module: lsass.exe\LSASRV.dll ok scanned
12/08/2009 8:21:26 PM File: C:\Windows\system32\LSASRV.dll ok scanned
12/08/2009 8:21:26 PM Running module: lsass.exe\Secur32.dll ok scanned
12/08/2009 8:21:26 PM File: C:\Windows\system32\Secur32.dll ok scanned
12/08/2009 8:21:26 PM Running module: lsass.exe\USER32.dll ok scanned
12/08/2009 8:21:26 PM File: C:\Windows\system32\USER32.dll ok scanned
12/08/2009 8:21:26 PM Running module: lsass.exe\GDI32.dll ok scanned
12/08/2009 8:21:26 PM File: C:\Windows\system32\GDI32.dll ok scanned
12/08/2009 8:21:26 PM Running module: lsass.exe\SAMSRV.dll ok scanned
12/08/2009 8:21:26 PM File: C:\Windows\system32\SAMSRV.dll ok scanned
12/08/2009 8:21:26 PM Running module: lsass.exe\cryptdll.dll ok scanned
12/08/2009 8:21:26 PM File: C:\Windows\system32\cryptdll.dll ok scanned
12/08/2009 8:21:26 PM Running module: lsass.exe\DNSAPI.dll ok scanned
12/08/2009 8:21:26 PM File: C:\Windows\system32\DNSAPI.dll ok scanned
12/08/2009 8:21:26 PM Running module: lsass.exe\WS2_32.dll ok scanned
12/08/2009 8:21:26 PM File: C:\Windows\system32\WS2_32.dll ok scanned
12/08/2009 8:21:26 PM Running module: lsass.exe\NSI.dll ok scanned
12/08/2009 8:21:26 PM File: C:\Windows\system32\NSI.dll ok scanned
12/08/2009 8:21:26 PM Running module: lsass.exe\NETAPI32.dll ok scanned
12/08/2009 8:21:26 PM File: C:\Windows\system32\NETAPI32.dll ok scanned
12/08/2009 8:21:26 PM Running module: lsass.exe\PSAPI.DLL ok scanned
12/08/2009 8:21:26 PM File: C:\Windows\system32\PSAPI.DLL ok scanned
12/08/2009 8:21:26 PM Running module: lsass.exe\SAMLIB.dll ok scanned
12/08/2009 8:21:26 PM File: C:\Windows\system32\SAMLIB.dll ok scanned
12/08/2009 8:21:26 PM Running module: lsass.exe\MSASN1.dll ok scanned
12/08/2009 8:21:26 PM File: C:\Windows\system32\MSASN1.dll ok scanned
12/08/2009 8:21:26 PM Running module: lsass.exe\NTDSAPI.dll ok scanned
12/08/2009 8:21:26 PM File: C:\Windows\system32\NTDSAPI.dll ok scanned
12/08/2009 8:21:26 PM Running module: lsass.exe\WLDAP32.dll ok scanned
12/08/2009 8:21:26 PM File: C:\Windows\system32\WLDAP32.dll ok scanned
12/08/2009 8:21:26 PM Running module: lsass.exe\FeClient.dll ok scanned
12/08/2009 8:21:26 PM File: C:\Windows\system32\FeClient.dll ok scanned
12/08/2009 8:21:26 PM Running module: lsass.exe\MPR.dll ok scanned
12/08/2009 8:21:26 PM File: C:\Windows\system32\MPR.dll ok scanned
12/08/2009 8:21:26 PM Running module: lsass.exe\USERENV.dll ok scanned
12/08/2009 8:21:26 PM File: C:\Windows\system32\USERENV.dll ok scanned
12/08/2009 8:21:26 PM Running module: lsass.exe\CRYPT32.dll ok scanned
12/08/2009 8:21:26 PM File: C:\Windows\system32\CRYPT32.dll ok scanned
12/08/2009 8:21:26 PM Running module: lsass.exe\slc.dll ok scanned
12/08/2009 8:21:26 PM File: C:\Windows\system32\slc.dll ok scanned
12/08/2009 8:21:26 PM Running module: lsass.exe\SYSNTFY.dll ok scanned
12/08/2009 8:21:26 PM File: C:\Windows\system32\SYSNTFY.dll ok scanned
12/08/2009 8:21:26 PM Running module: lsass.exe\wevtapi.dll ok scanned
12/08/2009 8:21:26 PM File: C:\Windows\system32\wevtapi.dll ok scanned
12/08/2009 8:21:26 PM Running module: lsass.exe\IPHLPAPI.DLL ok scanned
12/08/2009 8:21:26 PM File: C:\Windows\system32\IPHLPAPI.DLL ok scanned
12/08/2009 8:21:26 PM Running module: lsass.exe\dhcpcsvc.DLL ok scanned
12/08/2009 8:21:26 PM File: C:\Windows\system32\dhcpcsvc.DLL ok scanned
12/08/2009 8:21:26 PM Running module: lsass.exe\WINNSI.DLL ok scanned
12/08/2009 8:21:26 PM File: C:\Windows\system32\WINNSI.DLL ok scanned
12/08/2009 8:21:26 PM Running module: lsass.exe\dhcpcsvc6.DLL ok scanned
12/08/2009 8:21:26 PM File: C:\Windows\system32\dhcpcsvc6.DLL ok scanned
12/08/2009 8:21:26 PM Running module: lsass.exe\IMM32.DLL ok scanned
12/08/2009 8:21:26 PM File: C:\Windows\system32\IMM32.DLL ok scanned
12/08/2009 8:21:26 PM Running module: lsass.exe\MSCTF.dll ok scanned
12/08/2009 8:21:26 PM File: C:\Windows\system32\MSCTF.dll ok scanned
12/08/2009 8:21:26 PM Running module: lsass.exe\LPK.DLL ok scanned
12/08/2009 8:21:26 PM File: C:\Windows\system32\LPK.DLL ok scanned
12/08/2009 8:21:26 PM Running module: lsass.exe\USP10.dll ok scanned
12/08/2009 8:21:26 PM File: C:\Windows\system32\USP10.dll ok scanned
12/08/2009 8:21:26 PM Running module: lsass.exe\cngaudit.dll ok scanned
12/08/2009 8:21:26 PM File: C:\Windows\system32\cngaudit.dll ok scanned
12/08/2009 8:21:26 PM Running module: lsass.exe\AUTHZ.dll ok scanned
12/08/2009 8:21:26 PM File: C:\Windows\system32\AUTHZ.dll ok scanned
12/08/2009 8:21:27 PM Running module: lsass.exe\ncrypt.dll ok scanned
12/08/2009 8:21:27 PM File: C:\Windows\system32\ncrypt.dll ok scanned
12/08/2009 8:21:27 PM Running module: lsass.exe\BCRYPT.dll ok scanned
12/08/2009 8:21:27 PM File: C:\Windows\system32\BCRYPT.dll ok scanned
12/08/2009 8:21:27 PM Running module: lsass.exe\credssp.dll ok scanned
12/08/2009 8:21:27 PM File: C:\Windows\system32\credssp.dll ok scanned
12/08/2009 8:21:27 PM Running module: lsass.exe\msprivs.dll ok scanned
12/08/2009 8:21:27 PM File: C:\Windows\system32\msprivs.dll ok scanned
12/08/2009 8:21:27 PM Running module: lsass.exe\kerberos.dll ok scanned
12/08/2009 8:21:27 PM File: C:\Windows\system32\kerberos.dll ok scanned
12/08/2009 8:21:27 PM Running module: lsass.exe\mswsock.dll ok scanned
12/08/2009 8:21:27 PM File: C:\Windows\system32\mswsock.dll ok scanned
12/08/2009 8:21:27 PM Running module: lsass.exe\wship6.dll ok scanned
12/08/2009 8:21:27 PM File: C:\Windows\System32\wship6.dll ok scanned
12/08/2009 8:21:27 PM Running module: lsass.exe\wshtcpip.dll ok scanned
12/08/2009 8:21:27 PM File: C:\Windows\System32\wshtcpip.dll ok scanned
12/08/2009 8:21:27 PM Running module: lsass.exe\msv1_0.dll ok scanned
12/08/2009 8:21:27 PM File: C:\Windows\system32\msv1_0.dll ok scanned
12/08/2009 8:21:27 PM Running module: lsass.exe\netlogon.dll ok scanned
12/08/2009 8:21:27 PM File: C:\Windows\system32\netlogon.dll ok scanned
12/08/2009 8:21:27 PM Running module: lsass.exe\WINBRAND.dll ok scanned
12/08/2009 8:21:27 PM File: C:\Windows\system32\WINBRAND.dll ok scanned
12/08/2009 8:21:27 PM Running module: lsass.exe\schannel.dll ok scanned
12/08/2009 8:21:27 PM File: C:\Windows\system32\schannel.dll ok scanned
12/08/2009 8:21:27 PM Running module: lsass.exe\wdigest.dll ok scanned
12/08/2009 8:21:27 PM File: C:\Windows\system32\wdigest.dll ok scanned
12/08/2009 8:21:27 PM Running module: lsass.exe\rsaenh.dll ok scanned
12/08/2009 8:21:27 PM File: C:\Windows\system32\rsaenh.dll ok scanned
12/08/2009 8:21:27 PM Running module: lsass.exe\tspkg.dll ok scanned
12/08/2009 8:21:27 PM File: C:\Windows\system32\tspkg.dll ok scanned
12/08/2009 8:21:27 PM Running module: lsass.exe\GPAPI.dll ok scanned
12/08/2009 8:21:27 PM File: C:\Windows\system32\GPAPI.dll ok scanned
12/08/2009 8:21:27 PM Running module: lsass.exe\setupapi.dll ok scanned
12/08/2009 8:21:27 PM File: C:\Windows\system32\setupapi.dll ok scanned
12/08/2009 8:21:27 PM Running module: lsass.exe\OLEAUT32.dll ok scanned
12/08/2009 8:21:27 PM File: C:\Windows\system32\OLEAUT32.dll ok scanned
12/08/2009 8:21:27 PM Running module: lsass.exe\ole32.dll ok scanned
12/08/2009 8:21:27 PM File: C:\Windows\system32\ole32.dll ok scanned
12/08/2009 8:21:27 PM Running module: lsass.exe\scecli.dll ok scanned
12/08/2009 8:21:27 PM File: C:\Windows\system32\scecli.dll ok scanned
12/08/2009 8:21:27 PM Running module: lsass.exe\keyiso.dll ok scanned
12/08/2009 8:21:27 PM File: C:\Windows\system32\keyiso.dll ok scanned
12/08/2009 8:21:27 PM Running module: lsm.exe\lsm.exe ok scanned
12/08/2009 8:21:27 PM File: C:\Windows\system32\lsm.exe ok scanned
12/08/2009 8:21:27 PM Running module: lsm.exe\ntdll.dll ok scanned
12/08/2009 8:21:27 PM File: C:\Windows\system32\ntdll.dll ok scanned
12/08/2009 8:21:27 PM Running module: lsm.exe\kernel32.dll ok scanned
12/08/2009 8:21:27 PM File: C:\Windows\system32\kernel32.dll ok scanned
12/08/2009 8:21:27 PM Running module: lsm.exe\ADVAPI32.dll ok scanned
12/08/2009 8:21:27 PM File: C:\Windows\system32\ADVAPI32.dll ok scanned
12/08/2009 8:21:27 PM Running module: lsm.exe\RPCRT4.dll ok scanned
12/08/2009 8:21:27 PM File: C:\Windows\system32\RPCRT4.dll ok scanned
12/08/2009 8:21:27 PM Running module: lsm.exe\msvcrt.dll ok scanned
12/08/2009 8:21:27 PM File: C:\Windows\system32\msvcrt.dll ok scanned
12/08/2009 8:21:27 PM Running module: lsm.exe\SYSNTFY.dll ok scanned
12/08/2009 8:21:27 PM File: C:\Windows\system32\SYSNTFY.dll ok scanned
12/08/2009 8:21:27 PM Running module: lsm.exe\WMsgAPI.dll ok scanned
12/08/2009 8:21:27 PM File: C:\Windows\system32\WMsgAPI.dll ok scanned
12/08/2009 8:21:27 PM Running module: lsm.exe\secur32.dll ok scanned
12/08/2009 8:21:27 PM File: C:\Windows\system32\secur32.dll ok scanned
12/08/2009 8:21:27 PM Running module: lsm.exe\CRYPT32.dll ok scanned
12/08/2009 8:21:27 PM File: C:\Windows\system32\CRYPT32.dll ok scanned
12/08/2009 8:21:27 PM Running module: lsm.exe\USER32.dll ok scanned
12/08/2009 8:21:27 PM File: C:\Windows\system32\USER32.dll ok scanned
12/08/2009 8:21:27 PM Running module: lsm.exe\GDI32.dll ok scanned
12/08/2009 8:21:28 PM File: C:\Windows\system32\GDI32.dll ok scanned
12/08/2009 8:21:28 PM Running module: lsm.exe\MSASN1.dll ok scanned
12/08/2009 8:21:28 PM File: C:\Windows\system32\MSASN1.dll ok scanned
12/08/2009 8:21:28 PM Running module: lsm.exe\USERENV.dll ok scanned
12/08/2009 8:21:28 PM File: C:\Windows\system32\USERENV.dll ok scanned
12/08/2009 8:21:28 PM Running module: lsm.exe\IMM32.DLL ok scanned
12/08/2009 8:21:28 PM File: C:\Windows\system32\IMM32.DLL ok scanned
12/08/2009 8:21:28 PM Running module: lsm.exe\MSCTF.dll ok scanned
12/08/2009 8:21:28 PM File: C:\Windows\system32\MSCTF.dll ok scanned
12/08/2009 8:21:28 PM Running module: lsm.exe\LPK.DLL ok scanned
12/08/2009 8:21:28 PM File: C:\Windows\system32\LPK.DLL ok scanned
12/08/2009 8:21:28 PM Running module: lsm.exe\USP10.dll ok scanned
12/08/2009 8:21:28 PM File: C:\Windows\system32\USP10.dll ok scanned
12/08/2009 8:21:28 PM Running module: lsm.exe\credssp.dll ok scanned
12/08/2009 8:21:28 PM File: C:\Windows\system32\credssp.dll ok scanned
12/08/2009 8:21:28 PM Running module: lsm.exe\schannel.dll ok scanned
12/08/2009 8:21:28 PM File: C:\Windows\system32\schannel.dll ok scanned
12/08/2009 8:21:28 PM Running module: lsm.exe\NETAPI32.dll ok scanned
12/08/2009 8:21:28 PM File: C:\Windows\system32\NETAPI32.dll ok scanned
12/08/2009 8:21:28 PM Running module: lsm.exe\PSAPI.DLL ok scanned
12/08/2009 8:21:28 PM File: C:\Windows\system32\PSAPI.DLL ok scanned
12/08/2009 8:21:28 PM Running module: svchost.exe\svchost.exe ok scanned
12/08/2009 8:21:28 PM File: C:\Windows\system32\svchost.exe ok scanned
12/08/2009 8:21:28 PM Running module: svchost.exe\ntdll.dll ok scanned
12/08/2009 8:21:28 PM File: C:\Windows\system32\ntdll.dll ok scanned
12/08/2009 8:21:28 PM Running module: svchost.exe\kernel32.dll ok scanned
12/08/2009 8:21:28 PM File: C:\Windows\system32\kernel32.dll ok scanned
12/08/2009 8:21:28 PM Running module: svchost.exe\msvcrt.dll ok scanned
12/08/2009 8:21:28 PM File: C:\Windows\system32\msvcrt.dll ok scanned
12/08/2009 8:21:28 PM Running module: svchost.exe\ADVAPI32.dll ok scanned
12/08/2009 8:21:28 PM File: C:\Windows\system32\ADVAPI32.dll ok scanned
12/08/2009 8:21:28 PM Running module: svchost.exe\RPCRT4.dll ok scanned
12/08/2009 8:21:28 PM File: C:\Windows\system32\RPCRT4.dll ok scanned
12/08/2009 8:21:28 PM Running module: svchost.exe\umpnpmgr.dll ok scanned
12/08/2009 8:21:28 PM File: c:\windows\system32\umpnpmgr.dll ok scanned
12/08/2009 8:21:28 PM Running module: svchost.exe\USER32.dll ok scanned
12/08/2009 8:21:28 PM File: C:\Windows\system32\USER32.dll ok scanned
12/08/2009 8:21:28 PM Running module: svchost.exe\GDI32.dll ok scanned
12/08/2009 8:21:28 PM File: C:\Windows\system32\GDI32.dll ok scanned
12/08/2009 8:21:28 PM Running module: svchost.exe\USERENV.dll ok scanned
12/08/2009 8:21:28 PM File: c:\windows\system32\USERENV.dll ok scanned
12/08/2009 8:21:28 PM Running module: svchost.exe\Secur32.dll ok scanned
12/08/2009 8:21:28 PM File: c:\windows\system32\Secur32.dll ok scanned
12/08/2009 8:21:28 PM Running module: svchost.exe\IMM32.DLL ok scanned
12/08/2009 8:21:28 PM File: C:\Windows\system32\IMM32.DLL ok scanned
12/08/2009 8:21:28 PM Running module: svchost.exe\MSCTF.dll ok scanned
12/08/2009 8:21:28 PM File: C:\Windows\system32\MSCTF.dll ok scanned
12/08/2009 8:21:28 PM Running module: svchost.exe\LPK.DLL ok scanned
12/08/2009 8:21:28 PM File: C:\Windows\system32\LPK.DLL ok scanned
12/08/2009 8:21:28 PM Running module: svchost.exe\USP10.dll ok scanned
12/08/2009 8:21:28 PM File: C:\Windows\system32\USP10.dll ok scanned
12/08/2009 8:21:28 PM Running module: svchost.exe\POWRPROF.dll ok scanned
12/08/2009 8:21:28 PM File: C:\Windows\system32\POWRPROF.dll ok scanned
12/08/2009 8:21:28 PM Running module: svchost.exe\GPAPI.dll ok scanned
12/08/2009 8:21:28 PM File: C:\Windows\system32\GPAPI.dll ok scanned
12/08/2009 8:21:28 PM Running module: svchost.exe\slc.dll ok scanned
12/08/2009 8:21:28 PM File: C:\Windows\system32\slc.dll ok scanned
12/08/2009 8:21:28 PM Running module: svchost.exe\rpcss.dll ok scanned
12/08/2009 8:21:28 PM File: c:\windows\system32\rpcss.dll ok scanned
12/08/2009 8:21:28 PM Running module: svchost.exe\WS2_32.dll ok scanned
12/08/2009 8:21:28 PM File: C:\Windows\system32\WS2_32.dll ok scanned
12/08/2009 8:21:28 PM Running module: svchost.exe\NSI.dll ok scanned
12/08/2009 8:21:28 PM File: C:\Windows\system32\NSI.dll ok scanned
12/08/2009 8:21:28 PM Running module: svchost.exe\FirewallAPI.dll ok scanned
12/08/2009 8:21:28 PM File: c:\windows\system32\FirewallAPI.dll ok scanned
12/08/2009 8:21:28 PM Running module: svchost.exe\OLEAUT32.dll ok scanned
12/08/2009 8:21:29 PM File: C:\Windows\system32\OLEAUT32.dll ok scanned
12/08/2009 8:21:29 PM Running module: svchost.exe\ole32.dll ok scanned
12/08/2009 8:21:29 PM File: C:\Windows\system32\ole32.dll ok scanned
12/08/2009 8:21:29 PM Running module: svchost.exe\VERSION.dll ok scanned
12/08/2009 8:21:29 PM File: c:\windows\system32\VERSION.dll ok scanned
12/08/2009 8:21:29 PM Running module: svchost.exe\CRYPT32.dll ok scanned
12/08/2009 8:21:29 PM File: C:\Windows\system32\CRYPT32.dll ok scanned
12/08/2009 8:21:29 PM Running module: svchost.exe\MSASN1.dll ok scanned
12/08/2009 8:21:29 PM File: C:\Windows\system32\MSASN1.dll ok scanned
12/08/2009 8:21:29 PM Running module: svchost.exe\credssp.dll ok scanned
12/08/2009 8:21:29 PM File: C:\Windows\system32\credssp.dll ok scanned
12/08/2009 8:21:29 PM Running module: svchost.exe\schannel.dll ok scanned
12/08/2009 8:21:29 PM File: C:\Windows\system32\schannel.dll ok scanned
12/08/2009 8:21:29 PM Running module: svchost.exe\NETAPI32.dll ok scanned
12/08/2009 8:21:29 PM File: C:\Windows\system32\NETAPI32.dll ok scanned
12/08/2009 8:21:29 PM Running module: svchost.exe\PSAPI.DLL ok scanned
12/08/2009 8:21:29 PM File: C:\Windows\system32\PSAPI.DLL ok scanned
12/08/2009 8:21:29 PM Running module: svchost.exe\CLBCatQ.DLL ok scanned
12/08/2009 8:21:29 PM File: C:\Windows\system32\CLBCatQ.DLL ok scanned
12/08/2009 8:21:29 PM Running module: svchost.exe\NTMARTA.DLL ok scanned
12/08/2009 8:21:29 PM File: C:\Windows\system32\NTMARTA.DLL ok scanned
12/08/2009 8:21:29 PM Running module: svchost.exe\WLDAP32.dll ok scanned
12/08/2009 8:21:29 PM File: C:\Windows\system32\WLDAP32.dll ok scanned
12/08/2009 8:21:29 PM Running module: svchost.exe\SAMLIB.dll ok scanned
12/08/2009 8:21:29 PM File: C:\Windows\system32\SAMLIB.dll ok scanned
12/08/2009 8:21:29 PM Running module: svchost.exe\WINSTA.dll ok scanned
12/08/2009 8:21:29 PM File: C:\Windows\system32\WINSTA.dll ok scanned
12/08/2009 8:21:29 PM Running module: svchost.exe\WTSAPI32.dll ok scanned
12/08/2009 8:21:29 PM File: C:\Windows\system32\WTSAPI32.dll ok scanned
12/08/2009 8:21:29 PM Running module: svchost.exe\SETUPAPI.dll ok scanned
12/08/2009 8:21:29 PM File: C:\Windows\system32\SETUPAPI.dll ok scanned
12/08/2009 8:21:29 PM Running module: svchost.exe\svchost.exe ok scanned
12/08/2009 8:21:29 PM File: C:\Windows\system32\svchost.exe ok scanned
12/08/2009 8:21:29 PM Running module: svchost.exe\ntdll.dll ok scanned
12/08/2009 8:21:29 PM File: C:\Windows\system32\ntdll.dll ok scanned
12/08/2009 8:21:29 PM Running module: svchost.exe\kernel32.dll ok scanned
12/08/2009 8:21:29 PM File: C:\Windows\system32\kernel32.dll ok scanned
12/08/2009 8:21:29 PM Running module: svchost.exe\msvcrt.dll ok scanned
12/08/2009 8:21:29 PM File: C:\Windows\system32\msvcrt.dll ok scanned
12/08/2009 8:21:29 PM Running module: svchost.exe\ADVAPI32.dll ok scanned
12/08/2009 8:21:29 PM File: C:\Windows\system32\ADVAPI32.dll ok scanned
12/08/2009 8:21:29 PM Running module: svchost.exe\RPCRT4.dll ok scanned
12/08/2009 8:21:29 PM File: C:\Windows\system32\RPCRT4.dll ok scanned
12/08/2009 8:21:29 PM Running module: svchost.exe\rpcss.dll ok scanned
12/08/2009 8:21:29 PM File: c:\windows\system32\rpcss.dll ok scanned
12/08/2009 8:21:29 PM Running module: svchost.exe\WS2_32.dll ok scanned
12/08/2009 8:21:30 PM File: C:\Windows\system32\WS2_32.dll ok scanned
12/08/2009 8:21:30 PM Running module: svchost.exe\NSI.dll ok scanned
12/08/2009 8:21:30 PM File: C:\Windows\system32\NSI.dll ok scanned
12/08/2009 8:21:30 PM Running module: svchost.exe\Secur32.dll ok scanned
12/08/2009 8:21:30 PM File: c:\windows\system32\Secur32.dll ok scanned
12/08/2009 8:21:30 PM Running module: svchost.exe\FirewallAPI.dll ok scanned
12/08/2009 8:21:30 PM File: c:\windows\system32\FirewallAPI.dll ok scanned
12/08/2009 8:21:30 PM Running module: svchost.exe\USER32.dll ok scanned
12/08/2009 8:21:30 PM File: C:\Windows\system32\USER32.dll ok scanned
12/08/2009 8:21:30 PM Running module: svchost.exe\GDI32.dll ok scanned
12/08/2009 8:21:30 PM File: C:\Windows\system32\GDI32.dll ok scanned
12/08/2009 8:21:30 PM Running module: svchost.exe\OLEAUT32.dll ok scanned
12/08/2009 8:21:30 PM File: C:\Windows\system32\OLEAUT32.dll ok scanned
12/08/2009 8:21:30 PM Running module: svchost.exe\ole32.dll ok scanned
12/08/2009 8:21:30 PM File: C:\Windows\system32\ole32.dll ok scanned
12/08/2009 8:21:30 PM Running module: svchost.exe\VERSION.dll ok scanned
12/08/2009 8:21:30 PM File: c:\windows\system32\VERSION.dll ok scanned
12/08/2009 8:21:30 PM Running module: svchost.exe\IMM32.DLL ok scanned
12/08/2009 8:21:30 PM File: C:\Windows\system32\IMM32.DLL ok scanned
12/08/2009 8:21:30 PM Running module: svchost.exe\MSCTF.dll ok scanned
12/08/2009 8:21:30 PM File: C:\Windows\system32\MSCTF.dll ok scanned
12/08/2009 8:21:30 PM Running module: svchost.exe\LPK.DLL ok scanned
12/08/2009 8:21:30 PM File: C:\Windows\system32\LPK.DLL ok scanned
12/08/2009 8:21:30 PM Running module: svchost.exe\USP10.dll ok scanned
12/08/2009 8:21:30 PM File: C:\Windows\system32\USP10.dll ok scanned
12/08/2009 8:21:30 PM Running module: svchost.exe\CRYPT32.dll ok scanned
12/08/2009 8:21:30 PM File: C:\Windows\system32\CRYPT32.dll ok scanned
12/08/2009 8:21:30 PM Running module: svchost.exe\MSASN1.dll ok scanned
12/08/2009 8:21:30 PM File: C:\Windows\system32\MSASN1.dll ok scanned
12/08/2009 8:21:30 PM Running module: svchost.exe\USERENV.dll ok scanned
12/08/2009 8:21:30 PM File: C:\Windows\system32\USERENV.dll ok scanned
12/08/2009 8:21:30 PM Running module: svchost.exe\credssp.dll ok scanned
12/08/2009 8:21:30 PM File: C:\Windows\system32\credssp.dll ok scanned
12/08/2009 8:21:30 PM Running module: svchost.exe\schannel.dll ok scanned
12/08/2009 8:21:30 PM File: C:\Windows\system32\schannel.dll ok scanned
12/08/2009 8:21:30 PM Running module: svchost.exe\NETAPI32.dll ok scanned
12/08/2009 8:21:30 PM File: C:\Windows\system32\NETAPI32.dll ok scanned
12/08/2009 8:21:30 PM Running module: svchost.exe\PSAPI.DLL ok scanned
12/08/2009 8:21:30 PM File: C:\Windows\system32\PSAPI.DLL ok scanned
12/08/2009 8:21:30 PM Running module: svchost.exe\rsaenh.dll ok scanned
12/08/2009 8:21:30 PM File: C:\Windows\system32\rsaenh.dll ok scanned
12/08/2009 8:21:30 PM Running module: svchost.exe\mswsock.dll ok scanned
12/08/2009 8:21:30 PM File: C:\Windows\system32\mswsock.dll ok scanned
12/08/2009 8:21:30 PM Running module: svchost.exe\wshtcpip.dll ok scanned
12/08/2009 8:21:30 PM File: C:\Windows\System32\wshtcpip.dll ok scanned
12/08/2009 8:21:30 PM Running module: svchost.exe\CLBCatQ.DLL ok scanned
12/08/2009 8:21:30 PM File: C:\Windows\system32\CLBCatQ.DLL ok scanned
12/08/2009 8:21:30 PM Running module: svchost.exe\svchost.exe ok scanned
12/08/2009 8:21:30 PM File: C:\Windows\System32\svchost.exe ok scanned
12/08/2009 8:21:30 PM Running module: svchost.exe\ntdll.dll ok scanned
12/08/2009 8:21:30 PM File: C:\Windows\system32\ntdll.dll ok scanned
12/08/2009 8:21:30 PM Running module: svchost.exe\kernel32.dll ok scanned
12/08/2009 8:21:30 PM File: C:\Windows\system32\kernel32.dll ok scanned
12/08/2009 8:21:30 PM Running module: svchost.exe\msvcrt.dll ok scanned
12/08/2009 8:21:30 PM File: C:\Windows\system32\msvcrt.dll ok scanned
12/08/2009 8:21:30 PM Running module: svchost.exe\ADVAPI32.dll ok scanned
12/08/2009 8:21:30 PM File: C:\Windows\system32\ADVAPI32.dll ok scanned
12/08/2009 8:21:30 PM Running module: svchost.exe\RPCRT4.dll ok scanned
12/08/2009 8:21:30 PM File: C:\Windows\system32\RPCRT4.dll ok scanned
12/08/2009 8:21:30 PM Running module: svchost.exe\wevtsvc.dll ok scanned
12/08/2009 8:21:30 PM File: c:\windows\system32\wevtsvc.dll ok scanned
12/08/2009 8:21:30 PM Running module: svchost.exe\USERENV.dll ok scanned
12/08/2009 8:21:30 PM File: c:\windows\system32\USERENV.dll ok scanned
12/08/2009 8:21:30 PM Running module: svchost.exe\Secur32.dll ok scanned
12/08/2009 8:21:30 PM File: c:\windows\system32\Secur32.dll ok scanned
12/08/2009 8:21:30 PM Running module: svchost.exe\USER32.dll ok scanned
12/08/2009 8:21:31 PM File: C:\Windows\system32\USER32.dll ok scanned
12/08/2009 8:21:31 PM Running module: svchost.exe\GDI32.dll ok scanned
12/08/2009 8:21:31 PM File: C:\Windows\system32\GDI32.dll ok scanned
12/08/2009 8:21:31 PM Running module: svchost.exe\VERSION.dll ok scanned
12/08/2009 8:21:31 PM File: c:\windows\system32\VERSION.dll ok scanned
12/08/2009 8:21:31 PM Running module: svchost.exe\GPAPI.dll ok scanned
12/08/2009 8:21:31 PM File: c:\windows\system32\GPAPI.dll ok scanned
12/08/2009 8:21:31 PM Running module: svchost.exe\slc.dll ok scanned
12/08/2009 8:21:31 PM File: c:\windows\system32\slc.dll ok scanned
12/08/2009 8:21:31 PM Running module: svchost.exe\IMM32.DLL ok scanned
12/08/2009 8:21:31 PM File: C:\Windows\system32\IMM32.DLL ok scanned
12/08/2009 8:21:31 PM Running module: svchost.exe\MSCTF.dll ok scanned
12/08/2009 8:21:31 PM File: C:\Windows\system32\MSCTF.dll ok scanned
12/08/2009 8:21:31 PM Running module: svchost.exe\LPK.DLL ok scanned
12/08/2009 8:21:31 PM File: C:\Windows\system32\LPK.DLL ok scanned
12/08/2009 8:21:31 PM Running module: svchost.exe\USP10.dll ok scanned
12/08/2009 8:21:31 PM File: C:\Windows\system32\USP10.dll ok scanned
12/08/2009 8:21:31 PM Running module: svchost.exe\CRYPT32.dll ok scanned
12/08/2009 8:21:31 PM File: C:\Windows\System32\CRYPT32.dll ok scanned
12/08/2009 8:21:31 PM Running module: svchost.exe\MSASN1.dll ok scanned
12/08/2009 8:21:31 PM File: C:\Windows\System32\MSASN1.dll ok scanned
12/08/2009 8:21:31 PM Running module: svchost.exe\credssp.dll ok scanned
12/08/2009 8:21:31 PM File: C:\Windows\System32\credssp.dll ok scanned
12/08/2009 8:21:31 PM Running module: svchost.exe\schannel.dll ok scanned
12/08/2009 8:21:31 PM File: C:\Windows\system32\schannel.dll ok scanned
12/08/2009 8:21:31 PM Running module: svchost.exe\NETAPI32.dll ok scanned
12/08/2009 8:21:31 PM File: C:\Windows\System32\NETAPI32.dll ok scanned
12/08/2009 8:21:31 PM Running module: svchost.exe\PSAPI.DLL ok scanned
12/08/2009 8:21:31 PM File: C:\Windows\system32\PSAPI.DLL ok scanned
12/08/2009 8:21:31 PM Running module: svchost.exe\WS2_32.dll ok scanned
12/08/2009 8:21:31 PM File: C:\Windows\system32\WS2_32.dll ok scanned
12/08/2009 8:21:31 PM Running module: svchost.exe\NSI.dll ok scanned
12/08/2009 8:21:31 PM File: C:\Windows\system32\NSI.dll ok scanned
12/08/2009 8:21:31 PM Running module: svchost.exe\mswsock.dll ok scanned
12/08/2009 8:21:31 PM File: C:\Windows\system32\mswsock.dll ok scanned
12/08/2009 8:21:31 PM Running module: svchost.exe\wshtcpip.dll ok scanned
12/08/2009 8:21:31 PM File: C:\Windows\System32\wshtcpip.dll ok scanned
12/08/2009 8:21:31 PM Running module: svchost.exe\svchost.exe ok scanned
12/08/2009 8:21:31 PM File: C:\Windows\system32\svchost.exe ok scanned
12/08/2009 8:21:31 PM Running module: svchost.exe\ntdll.dll ok scanned
12/08/2009 8:21:31 PM File: C:\Windows\system32\ntdll.dll ok scanned
12/08/2009 8:21:31 PM Running module: svchost.exe\kernel32.dll ok scanned
12/08/2009 8:21:31 PM File: C:\Windows\system32\kernel32.dll ok scanned
12/08/2009 8:21:31 PM Running module: svchost.exe\msvcrt.dll ok scanned
12/08/2009 8:21:31 PM File: C:\Windows\system32\msvcrt.dll ok scanned
12/08/2009 8:21:31 PM Running module: svchost.exe\ADVAPI32.dll ok scanned
12/08/2009 8:21:31 PM File: C:\Windows\system32\ADVAPI32.dll ok scanned
12/08/2009 8:21:31 PM Running module: svchost.exe\RPCRT4.dll ok scanned
12/08/2009 8:21:31 PM File: C:\Windows\system32\RPCRT4.dll ok scanned
12/08/2009 8:21:31 PM Running module: svchost.exe\NTMARTA.DLL ok scanned
12/08/2009 8:21:31 PM File: C:\Windows\system32\NTMARTA.DLL ok scanned
12/08/2009 8:21:31 PM Running module: svchost.exe\USER32.dll ok scanned
12/08/2009 8:21:31 PM File: C:\Windows\system32\USER32.dll ok scanned
12/08/2009 8:21:31 PM Running module: svchost.exe\GDI32.dll ok scanned
12/08/2009 8:21:31 PM File: C:\Windows\system32\GDI32.dll ok scanned
12/08/2009 8:21:31 PM Running module: svchost.exe\WLDAP32.dll ok scanned
12/08/2009 8:21:31 PM File: C:\Windows\system32\WLDAP32.dll ok scanned
12/08/2009 8:21:31 PM Running module: svchost.exe\WS2_32.dll ok scanned
12/08/2009 8:21:32 PM File: C:\Windows\system32\WS2_32.dll ok scanned
12/08/2009 8:21:32 PM Running module: svchost.exe\NSI.dll ok scanned
12/08/2009 8:21:32 PM File: C:\Windows\system32\NSI.dll ok scanned
12/08/2009 8:21:32 PM Running module: svchost.exe\PSAPI.DLL ok scanned
12/08/2009 8:21:32 PM File: C:\Windows\system32\PSAPI.DLL ok scanned
12/08/2009 8:21:32 PM Running module: svchost.exe\SAMLIB.dll ok scanned
12/08/2009 8:21:32 PM File: C:\Windows\system32\SAMLIB.dll ok scanned
12/08/2009 8:21:32 PM Running module: svchost.exe\ole32.dll ok scanned
12/08/2009 8:21:32 PM File: C:\Windows\system32\ole32.dll ok scanned
12/08/2009 8:21:32 PM Running module: svchost.exe\IMM32.DLL ok scanned
12/08/2009 8:21:32 PM File: C:\Windows\system32\IMM32.DLL ok scanned
12/08/2009 8:21:32 PM Running module: svchost.exe\MSCTF.dll ok scanned
12/08/2009 8:21:32 PM File: C:\Windows\system32\MSCTF.dll ok scanned
12/08/2009 8:21:32 PM Running module: svchost.exe\LPK.DLL ok scanned
12/08/2009 8:21:32 PM File: C:\Windows\system32\LPK.DLL ok scanned
12/08/2009 8:21:32 PM Running module: svchost.exe\USP10.dll ok scanned
12/08/2009 8:21:32 PM File: C:\Windows\system32\USP10.dll ok scanned
12/08/2009 8:21:32 PM Running module: svchost.exe\profsvc.dll ok scanned
12/08/2009 8:21:32 PM File: c:\windows\system32\profsvc.dll ok scanned
12/08/2009 8:21:32 PM Running module: svchost.exe\SYSNTFY.dll ok scanned
12/08/2009 8:21:32 PM File: c:\windows\system32\SYSNTFY.dll ok scanned
12/08/2009 8:21:32 PM Running module: svchost.exe\USERENV.dll ok scanned
12/08/2009 8:21:32 PM File: c:\windows\system32\USERENV.dll ok scanned
12/08/2009 8:21:32 PM Running module: svchost.exe\Secur32.dll ok scanned
12/08/2009 8:21:32 PM File: c:\windows\system32\Secur32.dll ok scanned
12/08/2009 8:21:32 PM Running module: svchost.exe\nlaapi.dll ok scanned
12/08/2009 8:21:32 PM File: c:\windows\system32\nlaapi.dll ok scanned
12/08/2009 8:21:32 PM Running module: svchost.exe\IPHLPAPI.DLL ok scanned
12/08/2009 8:21:32 PM File: c:\windows\system32\IPHLPAPI.DLL ok scanned
12/08/2009 8:21:32 PM Running module: svchost.exe\dhcpcsvc.DLL ok scanned
12/08/2009 8:21:32 PM File: c:\windows\system32\dhcpcsvc.DLL ok scanned
12/08/2009 8:21:32 PM Running module: svchost.exe\DNSAPI.dll ok scanned
12/08/2009 8:21:32 PM File: c:\windows\system32\DNSAPI.dll ok scanned
12/08/2009 8:21:32 PM Running module: svchost.exe\WINNSI.DLL ok scanned
12/08/2009 8:21:32 PM File: c:\windows\system32\WINNSI.DLL ok scanned
12/08/2009 8:21:32 PM Running module: svchost.exe\dhcpcsvc6.DLL ok scanned
12/08/2009 8:21:32 PM File: c:\windows\system32\dhcpcsvc6.DLL ok scanned
12/08/2009 8:21:32 PM Running module: svchost.exe\ATL.DLL ok scanned
12/08/2009 8:21:32 PM File: c:\windows\system32\ATL.DLL ok scanned
12/08/2009 8:21:32 PM Running module: svchost.exe\wmisvc.dll ok scanned
12/08/2009 8:21:32 PM File: c:\windows\system32\wbem\wmisvc.dll ok scanned
12/08/2009 8:21:32 PM Running module: svchost.exe\wbemcomn.dll ok scanned
12/08/2009 8:21:32 PM File: C:\Windows\system32\wbemcomn.dll ok scanned
12/08/2009 8:21:32 PM Running module: svchost.exe\OLEAUT32.dll ok scanned
12/08/2009 8:21:32 PM File: C:\Windows\system32\OLEAUT32.dll ok scanned
12/08/2009 8:21:32 PM Running module: svchost.exe\CLBCatQ.DLL ok scanned
12/08/2009 8:21:32 PM File: C:\Windows\system32\CLBCatQ.DLL ok scanned
12/08/2009 8:21:32 PM Running module: svchost.exe\rsaenh.dll ok scanned
12/08/2009 8:21:32 PM File: C:\Windows\system32\rsaenh.dll ok scanned
12/08/2009 8:21:32 PM Running module: svchost.exe\VSSAPI.DLL ok scanned
12/08/2009 8:21:32 PM File: C:\Windows\system32\VSSAPI.DLL ok scanned
12/08/2009 8:21:32 PM Running module: svchost.exe\vsstrace.dll ok scanned
12/08/2009 8:21:32 PM File: C:\Windows\system32\vsstrace.dll ok scanned
12/08/2009 8:21:32 PM Running module: svchost.exe\AUTHZ.dll ok scanned
12/08/2009 8:21:32 PM File: C:\Windows\system32\AUTHZ.dll ok scanned
12/08/2009 8:21:32 PM Running module: svchost.exe\XmlLite.dll ok scanned
12/08/2009 8:21:32 PM File: C:\Windows\system32\XmlLite.dll ok scanned
12/08/2009 8:21:32 PM Running module: svchost.exe\NETAPI32.dll ok scanned
12/08/2009 8:21:32 PM File: C:\Windows\system32\NETAPI32.dll ok scanned
12/08/2009 8:21:32 PM Running module: svchost.exe\MPR.dll ok scanned
12/08/2009 8:21:32 PM File: C:\Windows\system32\MPR.dll ok scanned
12/08/2009 8:21:32 PM Running module: svchost.exe\SETUPAPI.dll ok scanned
12/08/2009 8:21:32 PM File: C:\Windows\system32\SETUPAPI.dll ok scanned
12/08/2009 8:21:32 PM Running module: svchost.exe\wbemcore.dll ok scanned
12/08/2009 8:21:32 PM File: C:\Windows\system32\wbem\wbemcore.dll ok scanned
12/08/2009 8:21:32 PM Running module: svchost.exe\esscli.dll ok scanned
12/08/2009 8:21:32 PM File: C:\Windows\system32\wbem\esscli.dll ok scanned
12/08/2009 8:21:32 PM Running module: svchost.exe\FastProx.dll ok scanned
12/08/2009 8:21:32 PM File: C:\Windows\system32\wbem\FastProx.dll ok scanned
12/08/2009 8:21:32 PM Running module: svchost.exe\NTDSAPI.dll ok scanned
12/08/2009 8:21:32 PM File: C:\Windows\system32\NTDSAPI.dll ok scanned
12/08/2009 8:21:32 PM Running module: svchost.exe\wmiutils.dll ok scanned
12/08/2009 8:21:32 PM File: C:\Windows\system32\wbem\wmiutils.dll ok scanned
12/08/2009 8:21:32 PM Running module: svchost.exe\repdrvfs.dll ok scanned
12/08/2009 8:21:32 PM File: C:\Windows\system32\wbem\repdrvfs.dll ok scanned
12/08/2009 8:21:32 PM Running module: svchost.exe\wmiprvsd.dll ok scanned
12/08/2009 8:21:32 PM File: C:\Windows\system32\wbem\wmiprvsd.dll ok scanned
12/08/2009 8:21:32 PM Running module: svchost.exe\NCObjAPI.DLL ok scanned
12/08/2009 8:21:33 PM File: C:\Windows\system32\NCObjAPI.DLL ok scanned
12/08/2009 8:21:33 PM Running module: svchost.exe\wbemess.dll ok scanned
12/08/2009 8:21:33 PM File: C:\Windows\system32\wbem\wbemess.dll ok scanned
12/08/2009 8:21:33 PM Running module: svchost.exe\ncprov.dll ok scanned
12/08/2009 8:21:33 PM File: C:\Windows\system32\wbem\ncprov.dll ok scanned
12/08/2009 8:21:33 PM Running module: svchost.exe\wbemsvc.dll ok scanned
12/08/2009 8:21:33 PM File: C:\Windows\system32\wbem\wbemsvc.dll ok scanned
12/08/2009 8:21:33 PM Running module: svchost.exe\svchost.exe ok scanned
12/08/2009 8:21:33 PM File: C:\Windows\system32\svchost.exe ok scanned
12/08/2009 8:21:33 PM Running module: svchost.exe\ntdll.dll ok scanned
12/08/2009 8:21:33 PM File: C:\Windows\system32\ntdll.dll ok scanned
12/08/2009 8:21:33 PM Running module: svchost.exe\kernel32.dll ok scanned
12/08/2009 8:21:33 PM File: C:\Windows\system32\kernel32.dll ok scanned
12/08/2009 8:21:33 PM Running module: svchost.exe\msvcrt.dll ok scanned
12/08/2009 8:21:33 PM File: C:\Windows\system32\msvcrt.dll ok scanned
12/08/2009 8:21:33 PM Running module: svchost.exe\ADVAPI32.dll ok scanned
12/08/2009 8:21:33 PM File: C:\Windows\system32\ADVAPI32.dll ok scanned
12/08/2009 8:21:33 PM Running module: svchost.exe\RPCRT4.dll ok scanned
12/08/2009 8:21:33 PM File: C:\Windows\system32\RPCRT4.dll ok scanned
12/08/2009 8:21:33 PM Running module: svchost.exe\NTMARTA.DLL ok scanned
12/08/2009 8:21:33 PM File: C:\Windows\system32\NTMARTA.DLL ok scanned
12/08/2009 8:21:33 PM Running module: svchost.exe\USER32.dll ok scanned
12/08/2009 8:21:33 PM File: C:\Windows\system32\USER32.dll ok scanned
12/08/2009 8:21:33 PM Running module: svchost.exe\GDI32.dll ok scanned
12/08/2009 8:21:33 PM File: C:\Windows\system32\GDI32.dll ok scanned
12/08/2009 8:21:33 PM Running module: svchost.exe\WLDAP32.dll ok scanned
12/08/2009 8:21:33 PM File: C:\Windows\system32\WLDAP32.dll ok scanned
12/08/2009 8:21:33 PM Running module: svchost.exe\WS2_32.dll ok scanned
12/08/2009 8:21:33 PM File: C:\Windows\system32\WS2_32.dll ok scanned
12/08/2009 8:21:33 PM Running module: svchost.exe\NSI.dll ok scanned
12/08/2009 8:21:33 PM File: C:\Windows\system32\NSI.dll ok scanned
12/08/2009 8:21:33 PM Running module: svchost.exe\PSAPI.DLL ok scanned
12/08/2009 8:21:33 PM File: C:\Windows\system32\PSAPI.DLL ok scanned
12/08/2009 8:21:33 PM Running module: svchost.exe\SAMLIB.dll ok scanned
12/08/2009 8:21:33 PM File: C:\Windows\system32\SAMLIB.dll ok scanned
12/08/2009 8:21:33 PM Running module: svchost.exe\ole32.dll ok scanned
12/08/2009 8:21:33 PM File: C:\Windows\system32\ole32.dll ok scanned
12/08/2009 8:21:33 PM Running module: svchost.exe\IMM32.DLL ok scanned
12/08/2009 8:21:33 PM File: C:\Windows\system32\IMM32.DLL ok scanned
12/08/2009 8:21:33 PM Running module: svchost.exe\MSCTF.dll ok scanned
12/08/2009 8:21:33 PM File: C:\Windows\system32\MSCTF.dll ok scanned
12/08/2009 8:21:33 PM Running module: svchost.exe\LPK.DLL ok scanned
12/08/2009 8:21:33 PM File: C:\Windows\system32\LPK.DLL ok scanned
12/08/2009 8:21:33 PM Running module: svchost.exe\USP10.dll ok scanned
12/08/2009 8:21:33 PM File: C:\Windows\system32\USP10.dll ok scanned
12/08/2009 8:21:33 PM Running module: svchost.exe\cryptsvc.dll ok scanned
12/08/2009 8:21:33 PM File: c:\windows\system32\cryptsvc.dll ok scanned
12/08/2009 8:21:33 PM Running module: svchost.exe\OLEAUT32.dll ok scanned
12/08/2009 8:21:33 PM File: C:\Windows\system32\OLEAUT32.dll ok scanned
12/08/2009 8:21:33 PM Running module: svchost.exe\VSSAPI.DLL ok scanned
12/08/2009 8:21:33 PM File: c:\windows\system32\VSSAPI.DLL ok scanned
12/08/2009 8:21:33 PM Running module: svchost.exe\ATL.DLL ok scanned
12/08/2009 8:21:33 PM File: c:\windows\system32\ATL.DLL ok scanned
12/08/2009 8:21:33 PM Running module: svchost.exe\vsstrace.dll ok scanned
12/08/2009 8:21:33 PM File: c:\windows\system32\vsstrace.dll ok scanned
12/08/2009 8:21:33 PM Running module: svchost.exe\AUTHZ.dll ok scanned
12/08/2009 8:21:33 PM File: c:\windows\system32\AUTHZ.dll ok scanned
12/08/2009 8:21:33 PM Running module: svchost.exe\XmlLite.dll ok scanned
12/08/2009 8:21:33 PM File: c:\windows\system32\XmlLite.dll ok scanned
12/08/2009 8:21:33 PM Running module: svchost.exe\NETAPI32.dll ok scanned
12/08/2009 8:21:33 PM File: c:\windows\system32\NETAPI32.dll ok scanned
12/08/2009 8:21:33 PM Running module: svchost.exe\MPR.dll ok scanned
12/08/2009 8:21:34 PM File: c:\windows\system32\MPR.dll ok scanned
12/08/2009 8:21:34 PM Running module: svchost.exe\SETUPAPI.dll ok scanned
12/08/2009 8:21:34 PM File: C:\Windows\system32\SETUPAPI.dll ok scanned
12/08/2009 8:21:34 PM Running module: svchost.exe\CRYPT32.dll ok scanned
12/08/2009 8:21:34 PM File: c:\windows\system32\CRYPT32.dll ok scanned
12/08/2009 8:21:34 PM Running module: svchost.exe\MSASN1.dll ok scanned
12/08/2009 8:21:34 PM File: c:\windows\system32\MSASN1.dll ok scanned
12/08/2009 8:21:34 PM Running module: svchost.exe\USERENV.dll ok scanned
12/08/2009 8:21:34 PM File: c:\windows\system32\USERENV.dll ok scanned
12/08/2009 8:21:34 PM Running module: svchost.exe\Secur32.dll ok scanned
12/08/2009 8:21:34 PM File: c:\windows\system32\Secur32.dll ok scanned
12/08/2009 8:21:34 PM Running module: svchost.exe\ESENT.dll ok scanned
12/08/2009 8:21:34 PM File: C:\Windows\system32\ESENT.dll ok scanned
12/08/2009 8:21:34 PM Running module: svchost.exe\SHELL32.dll ok scanned
12/08/2009 8:21:34 PM File: C:\Windows\system32\SHELL32.dll ok scanned
12/08/2009 8:21:34 PM Running module: svchost.exe\SHLWAPI.dll ok scanned
12/08/2009 8:21:34 PM File: C:\Windows\system32\SHLWAPI.dll ok scanned
12/08/2009 8:21:34 PM Running module: svchost.exe\comctl32.dll ok scanned
12/08/2009 8:21:34 PM File: C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll ok scanned
12/08/2009 8:21:34 PM Running module: svchost.exe\CRYPTNET.dll ok scanned
12/08/2009 8:21:34 PM File: C:\Windows\system32\CRYPTNET.dll ok scanned
12/08/2009 8:21:34 PM Running module: svchost.exe\SensApi.dll ok scanned
12/08/2009 8:21:34 PM File: C:\Windows\system32\SensApi.dll ok scanned
12/08/2009 8:21:34 PM Running module: svchost.exe\WINHTTP.dll ok scanned
12/08/2009 8:21:34 PM File: C:\Windows\system32\WINHTTP.dll ok scanned
12/08/2009 8:21:34 PM Running module: svchost.exe\mswsock.dll ok scanned
12/08/2009 8:21:34 PM File: C:\Windows\system32\mswsock.dll ok scanned
12/08/2009 8:21:34 PM Running module: svchost.exe\wshtcpip.dll ok scanned
12/08/2009 8:21:34 PM File: C:\Windows\System32\wshtcpip.dll ok scanned
12/08/2009 8:21:34 PM Running module: svchost.exe\wship6.dll ok scanned
12/08/2009 8:21:34 PM File: C:\Windows\System32\wship6.dll ok scanned
12/08/2009 8:21:34 PM Running module: svchost.exe\IPHLPAPI.DLL ok scanned
12/08/2009 8:21:34 PM File: C:\Windows\system32\IPHLPAPI.DLL ok scanned
12/08/2009 8:21:34 PM Running module: svchost.exe\dhcpcsvc.DLL ok scanned
12/08/2009 8:21:34 PM File: C:\Windows\system32\dhcpcsvc.DLL ok scanned
12/08/2009 8:21:34 PM Running module: svchost.exe\DNSAPI.dll ok scanned
12/08/2009 8:21:34 PM File: C:\Windows\system32\DNSAPI.dll ok scanned
12/08/2009 8:21:34 PM Running module: svchost.exe\WINNSI.DLL ok scanned
12/08/2009 8:21:34 PM File: C:\Windows\system32\WINNSI.DLL ok scanned
12/08/2009 8:21:34 PM Running module: svchost.exe\dhcpcsvc6.DLL ok scanned
12/08/2009 8:21:34 PM File: C:\Windows\system32\dhcpcsvc6.DLL ok scanned
12/08/2009 8:21:34 PM Running module: explorer.exe\Explorer.EXE ok scanned
12/08/2009 8:21:34 PM File: C:\Windows\Explorer.EXE ok scanned
12/08/2009 8:21:34 PM Running module: explorer.exe\ntdll.dll ok scanned
12/08/2009 8:21:34 PM File: C:\Windows\system32\ntdll.dll ok scanned
12/08/2009 8:21:34 PM Running module: explorer.exe\kernel32.dll ok scanned
12/08/2009 8:21:34 PM File: C:\Windows\system32\kernel32.dll ok scanned
12/08/2009 8:21:34 PM Running module: explorer.exe\ADVAPI32.dll ok scanned
12/08/2009 8:21:34 PM File: C:\Windows\system32\ADVAPI32.dll ok scanned
12/08/2009 8:21:34 PM Running module: explorer.exe\RPCRT4.dll ok scanned
12/08/2009 8:21:34 PM File: C:\Windows\system32\RPCRT4.dll ok scanned
12/08/2009 8:21:34 PM Running module: explorer.exe\GDI32.dll ok scanned
12/08/2009 8:21:34 PM File: C:\Windows\system32\GDI32.dll ok scanned
12/08/2009 8:21:34 PM Running module: explorer.exe\USER32.dll ok scanned
12/08/2009 8:21:34 PM File: C:\Windows\system32\USER32.dll ok scanned
12/08/2009 8:21:34 PM Running module: explorer.exe\msvcrt.dll ok scanned
12/08/2009 8:21:34 PM File: C:\Windows\system32\msvcrt.dll ok scanned
12/08/2009 8:21:34 PM Running module: explorer.exe\SHLWAPI.dll ok scanned
12/08/2009 8:21:34 PM File: C:\Windows\system32\SHLWAPI.dll ok scanned
12/08/2009 8:21:34 PM Running module: explorer.exe\SHELL32.dll ok scanned
12/08/2009 8:21:34 PM File: C:\Windows\system32\SHELL32.dll ok scanned
12/08/2009 8:21:34 PM Running module: explorer.exe\ole32.dll ok scanned
12/08/2009 8:21:35 PM File: C:\Windows\system32\ole32.dll ok scanned
12/08/2009 8:21:35 PM Running module: explorer.exe\OLEAUT32.dll ok scanned
12/08/2009 8:21:35 PM File: C:\Windows\system32\OLEAUT32.dll ok scanned
12/08/2009 8:21:35 PM Running module: explorer.exe\SHDOCVW.dll ok scanned
12/08/2009 8:21:35 PM File: C:\Windows\system32\SHDOCVW.dll ok scanned
12/08/2009 8:21:35 PM Running module: explorer.exe\UxTheme.dll ok scanned
12/08/2009 8:21:35 PM File: C:\Windows\system32\UxTheme.dll ok scanned
12/08/2009 8:21:35 PM Running module: explorer.exe\POWRPROF.dll ok scanned
12/08/2009 8:21:35 PM File: C:\Windows\system32\POWRPROF.dll ok scanned
12/08/2009 8:21:35 PM Running module: explorer.exe\dwmapi.dll ok scanned
12/08/2009 8:21:35 PM File: C:\Windows\system32\dwmapi.dll ok scanned
12/08/2009 8:21:35 PM Running module: explorer.exe\gdiplus.dll ok scanned
12/08/2009 8:21:35 PM File: C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll ok scanned
12/08/2009 8:21:35 PM Running module: explorer.exe\slc.dll ok scanned
12/08/2009 8:21:35 PM File: C:\Windows\system32\slc.dll ok scanned
12/08/2009 8:21:35 PM Running module: explorer.exe\PROPSYS.dll ok scanned
12/08/2009 8:21:35 PM File: C:\Windows\system32\PROPSYS.dll ok scanned
12/08/2009 8:21:35 PM Running module: explorer.exe\BROWSEUI.dll ok scanned
12/08/2009 8:21:35 PM File: C:\Windows\system32\BROWSEUI.dll ok scanned
12/08/2009 8:21:35 PM Running module: explorer.exe\IMM32.dll ok scanned
12/08/2009 8:21:35 PM File: C:\Windows\system32\IMM32.dll ok scanned
12/08/2009 8:21:35 PM Running module: explorer.exe\MSCTF.dll ok scanned
12/08/2009 8:21:35 PM File: C:\Windows\system32\MSCTF.dll ok scanned
12/08/2009 8:21:35 PM Running module: explorer.exe\DUser.dll ok scanned
12/08/2009 8:21:35 PM File: C:\Windows\system32\DUser.dll ok scanned
12/08/2009 8:21:35 PM Running module: explorer.exe\LPK.DLL ok scanned
12/08/2009 8:21:35 PM File: C:\Windows\system32\LPK.DLL ok scanned
12/08/2009 8:21:35 PM Running module: explorer.exe\USP10.dll ok scanned
12/08/2009 8:21:35 PM File: C:\Windows\system32\USP10.dll ok scanned
12/08/2009 8:21:35 PM Running module: explorer.exe\comctl32.dll ok scanned
12/08/2009 8:21:35 PM File: C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll ok scanned
12/08/2009 8:21:35 PM Running module: explorer.exe\WindowsCodecs.dll ok scanned
12/08/2009 8:21:35 PM File: C:\Windows\system32\WindowsCodecs.dll ok scanned
12/08/2009 8:21:35 PM Running module: explorer.exe\apphelp.dll ok scanned
12/08/2009 8:21:35 PM File: C:\Windows\system32\apphelp.dll ok scanned
12/08/2009 8:21:35 PM Running module: explorer.exe\CLBCatQ.DLL ok scanned
12/08/2009 8:21:35 PM File: C:\Windows\system32\CLBCatQ.DLL ok scanned
12/08/2009 8:21:35 PM Running module: explorer.exe\GrooveShellExtensions.dll ok scanned
12/08/2009 8:21:35 PM File: C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll ok scanned
12/08/2009 8:21:35 PM Running module: explorer.exe\GrooveUtil.DLL ok scanned
12/08/2009 8:21:35 PM File: C:\Program Files\Microsoft Office\Office12\GrooveUtil.DLL ok scanned
12/08/2009 8:21:35 PM Running module: explorer.exe\WININET.dll ok scanned
12/08/2009 8:21:35 PM File: C:\Windows\system32\WININET.dll ok scanned
12/08/2009 8:21:35 PM Running module: explorer.exe\Normaliz.dll ok scanned
12/08/2009 8:21:35 PM File: C:\Windows\system32\Normaliz.dll ok scanned
12/08/2009 8:21:35 PM Running module: explorer.exe\urlmon.dll ok scanned
12/08/2009 8:21:35 PM File: C:\Windows\system32\urlmon.dll ok scanned
12/08/2009 8:21:35 PM Running module: explorer.exe\iertutil.dll ok scanned
12/08/2009 8:21:35 PM File: C:\Windows\system32\iertutil.dll ok scanned
12/08/2009 8:21:35 PM Running module: explorer.exe\CRYPT32.dll ok scanned
12/08/2009 8:21:35 PM File: C:\Windows\system32\CRYPT32.dll ok scanned
12/08/2009 8:21:35 PM Running module: explorer.exe\MSASN1.dll ok scanned
12/08/2009 8:21:35 PM File: C:\Windows\system32\MSASN1.dll ok scanned
12/08/2009 8:21:35 PM Running module: explorer.exe\USERENV.dll ok scanned
12/08/2009 8:21:35 PM File: C:\Windows\system32\USERENV.dll ok scanned
12/08/2009 8:21:35 PM Running module: explorer.exe\Secur32.dll ok scanned
12/08/2009 8:21:35 PM File: C:\Windows\system32\Secur32.dll ok scanned
12/08/2009 8:21:35 PM Running module: explorer.exe\MSVCR80.dll ok scanned
12/08/2009 8:21:35 PM File: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.3053_none_d08d7bba442a9b36\MSVCR80.dll ok scanned
12/08/2009 8:21:35 PM Running module: explorer.exe\GrooveNew.DLL ok scanned
12/08/2009 8:21:35 PM File: C:\Program Files\Microsoft Office\Office12\GrooveNew.DLL ok scanned
12/08/2009 8:21:35 PM Running module: explorer.exe\VERSION.dll ok scanned
12/08/2009 8:21:35 PM File: C:\Windows\system32\VERSION.dll ok scanned
12/08/2009 8:21:35 PM Running module: explorer.exe\ATL80.DLL ok scanned
12/08/2009 8:21:35 PM File: C:\Windows\WinSxS\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_11ecb0ab9b2caf3c\ATL80.DLL ok scanned
12/08/2009 8:21:35 PM Running module: explorer.exe\rsaenh.dll ok scanned
12/08/2009 8:21:35 PM File: C:\Windows\system32\rsaenh.dll ok scanned
12/08/2009 8:21:35 PM Running module: explorer.exe\MSImg32.dll ok scanned
12/08/2009 8:21:35 PM File: C:\Windows\system32\MSImg32.dll ok scanned
12/08/2009 8:21:35 PM Running module: explorer.exe\IconCodecService.dll ok scanned
12/08/2009 8:21:36 PM File: C:\Windows\system32\IconCodecService.dll ok scanned
12/08/2009 8:21:36 PM Running module: explorer.exe\ieframe.dll ok scanned
12/08/2009 8:21:36 PM File: C:\Windows\system32\ieframe.dll ok scanned
12/08/2009 8:21:36 PM Running module: explorer.exe\LINKINFO.dll ok scanned
12/08/2009 8:21:36 PM File: C:\Windows\system32\LINKINFO.dll ok scanned
12/08/2009 8:21:36 PM Running module: explorer.exe\timedate.cpl ok scanned
12/08/2009 8:21:36 PM File: C:\Windows\system32\timedate.cpl ok scanned
12/08/2009 8:21:36 PM Running module: explorer.exe\ATL.DLL ok scanned
12/08/2009 8:21:36 PM File: C:\Windows\system32\ATL.DLL ok scanned
12/08/2009 8:21:36 PM Running module: explorer.exe\NETAPI32.dll ok scanned
12/08/2009 8:21:36 PM File: C:\Windows\system32\NETAPI32.dll ok scanned
12/08/2009 8:21:36 PM Running module: explorer.exe\PSAPI.DLL ok scanned
12/08/2009 8:21:36 PM File: C:\Windows\system32\PSAPI.DLL ok scanned
12/08/2009 8:21:36 PM Running module: explorer.exe\OLEACC.dll ok scanned
12/08/2009 8:21:36 PM File: C:\Windows\system32\OLEACC.dll ok scanned
12/08/2009 8:21:36 PM Running module: explorer.exe\WINBRAND.dll ok scanned
12/08/2009 8:21:36 PM File: C:\Windows\system32\WINBRAND.dll ok scanned
12/08/2009 8:21:36 PM Running module: explorer.exe\msutb.dll ok scanned
12/08/2009 8:21:36 PM File: C:\Windows\system32\msutb.dll ok scanned
12/08/2009 8:21:36 PM Running module: explorer.exe\WTSAPI32.dll ok scanned
12/08/2009 8:21:36 PM File: C:\Windows\system32\WTSAPI32.dll ok scanned
12/08/2009 8:21:36 PM Running module: explorer.exe\wmpband.dll ok scanned
12/08/2009 8:21:36 PM File: C:\PROGRA~1\WI4EB4~1\wmpband.dll ok scanned
12/08/2009 8:21:36 PM Running module: explorer.exe\MPR.dll ok scanned
12/08/2009 8:21:36 PM File: C:\Windows\system32\MPR.dll ok scanned
12/08/2009 8:21:36 PM Running module: explorer.exe\shacct.dll ok scanned
12/08/2009 8:21:36 PM File: C:\Windows\System32\shacct.dll ok scanned
12/08/2009 8:21:36 PM Running module: explorer.exe\SAMLIB.dll ok scanned
12/08/2009 8:21:36 PM File: C:\Windows\System32\SAMLIB.dll ok scanned
12/08/2009 8:21:36 PM Running module: explorer.exe\msshsq.dll ok scanned
12/08/2009 8:21:36 PM File: C:\Windows\System32\msshsq.dll ok scanned
12/08/2009 8:21:36 PM Running module: explorer.exe\NaturalLanguage6.dll ok scanned
12/08/2009 8:21:36 PM File: C:\Windows\System32\NaturalLanguage6.dll ok scanned
12/08/2009 8:21:36 PM Running module: explorer.exe\authui.dll ok scanned
12/08/2009 8:21:36 PM File: C:\Windows\system32\authui.dll ok scanned
12/08/2009 8:21:36 PM Running module: explorer.exe\stobject.dll ok scanned
12/08/2009 8:21:36 PM File: C:\Windows\system32\stobject.dll ok scanned
12/08/2009 8:21:36 PM Running module: explorer.exe\BatMeter.dll ok scanned
12/08/2009 8:21:36 PM File: C:\Windows\system32\BatMeter.dll ok scanned
12/08/2009 8:21:36 PM Running module: explorer.exe\SETUPAPI.dll ok scanned
12/08/2009 8:21:36 PM File: C:\Windows\system32\SETUPAPI.dll ok scanned
12/08/2009 8:21:36 PM Running module: explorer.exe\WINSTA.dll ok scanned
12/08/2009 8:21:36 PM File: C:\Windows\system32\WINSTA.dll ok scanned
12/08/2009 8:21:36 PM Running module: explorer.exe\es.dll ok scanned
12/08/2009 8:21:36 PM File: C:\Windows\system32\es.dll ok scanned
12/08/2009 8:21:36 PM Running module: explorer.exe\SndVolSSO.dll ok scanned
12/08/2009 8:21:36 PM File: C:\Windows\System32\SndVolSSO.dll ok scanned
12/08/2009 8:21:36 PM Running module: explorer.exe\MMDevApi.dll ok scanned
12/08/2009 8:21:36 PM File: C:\Windows\System32\MMDevApi.dll ok scanned
12/08/2009 8:21:36 PM Running module: explorer.exe\ehSSO.dll ok scanned
12/08/2009 8:21:36 PM File: C:\Windows\ehome\ehSSO.dll ok scanned
12/08/2009 8:21:36 PM Running module: explorer.exe\HID.DLL ok scanned
12/08/2009 8:21:36 PM File: C:\Windows\system32\HID.DLL ok scanned
12/08/2009 8:21:36 PM Running module: explorer.exe\netshell.dll ok scanned
12/08/2009 8:21:36 PM File: C:\Windows\System32\netshell.dll ok scanned
12/08/2009 8:21:36 PM Running module: explorer.exe\WS2_32.dll ok scanned
12/08/2009 8:21:36 PM File: C:\Windows\system32\WS2_32.dll ok scanned
12/08/2009 8:21:36 PM Running module: explorer.exe\NSI.dll ok scanned
12/08/2009 8:21:36 PM File: C:\Windows\system32\NSI.dll ok scanned
12/08/2009 8:21:36 PM Running module: explorer.exe\IPHLPAPI.DLL ok scanned
12/08/2009 8:21:36 PM File: C:\Windows\System32\IPHLPAPI.DLL ok scanned
12/08/2009 8:21:36 PM Running module: explorer.exe\dhcpcsvc.DLL ok scanned
12/08/2009 8:21:36 PM File: C:\Windows\System32\dhcpcsvc.DLL ok scanned
12/08/2009 8:21:36 PM Running module: explorer.exe\DNSAPI.dll ok scanned
12/08/2009 8:21:36 PM File: C:\Windows\System32\DNSAPI.dll ok scanned
12/08/2009 8:21:36 PM Running module: explorer.exe\WINNSI.DLL ok scanned
12/08/2009 8:21:36 PM File: C:\Windows\System32\WINNSI.DLL ok scanned
12/08/2009 8:21:36 PM Running module: explorer.exe\dhcpcsvc6.DLL ok scanned
12/08/2009 8:21:36 PM File: C:\Windows\System32\dhcpcsvc6.DLL ok scanned
12/08/2009 8:21:36 PM Running module: explorer.exe\nlaapi.dll ok scanned
12/08/2009 8:21:36 PM File: C:\Windows\System32\nlaapi.dll ok scanned
12/08/2009 8:21:36 PM Running module: explorer.exe\FirewallAPI.dll ok scanned
12/08/2009 8:21:37 PM File: C:\Windows\system32\FirewallAPI.dll ok scanned
12/08/2009 8:21:37 PM Running module: explorer.exe\pnidui.dll ok scanned
12/08/2009 8:21:37 PM File: C:\Windows\system32\pnidui.dll ok scanned
12/08/2009 8:21:37 PM Running module: explorer.exe\QUtil.dll ok scanned
12/08/2009 8:21:37 PM File: C:\Windows\system32\QUtil.dll ok scanned
12/08/2009 8:21:37 PM Running module: explorer.exe\wevtapi.dll ok scanned
12/08/2009 8:21:37 PM File: C:\Windows\system32\wevtapi.dll ok scanned
12/08/2009 8:21:37 PM Running module: explorer.exe\wlanutil.dll ok scanned
12/08/2009 8:21:37 PM File: C:\Windows\system32\wlanutil.dll ok scanned
12/08/2009 8:21:37 PM Running module: explorer.exe\FunDisc.dll ok scanned
12/08/2009 8:21:37 PM File: C:\Windows\system32\FunDisc.dll ok scanned
12/08/2009 8:21:37 PM Running module: explorer.exe\fdproxy.dll ok scanned
12/08/2009 8:21:37 PM File: C:\Windows\system32\fdproxy.dll ok scanned
12/08/2009 8:21:37 PM Running module: explorer.exe\msxml3.dll ok scanned
12/08/2009 8:21:37 PM File: C:\Windows\System32\msxml3.dll ok scanned
12/08/2009 8:21:37 PM Running module: explorer.exe\WINMM.dll ok scanned
12/08/2009 8:21:37 PM File: C:\Windows\system32\WINMM.dll ok scanned
12/08/2009 8:21:37 PM Running module: explorer.exe\ExplorerFrame.dll ok scanned
12/08/2009 8:21:37 PM File: C:\Windows\system32\ExplorerFrame.dll ok scanned
12/08/2009 8:21:37 PM Running module: explorer.exe\wdmaud.drv ok scanned
12/08/2009 8:21:37 PM File: C:\Windows\system32\wdmaud.drv ok scanned
12/08/2009 8:21:37 PM Running module: explorer.exe\ksuser.dll ok scanned
12/08/2009 8:21:37 PM File: C:\Windows\system32\ksuser.dll ok scanned
12/08/2009 8:21:37 PM Running module: explorer.exe\AVRT.dll ok scanned
12/08/2009 8:21:37 PM File: C:\Windows\system32\AVRT.dll ok scanned
12/08/2009 8:21:37 PM Running module: explorer.exe\ntshrui.dll ok scanned
12/08/2009 8:21:37 PM File: C:\Windows\system32\ntshrui.dll ok scanned
12/08/2009 8:21:37 PM Running module: explorer.exe\NTMARTA.DLL ok scanned
12/08/2009 8:21:37 PM File: C:\Windows\system32\NTMARTA.DLL ok scanned
12/08/2009 8:21:37 PM Running module: explorer.exe\WLDAP32.dll ok scanned
12/08/2009 8:21:37 PM File: C:\Windows\system32\WLDAP32.dll ok scanned
12/08/2009 8:21:37 PM Running module: explorer.exe\cscapi.dll ok scanned
12/08/2009 8:21:37 PM File: C:\Windows\system32\cscapi.dll ok scanned
12/08/2009 8:21:37 PM Running module: explorer.exe\GrooveSystemServices.dll ok scanned
12/08/2009 8:21:37 PM File: C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll ok scanned
12/08/2009 8:21:37 PM Running module: explorer.exe\msiltcfg.dll ok scanned
12/08/2009 8:21:37 PM File: C:\Windows\system32\msiltcfg.dll ok scanned
12/08/2009 8:21:37 PM Running module: explorer.exe\msi.dll ok scanned
12/08/2009 8:21:37 PM File: C:\Windows\system32\msi.dll ok scanned
12/08/2009 8:21:37 PM Running module: explorer.exe\SXS.DLL ok scanned
12/08/2009 8:21:37 PM File: C:\Windows\system32\SXS.DLL ok scanned
12/08/2009 8:21:37 PM Running module: explorer.exe\GrooveMisc.dll ok scanned
12/08/2009 8:21:37 PM File: C:\Program Files\Microsoft Office\Office12\GrooveMisc.dll ok scanned
12/08/2009 8:21:37 PM Running module: explorer.exe\ACTXPRXY.DLL ok scanned
12/08/2009 8:21:37 PM File: C:\Windows\system32\ACTXPRXY.DLL ok scanned
12/08/2009 8:21:37 PM Running module: explorer.exe\WINTRUST.dll ok scanned
12/08/2009 8:21:37 PM File: C:\Windows\system32\WINTRUST.dll ok scanned
12/08/2009 8:21:37 PM Running module: explorer.exe\imagehlp.dll ok scanned
12/08/2009 8:21:37 PM File: C:\Windows\system32\imagehlp.dll ok scanned
12/08/2009 8:21:37 PM Running module: explorer.exe\ncrypt.dll ok scanned
12/08/2009 8:21:37 PM File: C:\Windows\system32\ncrypt.dll ok scanned
12/08/2009 8:21:37 PM Running module: explorer.exe\BCRYPT.dll ok scanned
12/08/2009 8:21:37 PM File: C:\Windows\system32\BCRYPT.dll ok scanned
12/08/2009 8:21:37 PM Running module: explorer.exe\GPAPI.dll ok scanned
12/08/2009 8:21:37 PM File: C:\Windows\system32\GPAPI.dll ok scanned
12/08/2009 8:21:37 PM Running module: explorer.exe\cryptnet.dll ok scanned
12/08/2009 8:21:37 PM File: C:\Windows\system32\cryptnet.dll ok scanned
12/08/2009 8:21:37 PM Running module: explorer.exe\SensApi.dll ok scanned
12/08/2009 8:21:37 PM File: C:\Windows\system32\SensApi.dll ok scanned
12/08/2009 8:21:37 PM Running module: explorer.exe\WINHTTP.dll ok scanned
12/08/2009 8:21:37 PM File: C:\Windows\system32\WINHTTP.dll ok scanned
12/08/2009 8:21:37 PM Running module: explorer.exe\mswsock.dll ok scanned
12/08/2009 8:21:37 PM File: C:\Windows\system32\mswsock.dll ok scanned
12/08/2009 8:21:37 PM Running module: explorer.exe\wshtcpip.dll ok scanned
12/08/2009 8:21:37 PM File: C:\Windows\System32\wshtcpip.dll ok scanned
12/08/2009 8:21:37 PM Running module: explorer.exe\wship6.dll ok scanned
12/08/2009 8:21:37 PM File: C:\Windows\System32\wship6.dll ok scanned
12/08/2009 8:21:37 PM Running module: explorer.exe\Cabinet.dll ok scanned
12/08/2009 8:21:37 PM File: C:\Windows\system32\Cabinet.dll ok scanned
12/08/2009 8:21:37 PM Running module: explorer.exe\Wlanapi.dll ok scanned
12/08/2009 8:21:37 PM File: C:\Windows\system32\Wlanapi.dll ok scanned
12/08/2009 8:21:37 PM Running module: explorer.exe\OneX.DLL ok scanned
12/08/2009 8:21:37 PM File: C:\Windows\system32\OneX.DLL ok scanned
12/08/2009 8:21:37 PM Running module: explorer.exe\eappprxy.dll ok scanned
12/08/2009 8:21:37 PM File: C:\Windows\system32\eappprxy.dll ok scanned
12/08/2009 8:21:37 PM Running module: explorer.exe\eappcfg.dll ok scanned
12/08/2009 8:21:37 PM File: C:\Windows\system32\eappcfg.dll ok scanned
12/08/2009 8:21:37 PM Running module: explorer.exe\AltTab.dll ok scanned
12/08/2009 8:21:38 PM File: C:\Windows\System32\AltTab.dll ok scanned
12/08/2009 8:21:38 PM Running module: explorer.exe\wpdshserviceobj.dll ok scanned
12/08/2009 8:21:38 PM File: C:\Windows\system32\wpdshserviceobj.dll ok scanned
12/08/2009 8:21:38 PM Running module: explorer.exe\srchadmin.dll ok scanned
12/08/2009 8:21:38 PM File: C:\Windows\System32\srchadmin.dll ok scanned
12/08/2009 8:21:38 PM Running module: explorer.exe\webcheck.dll ok scanned
12/08/2009 8:21:38 PM File: C:\Windows\System32\webcheck.dll ok scanned
12/08/2009 8:21:38 PM Running module: explorer.exe\MLANG.dll ok scanned
12/08/2009 8:21:38 PM File: C:\Windows\System32\MLANG.dll ok scanned
12/08/2009 8:21:38 PM Running module: explorer.exe\SyncCenter.dll ok scanned
12/08/2009 8:21:38 PM File: C:\Windows\System32\SyncCenter.dll ok scanned
12/08/2009 8:21:38 PM Running module: explorer.exe\wscntfy.dll ok scanned
12/08/2009 8:21:38 PM File: C:\Windows\system32\wscntfy.dll ok scanned
12/08/2009 8:21:38 PM Running module: explorer.exe\WSCAPI.dll ok scanned
12/08/2009 8:21:38 PM File: C:\Windows\system32\WSCAPI.dll ok scanned
12/08/2009 8:21:38 PM Running module: explorer.exe\bthprops.cpl ok scanned
12/08/2009 8:21:38 PM File: C:\Windows\system32\bthprops.cpl ok scanned
12/08/2009 8:21:38 PM Running module: explorer.exe\imapi2.dll ok scanned
12/08/2009 8:21:38 PM File: C:\Windows\system32\imapi2.dll ok scanned
12/08/2009 8:21:38 PM Running module: explorer.exe\QAgent.dll ok scanned
12/08/2009 8:21:38 PM File: C:\Windows\System32\QAgent.dll ok scanned
12/08/2009 8:21:38 PM Running module: explorer.exe\fwpuclnt.dll ok scanned
12/08/2009 8:21:38 PM File: C:\Windows\System32\fwpuclnt.dll ok scanned
12/08/2009 8:21:38 PM Running module: explorer.exe\PortableDeviceTypes.dll ok scanned
12/08/2009 8:21:38 PM File: C:\Windows\system32\PortableDeviceTypes.dll ok scanned
12/08/2009 8:21:38 PM Running module: explorer.exe\PortableDeviceApi.dll ok scanned
12/08/2009 8:21:38 PM File: C:\Windows\system32\PortableDeviceApi.dll ok scanned
12/08/2009 8:21:38 PM Running module: explorer.exe\NLSData0009.dll ok scanned
12/08/2009 8:21:38 PM File: C:\Windows\System32\NLSData0009.dll ok scanned
12/08/2009 8:21:38 PM Running module: explorer.exe\NLSLexicons0009.dll ok scanned
12/08/2009 8:21:38 PM File: C:\Windows\System32\NLSLexicons0009.dll ok scanned
12/08/2009 8:21:38 PM Running module: explorer.exe\ntlanman.dll ok scanned
12/08/2009 8:21:38 PM File: C:\Windows\System32\ntlanman.dll ok scanned
12/08/2009 8:21:38 PM Running module: explorer.exe\drprov.dll ok scanned
12/08/2009 8:21:38 PM File: C:\Windows\System32\drprov.dll ok scanned
12/08/2009 8:21:38 PM Running module: explorer.exe\davclnt.dll ok scanned
12/08/2009 8:21:38 PM File: C:\Windows\System32\davclnt.dll ok scanned
12/08/2009 8:21:38 PM Running module: is-1M0RG.exe\is-1M0RG.exe ok scanned
12/08/2009 8:21:38 PM File: C:\Users\robert\Desktop\Virus Removal Tool\is-1M0RG\is-1M0RG.exe ok scanned
12/08/2009 8:21:38 PM Running module: is-1M0RG.exe\ntdll.dll ok scanned
12/08/2009 8:21:38 PM File: C:\Windows\system32\ntdll.dll ok scanned
12/08/2009 8:21:38 PM Running module: is-1M0RG.exe\kernel32.dll ok scanned
12/08/2009 8:21:38 PM File: C:\Windows\system32\kernel32.dll ok scanned
12/08/2009 8:21:38 PM Running module: is-1M0RG.exe\prremote.dll ok scanned
12/08/2009 8:21:38 PM File: C:\Users\robert\Desktop\Virus Removal Tool\is-1M0RG\prremote.dll ok scanned
12/08/2009 8:21:38 PM Running module: is-1M0RG.exe\RPCRT4.dll ok scanned
12/08/2009 8:21:38 PM File: C:\Windows\system32\RPCRT4.dll ok scanned
12/08/2009 8:21:38 PM Running module: is-1M0RG.exe\ADVAPI32.dll ok scanned
12/08/2009 8:21:38 PM File: C:\Windows\system32\ADVAPI32.dll ok scanned
12/08/2009 8:21:38 PM Running module: is-1M0RG.exe\USER32.dll ok scanned
12/08/2009 8:21:38 PM File: C:\Windows\system32\USER32.dll ok scanned
12/08/2009 8:21:38 PM Running module: is-1M0RG.exe\GDI32.dll ok scanned
12/08/2009 8:21:38 PM File: C:\Windows\system32\GDI32.dll ok scanned
12/08/2009 8:21:38 PM Running module: is-1M0RG.exe\MSVCP80.dll ok scanned
12/08/2009 8:21:38 PM File: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.3053_none_d08d7bba442a9b36\MSVCP80.dll ok scanned
12/08/2009 8:21:38 PM Running module: is-1M0RG.exe\MSVCR80.dll ok scanned
12/08/2009 8:21:38 PM File: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.3053_none_d08d7bba442a9b36\MSVCR80.dll ok scanned
12/08/2009 8:21:38 PM Running module: is-1M0RG.exe\msvcrt.dll ok scanned
12/08/2009 8:21:38 PM File: C:\Windows\system32\msvcrt.dll ok scanned
12/08/2009 8:21:38 PM Running module: is-1M0RG.exe\FSSync.dll ok scanned
12/08/2009 8:21:39 PM File: C:\Users\robert\Desktop\Virus Removal Tool\is-1M0RG\FSSync.dll ok scanned
12/08/2009 8:21:39 PM Running module: is-1M0RG.exe\IMM32.DLL ok scanned
12/08/2009 8:21:39 PM File: C:\Windows\system32\IMM32.DLL ok scanned
12/08/2009 8:21:39 PM Running module: is-1M0RG.exe\MSCTF.dll ok scanned
12/08/2009 8:21:39 PM File: C:\Windows\system32\MSCTF.dll ok scanned
12/08/2009 8:21:39 PM Running module: is-1M0RG.exe\LPK.DLL ok scanned
12/08/2009 8:21:39 PM File: C:\Windows\system32\LPK.DLL ok scanned
12/08/2009 8:21:39 PM Running module: is-1M0RG.exe\USP10.dll ok scanned
12/08/2009 8:21:39 PM File: C:\Windows\system32\USP10.dll ok scanned
12/08/2009 8:21:39 PM Running module: is-1M0RG.exe\Secur32.dll ok scanned
12/08/2009 8:21:39 PM File: C:\Windows\system32\Secur32.dll ok scanned
12/08/2009 8:21:39 PM Running module: is-1M0RG.exe\AVPGS.PPL ok scanned
12/08/2009 8:21:39 PM File: C:\Users\robert\Desktop\Virus Removal Tool\is-1M0RG\AVPGS.PPL ok scanned
12/08/2009 8:21:39 PM Running module: is-1M0RG.exe\prloader.dll ok scanned
12/08/2009 8:21:39 PM File: C:\Users\robert\Desktop\Virus Removal Tool\is-1M0RG\prloader.dll ok scanned
12/08/2009 8:21:39 PM Running module: is-1M0RG.exe\ole32.dll ok scanned
12/08/2009 8:21:39 PM File: C:\Windows\system32\ole32.dll ok scanned
12/08/2009 8:21:39 PM Running module: is-1M0RG.exe\SHLWAPI.dll ok scanned
12/08/2009 8:21:39 PM File: C:\Windows\system32\SHLWAPI.dll ok scanned
12/08/2009 8:21:39 PM Running module: is-1M0RG.exe\comctl32.dll ok scanned
12/08/2009 8:21:39 PM File: C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll ok scanned
12/08/2009 8:21:39 PM Running module: is-1M0RG.exe\USERENV.dll ok scanned
12/08/2009 8:21:39 PM File: C:\Windows\system32\USERENV.dll ok scanned
12/08/2009 8:21:39 PM Running module: is-1M0RG.exe\prkernel.ppl ok scanned
12/08/2009 8:21:39 PM File: C:\Users\robert\Desktop\Virus Removal Tool\is-1M0RG\prkernel.ppl ok scanned
12/08/2009 8:21:39 PM Running module: is-1M0RG.exe\pxstub.ppl ok scanned
12/08/2009 8:21:39 PM File: c:\users\robert\desktop\virus removal tool\is-1m0rg\pxstub.ppl ok scanned
12/08/2009 8:21:39 PM Running module: is-1M0RG.exe\params.ppl ok scanned
12/08/2009 8:21:39 PM File: c:\users\robert\desktop\virus removal tool\is-1m0rg\params.ppl ok scanned
12/08/2009 8:21:39 PM Running module: is-1M0RG.exe\dtreg.ppl ok scanned
12/08/2009 8:21:39 PM File: c:\users\robert\desktop\virus removal tool\is-1m0rg\dtreg.ppl ok scanned
12/08/2009 8:21:39 PM Running module: is-1M0RG.exe\nfio.ppl ok scanned
12/08/2009 8:21:39 PM File: c:\users\robert\desktop\virus removal tool\is-1m0rg\nfio.ppl ok scanned
12/08/2009 8:21:39 PM Running module: is-1M0RG.exe\fsdrvplg.ppl ok scanned
12/08/2009 8:21:39 PM File: c:\users\robert\desktop\virus removal tool\is-1m0rg\fsdrvplg.ppl ok scanned
12/08/2009 8:21:39 PM Running module: is-1M0RG.exe\mkavio.ppl ok scanned
12/08/2009 8:21:39 PM File: c:\users\robert\desktop\virus removal tool\is-1m0rg\mkavio.ppl ok scanned
12/08/2009 8:21:39 PM Running module: is-1M0RG.exe\tempfile.ppl ok scanned
12/08/2009 8:21:39 PM File: c:\users\robert\desktop\virus removal tool\is-1m0rg\tempfile.ppl ok scanned
12/08/2009 8:21:39 PM Running module: is-1M0RG.exe\avpgui.ppl ok scanned
12/08/2009 8:21:39 PM File: c:\users\robert\desktop\virus removal tool\is-1m0rg\avpgui.ppl ok scanned
12/08/2009 8:21:39 PM Running module: is-1M0RG.exe\WININET.dll ok scanned
12/08/2009 8:21:39 PM File: C:\Windows\system32\WININET.dll ok scanned
12/08/2009 8:21:39 PM Running module: is-1M0RG.exe\Normaliz.dll ok scanned
12/08/2009 8:21:39 PM File: C:\Windows\system32\Normaliz.dll ok scanned
12/08/2009 8:21:39 PM Running module: is-1M0RG.exe\urlmon.dll ok scanned
12/08/2009 8:21:39 PM File: C:\Windows\system32\urlmon.dll ok scanned
12/08/2009 8:21:39 PM Running module: is-1M0RG.exe\OLEAUT32.dll ok scanned
12/08/2009 8:21:39 PM File: C:\Windows\system32\OLEAUT32.dll ok scanned
12/08/2009 8:21:39 PM Running module: is-1M0RG.exe\iertutil.dll ok scanned
12/08/2009 8:21:39 PM File: C:\Windows\system32\iertutil.dll ok scanned
12/08/2009 8:21:39 PM Running module: is-1M0RG.exe\SHELL32.dll ok scanned
12/08/2009 8:21:39 PM File: C:\Windows\system32\SHELL32.dll ok scanned
12/08/2009 8:21:39 PM Running module: is-1M0RG.exe\basegui.ppl ok scanned
12/08/2009 8:21:39 PM File: c:\users\robert\desktop\virus removal tool\is-1m0rg\basegui.ppl ok scanned
12/08/2009 8:21:39 PM Running module: is-1M0RG.exe\VERSION.dll ok scanned
12/08/2009 8:21:39 PM File: C:\Windows\system32\VERSION.dll ok scanned
12/08/2009 8:21:39 PM Running module: is-1M0RG.exe\WS2_32.dll ok scanned
12/08/2009 8:21:39 PM File: C:\Windows\system32\WS2_32.dll ok scanned
12/08/2009 8:21:39 PM Running module: is-1M0RG.exe\NSI.dll ok scanned
12/08/2009 8:21:39 PM File: C:\Windows\system32\NSI.dll ok scanned
12/08/2009 8:21:39 PM Running module: is-1M0RG.exe\CLBCatQ.DLL ok scanned
12/08/2009 8:21:39 PM File: C:\Windows\system32\CLBCatQ.DLL ok scanned
12/08/2009 8:21:39 PM Running module: is-1M0RG.exe\rsaenh.dll ok scanned
12/08/2009 8:21:39 PM File: C:\Windows\system32\rsaenh.dll ok scanned
12/08/2009 8:21:39 PM Running module: is-1M0RG.exe\thpimpl.ppl ok scanned
12/08/2009 8:21:39 PM File: c:\users\robert\desktop\virus removal tool\is-1m0rg\thpimpl.ppl ok scanned
12/08/2009 8:21:39 PM Running module: is-1M0RG.exe\wtsapi32.dll ok scanned
12/08/2009 8:21:39 PM File: C:\Windows\system32\wtsapi32.dll ok scanned
12/08/2009 8:21:39 PM Running module: is-1M0RG.exe\WINSTA.dll ok scanned
12/08/2009 8:21:39 PM File: C:\Windows\system32\WINSTA.dll ok scanned
12/08/2009 8:21:39 PM Running module: is-1M0RG.exe\UxTheme.dll ok scanned
12/08/2009 8:21:40 PM File: C:\Windows\system32\UxTheme.dll ok scanned
12/08/2009 8:21:40 PM Running module: is-1M0RG.exe\PROPSYS.dll ok scanned
12/08/2009 8:21:40 PM File: C:\Windows\system32\PROPSYS.dll ok scanned
12/08/2009 8:21:40 PM Running module: is-1M0RG.exe\WindowsCodecs.dll ok scanned
12/08/2009 8:21:40 PM File: C:\Windows\system32\WindowsCodecs.dll ok scanned
12/08/2009 8:21:40 PM Running module: is-1M0RG.exe\apphelp.dll ok scanned
12/08/2009 8:21:40 PM File: C:\Windows\system32\apphelp.dll ok scanned
12/08/2009 8:21:40 PM Running module: is-1M0RG.exe\GrooveShellExtensions.dll ok scanned
12/08/2009 8:21:40 PM File: C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll ok scanned
12/08/2009 8:21:40 PM Running module: is-1M0RG.exe\GrooveUtil.DLL ok scanned
12/08/2009 8:21:40 PM File: C:\Program Files\Microsoft Office\Office12\GrooveUtil.DLL ok scanned
12/08/2009 8:21:40 PM Running module: is-1M0RG.exe\CRYPT32.dll ok scanned
12/08/2009 8:21:40 PM File: C:\Windows\system32\CRYPT32.dll ok scanned
12/08/2009 8:21:40 PM Running module: is-1M0RG.exe\MSASN1.dll ok scanned
12/08/2009 8:21:40 PM File: C:\Windows\system32\MSASN1.dll ok scanned
12/08/2009 8:21:40 PM Running module: is-1M0RG.exe\GrooveNew.DLL ok scanned
12/08/2009 8:21:40 PM File: C:\Program Files\Microsoft Office\Office12\GrooveNew.DLL ok scanned
12/08/2009 8:21:40 PM Running module: is-1M0RG.exe\ATL80.DLL ok scanned
12/08/2009 8:21:40 PM File: C:\Windows\WinSxS\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_11ecb0ab9b2caf3c\ATL80.DLL ok scanned
12/08/2009 8:21:40 PM Running module: is-1M0RG.exe\MSImg32.dll ok scanned
12/08/2009 8:21:40 PM File: C:\Windows\system32\MSImg32.dll ok scanned
12/08/2009 8:21:40 PM Running module: is-1M0RG.exe\SETUPAPI.dll ok scanned
12/08/2009 8:21:40 PM File: C:\Windows\system32\SETUPAPI.dll ok scanned
12/08/2009 8:21:40 PM Running module: is-1M0RG.exe\report.ppl ok scanned
12/08/2009 8:21:40 PM File: c:\users\robert\desktop\virus removal tool\is-1m0rg\report.ppl ok scanned
12/08/2009 8:21:40 PM File: c:\windows\system32\ntvdm.exe ok scanned
12/08/2009 8:21:40 PM File: C:\Windows\system32\ntvdm.exe ok scanned
12/08/2009 8:21:40 PM File: c:\windows\system\timer.drv ok scanned
12/08/2009 8:21:40 PM File: c:\windows\system32\cmd.exe ok scanned
12/08/2009 8:21:40 PM File: c:\windows\system32\mshta.exe ok scanned
12/08/2009 8:21:40 PM File: c:\windows\system32\notepad.exe ok scanned
12/08/2009 8:21:40 PM File: c:\windows\regedit.exe ok scanned
12/08/2009 8:21:41 PM File: c:\program files\microsoft office\office12\msaccess.exe ok scanned
12/08/2009 8:21:41 PM File: c:\program files\windows media player\wmplayer.exe ok scanned
12/08/2009 8:21:41 PM File: c:\program files\gateway games\blasterball 3\blasterball3_levelhandler.exe ok scanned
12/08/2009 8:21:41 PM File: c:\windows\system32\rundll32.exe ok scanned
12/08/2009 8:21:41 PM File: c:\windows\system32\cryptext.dll ok scanned
12/08/2009 8:21:41 PM File: C:\Windows\system32\cryptext.dll ok scanned
12/08/2009 8:21:41 PM File: c:\program files\windows mail\wab.exe ok scanned
12/08/2009 8:21:41 PM File: c:\program files\divx\divx player\divx player.exe packed file PE_Patch.PECompact
12/08/2009 8:21:41 PM File: c:\program files\divx\divx player\divx player.exe//PE_Patch.PECompact packed file PecBundle
12/08/2009 8:21:41 PM File: c:\program files\divx\divx player\divx player.exe//PE_Patch.PECompact//PecBundle packed file PECompact
12/08/2009 8:21:42 PM File: c:\program files\divx\divx player\divx player.exe//PE_Patch.PECompact//PecBundle//PECompact ok scanned
12/08/2009 8:21:42 PM File: c:\program files\divx\divx player\divx player.exe//PE_Patch.PECompact//PecBundle ok scanned
12/08/2009 8:21:42 PM File: c:\program files\divx\divx player\divx player.exe//PE_Patch.PECompact ok scanned
12/08/2009 8:21:42 PM File: c:\program files\divx\divx player\divx player.exe ok scanned
12/08/2009 8:21:42 PM File: c:\program files\lizardtech\lizardtech djvu control\djvuviewer.exe ok scanned
12/08/2009 8:21:42 PM File: c:\progra~1\micros~2\office12\excel.exe ok scanned
12/08/2009 8:21:42 PM File: c:\windows\system32\netshell.dll ok scanned
12/08/2009 8:21:42 PM File: c:\windows\system32\mspaint.exe ok scanned
12/08/2009 8:21:42 PM File: c:\windows\system32\eventvwr.exe ok scanned
12/08/2009 8:21:42 PM File: c:\program files\microsoft office\office12\excel.exe ok scanned
12/08/2009 8:21:42 PM File: c:\windows\explorer.exe ok scanned
12/08/2009 8:21:42 PM File: c:\windows\system32\fontview.exe ok scanned
12/08/2009 8:21:42 PM File: c:\program files\internet explorer\iexplore.exe ok scanned
12/08/2009 8:21:42 PM File: c:\progra~1\micros~2\office12\groove.exe packed file PE_Patch
12/08/2009 8:21:42 PM File: c:\progra~1\micros~2\office12\groove.exe//PE_Patch ok scanned
12/08/2009 8:21:42 PM File: c:\progra~1\micros~2\office12\groove.exe ok scanned
12/08/2009 8:21:43 PM File: c:\windows\winhlp32.exe ok scanned
12/08/2009 8:21:43 PM File: c:\program files\windows photo gallery\photoviewer.dll ok scanned
12/08/2009 8:21:43 PM File: c:\program files\java\jre6\bin\javaw.exe ok scanned
12/08/2009 8:21:43 PM File: c:\program files\java\jre6\bin\javaws.exe ok scanned
12/08/2009 8:21:43 PM File: c:\program files\windows journal\journal.exe ok scanned
12/08/2009 8:21:43 PM File: c:\windows\system32\wscript.exe ok scanned
12/08/2009 8:21:43 PM File: c:\program files\microsoft office\office12\mstore.exe ok scanned
12/08/2009 8:21:43 PM File: c:\program files\microsoft works\msworks.exe ok scanned
12/08/2009 8:21:43 PM File: c:\program files\microsoft games\chess\chess.exe ok scanned
12/08/2009 8:21:43 PM File: c:\program files\microsoft games\purble place\purbleplace.exe ok scanned
12/08/2009 8:21:44 PM File: c:\program files\microsoft games\freecell\freecell.exe ok scanned
12/08/2009 8:21:44 PM File: c:\program files\microsoft games\hearts\hearts.exe ok scanned
12/08/2009 8:21:44 PM File: c:\program files\microsoft games\mahjong\mahjong.exe ok scanned
12/08/2009 8:21:44 PM File: c:\program files\microsoft games\minesweeper\minesweeper.exe ok scanned
12/08/2009 8:21:44 PM File: c:\program files\microsoft games\solitaire\solitaire.exe ok scanned
12/08/2009 8:21:44 PM File: c:\program files\microsoft games\spidersolitaire\spidersolitaire.exe ok scanned
12/08/2009 8:21:44 PM File: c:\windows\system32\migwiz\migwiz.exe ok scanned
12/08/2009 8:21:44 PM File: c:\windows\system32\mmc.exe ok scanned
12/08/2009 8:21:44 PM File: c:\windows\system32\msinfo32.exe ok scanned
12/08/2009 8:21:44 PM File: c:\windows\system32\shell32.dll ok scanned
12/08/2009 8:21:44 PM File: c:\windows\system32\desk.cpl ok scanned
12/08/2009 8:21:44 PM File: c:\program files\cyberlink\power2go\power2go.exe ok scanned
12/08/2009 8:21:44 PM File: c:\windows\system32\rasphone.exe ok scanned
12/08/2009 8:21:45 PM File: c:\windows\system32\perfmon.msc ok scanned
12/08/2009 8:21:45 PM File: c:\program files\microsoft office\office12\powerpnt.exe ok scanned
12/08/2009 8:21:45 PM File: c:\windows\system32\msrating.dll ok scanned
12/08/2009 8:21:45 PM File: C:\Windows\regedit.exe ok scanned
12/08/2009 8:21:45 PM File: c:\program files\windows nt\accessories\wordpad.exe ok scanned
12/08/2009 8:21:45 PM File: c:\windows\system32\sdclt.exe ok scanned
12/08/2009 8:21:45 PM File: c:\windows\system32\wpnpinst.exe ok scanned
12/08/2009 8:21:45 PM File: c:\progra~1\winzip~1\wzipse32.exe ok scanned
12/08/2009 8:21:45 PM File: c:\program files\microsoft office\office12\winword.exe ok scanned
12/08/2009 8:21:45 PM File: c:\program files\common files\microsoft shared\office12\msoxmled.exe ok scanned
12/08/2009 8:21:46 PM File: c:\windows\system32\userinit.exe ok scanned
12/08/2009 8:21:46 PM File: c:\windows\system32\igfxdev.dll ok scanned
12/08/2009 8:21:46 PM File: c:\program files\trend micro\internet security\ufseagnt.exe ok scanned
12/08/2009 8:21:46 PM File: c:\program files\java\jre6\bin\jusched.exe//# ok scanned
12/08/2009 8:21:46 PM File: c:\program files\java\jre6\bin\jusched.exe//# ok scanned
12/08/2009 8:21:46 PM File: c:\program files\java\jre6\bin\jusched.exe ok scanned
12/08/2009 8:21:46 PM File: c:\windows\sminst\launcher.exe ok scanned
12/08/2009 8:21:46 PM File: c:\windows\system32\grpconv.exe ok scanned
12/08/2009 8:21:46 PM File: c:\program files\google\googletoolbarnotifier\googletoolbarnotifier.exe ok scanned
12/08/2009 8:21:46 PM File: c:\windows\system32\aelupsvc.dll ok scanned
12/08/2009 8:21:46 PM File: c:\windows\system32\appinfo.dll ok scanned
12/08/2009 8:21:46 PM File: c:\windows\system32\audiosrv.dll ok scanned
12/08/2009 8:21:46 PM File: c:\windows\system32\bfe.dll ok scanned
12/08/2009 8:21:46 PM File: c:\windows\system32\browser.dll ok scanned
12/08/2009 8:21:46 PM File: c:\windows\system32\certprop.dll ok scanned
12/08/2009 8:21:47 PM File: c:\windows\system32\cryptsvc.dll ok scanned
12/08/2009 8:21:47 PM File: c:\windows\system32\dhcpcsvc.dll ok scanned
12/08/2009 8:21:47 PM File: c:\windows\system32\dnsrslvr.dll ok scanned
12/08/2009 8:21:47 PM File: c:\windows\system32\dot3svc.dll ok scanned
12/08/2009 8:21:47 PM File: c:\windows\ehome\ehstart.dll ok scanned
12/08/2009 8:21:47 PM File: c:\windows\system32\emdmgmt.dll ok scanned
12/08/2009 8:21:47 PM File: c:\windows\system32\es.dll ok scanned
12/08/2009 8:21:47 PM File: c:\windows\system32\fdphost.dll ok scanned
12/08/2009 8:21:47 PM File: c:\windows\system32\fdrespub.dll ok scanned
12/08/2009 8:21:47 PM File: c:\windows\system32\hidserv.dll ok scanned
12/08/2009 8:21:47 PM File: c:\program files\hp\digital imaging\bin\hpqcxs08.dll ok scanned
12/08/2009 8:21:47 PM File: c:\program files\hp\digital imaging\bin\hpqddsvc.dll ok scanned
12/08/2009 8:21:47 PM File: c:\windows\system32\ikeext.dll ok scanned
12/08/2009 8:21:47 PM File: c:\windows\system32\ipbusenum.dll ok scanned
12/08/2009 8:21:47 PM File: c:\windows\system32\iphlpsvc.dll ok scanned
12/08/2009 8:21:47 PM File: c:\windows\system32\msdtckrm.dll ok scanned
12/08/2009 8:21:47 PM File: c:\windows\system32\srvsvc.dll ok scanned
12/08/2009 8:21:47 PM File: c:\windows\system32\wkssvc.dll ok scanned
12/08/2009 8:21:47 PM File: c:\windows\system32\lltdsvc.dll ok scanned
12/08/2009 8:21:47 PM File: c:\windows\system32\lmhsvc.dll ok scanned
12/08/2009 8:21:47 PM File: c:\windows\system32\mcx2svc.dll ok scanned
12/08/2009 8:21:47 PM File: c:\windows\system32\mmcss.dll ok scanned
12/08/2009 8:21:47 PM File: c:\windows\system32\mpssvc.dll ok scanned
12/08/2009 8:21:47 PM File: c:\windows\system32\iscsiexe.dll ok scanned
12/08/2009 8:21:47 PM File: c:\windows\system32\hpzinw12.dll ok scanned
12/08/2009 8:21:47 PM File: c:\windows\system32\netman.dll ok scanned
12/08/2009 8:21:47 PM File: c:\windows\system32\netprofm.dll ok scanned
12/08/2009 8:21:47 PM File: c:\windows\system32\nlasvc.dll ok scanned
12/08/2009 8:21:47 PM File: c:\windows\system32\nsisvc.dll ok scanned
12/08/2009 8:21:47 PM File: c:\windows\system32\pcasvc.dll ok scanned
12/08/2009 8:21:47 PM File: c:\windows\system32\pla.dll ok scanned
12/08/2009 8:21:47 PM File: c:\windows\system32\umpnpmgr.dll ok scanned
12/08/2009 8:21:47 PM File: c:\windows\system32\hpzipm12.dll ok scanned
12/08/2009 8:21:47 PM File: c:\windows\system32\p2psvc.dll ok scanned
12/08/2009 8:21:47 PM File: c:\windows\system32\ipsecsvc.dll ok scanned
12/08/2009 8:21:47 PM File: c:\windows\system32\profsvc.dll ok scanned
12/08/2009 8:21:47 PM File: c:\windows\system32\qwave.dll ok scanned
12/08/2009 8:21:47 PM File: c:\windows\system32\rasauto.dll ok scanned
12/08/2009 8:21:48 PM File: c:\windows\system32\rasmans.dll ok scanned
12/08/2009 8:21:48 PM File: c:\windows\system32\mprdim.dll ok scanned
12/08/2009 8:21:48 PM File: c:\windows\system32\regsvc.dll ok scanned
12/08/2009 8:21:48 PM File: c:\windows\system32\scardsvr.dll ok scanned
12/08/2009 8:21:48 PM File: c:\windows\system32\schedsvc.dll ok scanned
12/08/2009 8:21:48 PM File: c:\windows\system32\seclogon.dll ok scanned
12/08/2009 8:21:48 PM File: c:\windows\system32\sens.dll ok scanned
12/08/2009 8:21:48 PM File: c:\windows\system32\sessenv.dll ok scanned
12/08/2009 8:21:48 PM File: c:\windows\system32\ipnathlp.dll ok scanned
12/08/2009 8:21:48 PM File: c:\windows\system32\shsvcs.dll ok scanned
12/08/2009 8:21:48 PM File: c:\windows\system32\sluinotify.dll ok scanned
12/08/2009 8:21:48 PM File: c:\windows\system32\ssdpsrv.dll ok scanned
12/08/2009 8:21:48 PM File: c:\windows\system32\sstpsvc.dll ok scanned
12/08/2009 8:21:48 PM File: c:\windows\system32\swprv.dll ok scanned
12/08/2009 8:21:48 PM File: c:\windows\system32\sysmain.dll ok scanned
12/08/2009 8:21:48 PM File: c:\windows\system32\tabsvc.dll ok scanned
12/08/2009 8:21:48 PM File: c:\windows\system32\tapisrv.dll ok scanned
12/08/2009 8:21:48 PM File: c:\windows\system32\termsrv.dll ok scanned
12/08/2009 8:21:48 PM File: c:\windows\system32\upnphost.dll ok scanned
12/08/2009 8:21:48 PM File: c:\windows\system32\uxsms.dll ok scanned
12/08/2009 8:21:48 PM File: c:\windows\system32\w32time.dll ok scanned
12/08/2009 8:21:48 PM File: c:\windows\system32\wcncsvc.dll ok scanned
12/08/2009 8:21:48 PM File: c:\windows\system32\wcspluginservice.dll ok scanned
12/08/2009 8:21:48 PM File: c:\windows\system32\webclnt.dll ok scanned
12/08/2009 8:21:48 PM File: c:\windows\system32\wecsvc.dll ok scanned
12/08/2009 8:21:48 PM File: c:\windows\system32\wercplsupport.dll ok scanned
12/08/2009 8:21:48 PM File: c:\program files\windows defender\mpsvc.dll ok scanned
12/08/2009 8:21:48 PM File: c:\windows\system32\winhttp.dll ok scanned
12/08/2009 8:21:48 PM File: c:\windows\system32\wbem\wmisvc.dll ok scanned
12/08/2009 8:21:48 PM File: c:\windows\system32\wsmsvc.dll ok scanned
12/08/2009 8:21:48 PM File: c:\windows\system32\wlansvc.dll ok scanned
12/08/2009 8:21:48 PM File: c:\windows\system32\wpdbusenum.dll ok scanned
12/08/2009 8:21:48 PM File: c:\windows\system32\wscsvc.dll ok scanned
12/08/2009 8:21:48 PM File: c:\windows\system32\wuaueng.dll ok scanned
12/08/2009 8:21:48 PM File: c:\windows\system32\wudfsvc.dll ok scanned
12/08/2009 8:21:48 PM File: c:\windows\system32\qmgr.dll ok scanned
12/08/2009 8:21:48 PM File: C:\Windows\system32\winhttp.dll ok scanned
12/08/2009 8:21:49 PM File: c:\windows\system32\drivers\ac97intc.sys packed file PE_Patch
12/08/2009 8:21:49 PM File: c:\windows\system32\drivers\ac97intc.sys//PE_Patch ok scanned
12/08/2009 8:21:49 PM File: c:\windows\system32\drivers\ac97intc.sys ok scanned
12/08/2009 8:21:49 PM File: c:\windows\system32\drivers\acpi.sys ok scanned
12/08/2009 8:21:49 PM File: c:\windows\system32\drivers\adp94xx.sys packed file PE_Patch
12/08/2009 8:21:49 PM File: c:\windows\system32\drivers\adp94xx.sys//PE_Patch ok scanned
12/08/2009 8:21:49 PM File: c:\windows\system32\drivers\adp94xx.sys ok scanned
12/08/2009 8:21:49 PM File: c:\windows\system32\drivers\adpahci.sys packed file PE_Patch
12/08/2009 8:21:49 PM File: c:\windows\system32\drivers\adpahci.sys//PE_Patch ok scanned
12/08/2009 8:21:49 PM File: c:\windows\system32\drivers\adpahci.sys ok scanned
12/08/2009 8:21:49 PM File: c:\windows\system32\drivers\adpu160m.sys packed file PE_Patch
12/08/2009 8:21:49 PM File: c:\windows\system32\drivers\adpu160m.sys//PE_Patch ok scanned
12/08/2009 8:21:49 PM File: c:\windows\system32\drivers\adpu160m.sys ok scanned
12/08/2009 8:21:49 PM File: c:\windows\system32\drivers\adpu320.sys packed file PE_Patch
12/08/2009 8:21:49 PM File: c:\windows\system32\drivers\adpu320.sys//PE_Patch ok scanned
12/08/2009 8:21:49 PM File: c:\windows\system32\drivers\adpu320.sys ok scanned
12/08/2009 8:21:49 PM File: c:\windows\system32\svchost.exe ok scanned
12/08/2009 8:21:49 PM File: c:\windows\system32\drivers\afd.sys ok scanned
12/08/2009 8:21:49 PM File: c:\windows\system32\agrsmsvc.exe ok scanned
12/08/2009 8:21:49 PM File: c:\windows\system32\drivers\agrsm.sys ok scanned
12/08/2009 8:21:49 PM File: c:\windows\system32\drivers\agp440.sys ok scanned
12/08/2009 8:21:49 PM File: c:\windows\system32\drivers\djsvs.sys packed file PE_Patch
12/08/2009 8:21:49 PM File: c:\windows\system32\drivers\djsvs.sys//PE_Patch ok scanned
12/08/2009 8:21:49 PM File: c:\windows\system32\drivers\djsvs.sys ok scanned
12/08/2009 8:21:49 PM File: c:\windows\system32\alg.exe ok scanned
12/08/2009 8:21:49 PM File: c:\windows\system32\drivers\aliide.sys ok scanned
12/08/2009 8:21:49 PM File: c:\windows\system32\drivers\amdagp.sys ok scanned
12/08/2009 8:21:49 PM File: c:\windows\system32\drivers\amdide.sys ok scanned
12/08/2009 8:21:49 PM File: c:\windows\system32\drivers\amdk7.sys ok scanned
12/08/2009 8:21:49 PM File: c:\windows\system32\drivers\amdk8.sys ok scanned
12/08/2009 8:21:49 PM File: c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe ok scanned
12/08/2009 8:21:49 PM File: c:\windows\system32\drivers\arc.sys packed file PE_Patch
12/08/2009 8:21:49 PM File: c:\windows\system32\drivers\arc.sys//PE_Patch ok scanned
12/08/2009 8:21:49 PM File: c:\windows\system32\drivers\arc.sys ok scanned
12/08/2009 8:21:49 PM File: c:\windows\system32\drivers\arcsas.sys packed file PE_Patch
12/08/2009 8:21:49 PM File: c:\windows\system32\drivers\arcsas.sys//PE_Patch ok scanned
12/08/2009 8:21:49 PM File: c:\windows\system32\drivers\arcsas.sys ok scanned
12/08/2009 8:21:49 PM File: c:\windows\system32\drivers\asyncmac.sys ok scanned
12/08/2009 8:21:50 PM File: c:\windows\system32\drivers\atapi.sys ok scanned
12/08/2009 8:21:50 PM File: c:\windows\system32\drivers\bcm4sbxp.sys packed file PE_Patch
12/08/2009 8:21:50 PM File: c:\windows\system32\drivers\bcm4sbxp.sys//PE_Patch ok scanned
12/08/2009 8:21:50 PM File: c:\windows\system32\drivers\bcm4sbxp.sys ok scanned
12/08/2009 8:21:50 PM File: c:\program files\bonjour\mdnsresponder.exe ok scanned
12/08/2009 8:21:50 PM File: c:\windows\system32\drivers\bowser.sys ok scanned
12/08/2009 8:21:50 PM File: c:\windows\system32\drivers\brfiltlo.sys packed file PE_Patch
12/08/2009 8:21:50 PM File: c:\windows\system32\drivers\brfiltlo.sys//PE_Patch ok scanned
12/08/2009 8:21:50 PM File: c:\windows\system32\drivers\brfiltlo.sys ok scanned
12/08/2009 8:21:50 PM File: c:\windows\system32\drivers\brfiltup.sys packed file PE_Patch
12/08/2009 8:21:50 PM File: c:\windows\system32\drivers\brfiltup.sys//PE_Patch ok scanned
12/08/2009 8:21:50 PM File: c:\windows\system32\drivers\brfiltup.sys ok scanned
12/08/2009 8:21:50 PM File: c:\windows\system32\drivers\brserid.sys packed file PE_Patch
12/08/2009 8:21:50 PM File: c:\windows\system32\drivers\brserid.sys//PE_Patch ok scanned
12/08/2009 8:21:50 PM File: c:\windows\system32\drivers\brserid.sys ok scanned
12/08/2009 8:21:50 PM File: c:\windows\system32\drivers\brserwdm.sys packed file PE_Patch
12/08/2009 8:21:50 PM File: c:\windows\system32\drivers\brserwdm.sys//PE_Patch ok scanned
12/08/2009 8:21:50 PM File: c:\windows\system32\drivers\brserwdm.sys ok scanned
12/08/2009 8:21:50 PM File: c:\windows\system32\drivers\brusbmdm.sys packed file PE_Patch
12/08/2009 8:21:50 PM File: c:\windows\system32\drivers\brusbmdm.sys//PE_Patch ok scanned
12/08/2009 8:21:50 PM File: c:\windows\system32\drivers\brusbmdm.sys ok scanned
12/08/2009 8:21:50 PM File: c:\windows\system32\drivers\brusbser.sys packed file PE_Patch
12/08/2009 8:21:50 PM File: c:\windows\system32\drivers\brusbser.sys//PE_Patch ok scanned
12/08/2009 8:21:50 PM File: c:\windows\system32\drivers\brusbser.sys ok scanned
12/08/2009 8:21:50 PM File: c:\windows\system32\drivers\bthmodem.sys ok scanned
12/08/2009 8:21:50 PM File: c:\windows\system32\drivers\cdfs.sys ok scanned
12/08/2009 8:21:50 PM File: c:\windows\system32\drivers\cdrom.sys ok scanned
12/08/2009 8:21:50 PM File: c:\windows\system32\drivers\circlass.sys ok scanned
12/08/2009 8:21:50 PM File: c:\windows\system32\clfs.sys ok scanned
12/08/2009 8:21:50 PM File: c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe ok scanned
12/08/2009 8:21:50 PM File: c:\windows\system32\drivers\cmbatt.sys ok scanned
12/08/2009 8:21:50 PM File: c:\windows\system32\drivers\cmdide.sys ok scanned
12/08/2009 8:21:50 PM File: c:\windows\system32\drivers\compbatt.sys ok scanned
12/08/2009 8:21:50 PM File: c:\windows\system32\dllhost.exe ok scanned
12/08/2009 8:21:51 PM File: c:\windows\system32\drivers\crcdisk.sys ok scanned
12/08/2009 8:21:51 PM File: c:\windows\system32\drivers\crusoe.sys ok scanned
12/08/2009 8:21:51 PM File: c:\windows\system32\drivers\dfsc.sys ok scanned
12/08/2009 8:21:51 PM File: c:\windows\system32\dfsr.exe ok scanned
12/08/2009 8:21:51 PM File: c:\windows\system32\drivers\disk.sys ok scanned
12/08/2009 8:21:51 PM File: c:\windows\system32\drivers\dot4.sys ok scanned
12/08/2009 8:21:51 PM File: c:\windows\system32\drivers\dot4prt.sys ok scanned
12/08/2009 8:21:51 PM File: c:\windows\system32\drivers\dot4usb.sys ok scanned
12/08/2009 8:21:51 PM File: c:\windows\system32\drivers\drmkaud.sys ok scanned
12/08/2009 8:21:51 PM File: c:\windows\system32\drivers\dxgkrnl.sys ok scanned
12/08/2009 8:21:51 PM File: c:\windows\system32\drivers\e1g60i32.sys packed file PE_Patch
12/08/2009 8:21:51 PM File: c:\windows\system32\drivers\e1g60i32.sys//PE_Patch ok scanned
12/08/2009 8:21:51 PM File: c:\windows\system32\drivers\e1g60i32.sys ok scanned
12/08/2009 8:21:51 PM File: c:\windows\system32\drivers\ecache.sys ok scanned
12/08/2009 8:21:51 PM File: c:\windows\ehome\ehrecvr.exe ok scanned
12/08/2009 8:21:51 PM File: c:\windows\ehome\ehsched.exe ok scanned
12/08/2009 8:21:51 PM File: c:\windows\system32\drivers\elxstor.sys packed file PE_Patch
12/08/2009 8:21:51 PM File: c:\windows\system32\drivers\elxstor.sys//PE_Patch ok scanned
12/08/2009 8:21:51 PM File: c:\windows\system32\drivers\elxstor.sys ok scanned
12/08/2009 8:21:51 PM File: c:\windows\system32\drivers\fdc.sys ok scanned
12/08/2009 8:21:51 PM File: c:\windows\system32\drivers\fileinfo.sys ok scanned
12/08/2009 8:21:51 PM File: c:\windows\system32\drivers\filetrace.sys ok scanned
12/08/2009 8:21:51 PM File: c:\windows\system32\drivers\flpydisk.sys ok scanned
12/08/2009 8:21:51 PM File: c:\windows\system32\drivers\fltmgr.sys ok scanned
12/08/2009 8:21:51 PM File: c:\windows\microsoft.net\framework\v3.0\wpf\presentationfontcache.exe ok scanned
12/08/2009 8:21:51 PM File: c:\windows\system32\drivers\fssfltr.sys ok scanned
12/08/2009 8:21:51 PM File: c:\program files\windows live\family safety\fsssvc.exe ok scanned
12/08/2009 8:21:51 PM File: c:\windows\system32\drivers\gagp30kx.sys ok scanned
12/08/2009 8:21:52 PM File: c:\program files\gateway games\gateway game console\gameconsoleservice.exe ok scanned
12/08/2009 8:21:52 PM File: c:\windows\system32\drivers\gearaspiwdm.sys ok scanned
12/08/2009 8:21:52 PM File: c:\program files\google\google desktop search\googledesktop.exe ok scanned
12/08/2009 8:21:52 PM File: c:\program files\google\common\google updater\googleupdaterservice.exe ok scanned
12/08/2009 8:21:52 PM File: c:\windows\system32\drivers\hdaudio.sys ok scanned
12/08/2009 8:21:52 PM File: c:\windows\system32\drivers\hdaudbus.sys ok scanned
12/08/2009 8:21:52 PM File: c:\windows\system32\drivers\hidbth.sys ok scanned
12/08/2009 8:21:52 PM File: c:\windows\system32\drivers\hidir.sys ok scanned
12/08/2009 8:21:52 PM File: c:\windows\system32\drivers\hidusb.sys ok scanned
12/08/2009 8:21:52 PM File: c:\windows\system32\drivers\hpcisss.sys packed file PE_Patch
12/08/2009 8:21:52 PM File: c:\windows\system32\drivers\hpcisss.sys//PE_Patch ok scanned
12/08/2009 8:21:52 PM File: c:\windows\system32\drivers\hpcisss.sys ok scanned
12/08/2009 8:21:52 PM File: c:\windows\system32\drivers\http.sys ok scanned
12/08/2009 8:21:52 PM File: c:\windows\system32\drivers\i2omp.sys ok scanned
12/08/2009 8:21:52 PM File: c:\windows\system32\drivers\i8042prt.sys ok scanned
12/08/2009 8:21:52 PM File: c:\program files\intel\intel matrix storage manager\iaantmon.exe ok scanned
12/08/2009 8:21:52 PM File: c:\windows\system32\drivers\ialmnt5.sys ok scanned
12/08/2009 8:21:52 PM File: c:\windows\system32\drivers\iastor.sys ok scanned
12/08/2009 8:21:52 PM File: c:\windows\system32\drivers\iastorv.sys packed file PE_Patch
12/08/2009 8:21:52 PM File: c:\windows\system32\drivers\iastorv.sys//PE_Patch ok scanned
12/08/2009 8:21:52 PM File: c:\windows\system32\drivers\iastorv.sys ok scanned
12/08/2009 8:21:53 PM File: c:\windows\microsoft.net\framework\v3.0\windows communication foundation\infocard.exe ok scanned
12/08/2009 8:21:53 PM File: c:\windows\system32\drivers\igdkmd32.sys ok scanned
12/08/2009 8:21:53 PM File: c:\windows\system32\drivers\iirsp.sys packed file PE_Patch
12/08/2009 8:21:53 PM File: c:\windows\system32\drivers\iirsp.sys//PE_Patch packed file PE_Patch
12/08/2009 8:21:53 PM File: c:\windows\system32\drivers\iirsp.sys//PE_Patch//PE_Patch ok scanned
12/08/2009 8:21:53 PM File: c:\windows\system32\drivers\iirsp.sys//PE_Patch ok scanned
12/08/2009 8:21:53 PM File: c:\windows\system32\drivers\iirsp.sys ok scanned
12/08/2009 8:21:53 PM File: c:\windows\system32\drivers\intelide.sys ok scanned
12/08/2009 8:21:53 PM File: c:\windows\system32\drivers\intelppm.sys ok scanned
12/08/2009 8:21:53 PM File: c:\windows\system32\drivers\ipfltdrv.sys ok scanned
12/08/2009 8:21:53 PM File: c:\windows\system32\drivers\ipmidrv.sys ok scanned
12/08/2009 8:21:53 PM File: c:\windows\system32\drivers\ipnat.sys ok scanned
12/08/2009 8:21:53 PM File: c:\program files\ipod\bin\ipodservice.exe ok scanned
12/08/2009 8:21:53 PM File: c:\windows\system32\drivers\irenum.sys ok scanned
12/08/2009 8:21:53 PM File: c:\windows\system32\drivers\isapnp.sys ok scanned
12/08/2009 8:21:53 PM File: c:\windows\system32\drivers\msiscsi.sys ok scanned
12/08/2009 8:21:53 PM File: c:\windows\system32\drivers\iteatapi.sys packed file PE_Patch
12/08/2009 8:21:53 PM File: c:\windows\system32\drivers\iteatapi.sys//PE_Patch ok scanned
12/08/2009 8:21:53 PM File: c:\windows\system32\drivers\iteatapi.sys ok scanned
12/08/2009 8:21:53 PM File: c:\windows\system32\drivers\iteraid.sys packed file PE_Patch
12/08/2009 8:21:53 PM File: c:\windows\system32\drivers\iteraid.sys//PE_Patch ok scanned
12/08/2009 8:21:53 PM File: c:\windows\system32\drivers\iteraid.sys ok scanned
12/08/2009 8:21:53 PM File: c:\windows\system32\drivers\kbdclass.sys ok scanned
12/08/2009 8:21:53 PM File: c:\windows\system32\drivers\kbdhid.sys ok scanned
12/08/2009 8:21:53 PM File: c:\windows\system32\lsass.exe ok scanned
12/08/2009 8:21:53 PM File: c:\windows\system32\drivers\ksecdd.sys ok scanned
12/08/2009 8:21:53 PM File: c:\windows\system32\drivers\lltdio.sys ok scanned
12/08/2009 8:21:53 PM File: c:\windows\system32\drivers\lsi_fc.sys packed file PE_Patch
12/08/2009 8:21:53 PM File: c:\windows\system32\drivers\lsi_fc.sys//PE_Patch ok scanned
12/08/2009 8:21:53 PM File: c:\windows\system32\drivers\lsi_fc.sys ok scanned
12/08/2009 8:21:53 PM File: c:\windows\system32\drivers\lsi_sas.sys packed file PE_Patch
12/08/2009 8:21:53 PM File: c:\windows\system32\drivers\lsi_sas.sys//PE_Patch ok scanned
12/08/2009 8:21:53 PM File: c:\windows\system32\drivers\lsi_sas.sys ok scanned
12/08/2009 8:21:53 PM File: c:\windows\system32\drivers\lsi_scsi.sys packed file PE_Patch
12/08/2009 8:21:53 PM File: c:\windows\system32\drivers\lsi_scsi.sys//PE_Patch ok scanned
12/08/2009 8:21:53 PM File: c:\windows\system32\drivers\lsi_scsi.sys ok scanned
12/08/2009 8:21:53 PM File: c:\windows\system32\drivers\luafv.sys ok scanned
12/08/2009 8:21:53 PM File: c:\windows\system32\drivers\megasas.sys packed file PE_Patch
12/08/2009 8:21:54 PM File: c:\windows\system32\drivers\megasas.sys//PE_Patch ok scanned
12/08/2009 8:21:54 PM File: c:\windows\system32\drivers\megasas.sys ok scanned
12/08/2009 8:21:54 PM File: c:\program files\microsoft office\office12\grooveauditservice.exe ok scanned
12/08/2009 8:21:54 PM File: c:\windows\system32\drivers\modem.sys ok scanned
12/08/2009 8:21:54 PM File: c:\windows\system32\drivers\monitor.sys ok scanned
12/08/2009 8:21:54 PM File: c:\windows\system32\drivers\mouclass.sys ok scanned
12/08/2009 8:21:54 PM File: c:\windows\system32\drivers\mouhid.sys ok scanned
12/08/2009 8:21:54 PM File: c:\windows\system32\drivers\mountmgr.sys ok scanned
12/08/2009 8:21:54 PM File: c:\windows\system32\drivers\mpio.sys ok scanned
12/08/2009 8:21:54 PM File: c:\windows\system32\drivers\mpsdrv.sys ok scanned
12/08/2009 8:21:54 PM File: c:\windows\system32\drivers\mraid35x.sys packed file PE_Patch
12/08/2009 8:21:54 PM File: c:\windows\system32\drivers\mraid35x.sys//PE_Patch ok scanned
12/08/2009 8:21:54 PM File: c:\windows\system32\drivers\mraid35x.sys ok scanned
12/08/2009 8:21:54 PM File: c:\windows\system32\drivers\mrxdav.sys ok scanned
12/08/2009 8:21:54 PM File: c:\windows\system32\drivers\mrxsmb.sys ok scanned
12/08/2009 8:21:54 PM File: c:\windows\system32\drivers\mrxsmb10.sys ok scanned
12/08/2009 8:21:54 PM File: c:\windows\system32\drivers\mrxsmb20.sys ok scanned
12/08/2009 8:21:54 PM File: c:\windows\system32\drivers\msahci.sys ok scanned
12/08/2009 8:21:54 PM File: c:\windows\system32\drivers\msdsm.sys ok scanned
12/08/2009 8:21:54 PM File: c:\windows\system32\msdtc.exe ok scanned
12/08/2009 8:21:54 PM File: c:\windows\system32\drivers\msisadrv.sys ok scanned
12/08/2009 8:21:54 PM File: c:\windows\system32\msiexec.exe ok scanned
12/08/2009 8:21:54 PM File: c:\windows\system32\drivers\mskssrv.sys ok scanned
12/08/2009 8:21:54 PM File: c:\windows\system32\drivers\mspclock.sys ok scanned
12/08/2009 8:21:54 PM File: c:\windows\system32\drivers\mspqm.sys ok scanned
12/08/2009 8:21:54 PM File: c:\windows\system32\drivers\mssmbios.sys ok scanned
12/08/2009 8:21:54 PM File: c:\windows\system32\drivers\mstee.sys ok scanned
12/08/2009 8:21:54 PM File: c:\windows\system32\drivers\mup.sys ok scanned
12/08/2009 8:21:54 PM File: c:\windows\system32\drivers\nwifi.sys ok scanned
12/08/2009 8:21:54 PM File: c:\windows\system32\drivers\ndis.sys ok scanned
12/08/2009 8:21:54 PM File: c:\windows\system32\drivers\ndistapi.sys ok scanned
12/08/2009 8:21:54 PM File: c:\windows\system32\drivers\ndisuio.sys ok scanned
12/08/2009 8:21:54 PM File: c:\windows\system32\drivers\ndiswan.sys ok scanned
12/08/2009 8:21:55 PM File: c:\windows\system32\drivers\netbios.sys ok scanned
12/08/2009 8:21:55 PM File: c:\windows\system32\drivers\netbt.sys ok scanned
12/08/2009 8:21:55 PM File: c:\windows\microsoft.net\framework\v3.0\windows communication foundation\smsvchost.exe ok scanned
12/08/2009 8:21:55 PM File: c:\windows\system32\drivers\netw2v32.sys packed file PE_Patch
12/08/2009 8:21:55 PM File: c:\windows\system32\drivers\netw2v32.sys//PE_Patch ok scanned
12/08/2009 8:21:55 PM File: c:\windows\system32\drivers\netw2v32.sys ok scanned
12/08/2009 8:21:55 PM File: c:\windows\system32\drivers\netw4v32.sys ok scanned
12/08/2009 8:21:55 PM File: c:\windows\system32\drivers\nfrd960.sys packed file PE_Patch
12/08/2009 8:21:55 PM File: c:\windows\system32\drivers\nfrd960.sys//PE_Patch ok scanned
12/08/2009 8:21:55 PM File: c:\windows\system32\drivers\nfrd960.sys ok scanned
12/08/2009 8:21:55 PM File: c:\windows\system32\drivers\nsiproxy.sys ok scanned
12/08/2009 8:21:55 PM File: c:\windows\system32\drivers\ntrigdigi.sys packed file PE_Patch
12/08/2009 8:21:55 PM File: c:\windows\system32\drivers\ntrigdigi.sys//PE_Patch ok scanned
12/08/2009 8:21:55 PM File: c:\windows\system32\drivers\ntrigdigi.sys ok scanned
12/08/2009 8:21:55 PM File: c:\windows\system32\drivers\nvraid.sys ok scanned
12/08/2009 8:21:55 PM File: c:\windows\system32\drivers\nvstor.sys ok scanned
12/08/2009 8:21:55 PM File: c:\windows\system32\drivers\nv_agp.sys ok scanned
12/08/2009 8:21:55 PM File: c:\program files\common files\microsoft shared\office12\odserv.exe ok scanned
12/08/2009 8:21:55 PM File: c:\windows\system32\drivers\ohci1394.sys ok scanned
12/08/2009 8:21:55 PM File: c:\program files\common files\microsoft shared\source engine\ose.exe ok scanned
12/08/2009 8:21:55 PM File: c:\windows\system32\drivers\parport.sys ok scanned
12/08/2009 8:21:55 PM File: c:\windows\system32\drivers\partmgr.sys ok scanned
12/08/2009 8:21:55 PM File: c:\windows\system32\drivers\parvdm.sys ok scanned
12/08/2009 8:21:55 PM File: c:\windows\system32\drivers\pci.sys ok scanned
12/08/2009 8:21:55 PM File: c:\windows\system32\drivers\pciide.sys ok scanned
12/08/2009 8:21:55 PM File: c:\windows\system32\drivers\pcmcia.sys ok scanned
12/08/2009 8:21:55 PM File: c:\windows\system32\drivers\peauth.sys ok scanned
12/08/2009 8:21:55 PM File: c:\windows\system32\drivers\raspptp.sys ok scanned
12/08/2009 8:21:55 PM File: c:\windows\system32\drivers\processr.sys ok scanned
12/08/2009 8:21:55 PM File: c:\windows\system32\drivers\pacer.sys ok scanned
12/08/2009 8:21:56 PM File: c:\windows\system32\drivers\ql2300.sys packed file PE_Patch
12/08/2009 8:21:56 PM File: c:\windows\system32\drivers\ql2300.sys//PE_Patch ok scanned
12/08/2009 8:21:56 PM File: c:\windows\system32\drivers\ql2300.sys ok scanned
12/08/2009 8:21:56 PM File: c:\windows\system32\drivers\ql40xx.sys packed file PE_Patch
12/08/2009 8:21:56 PM File: c:\windows\system32\drivers\ql40xx.sys//PE_Patch ok scanned
12/08/2009 8:21:56 PM File: c:\windows\system32\drivers\ql40xx.sys ok scanned
12/08/2009 8:21:56 PM File: c:\windows\system32\drivers\qwavedrv.sys ok scanned
12/08/2009 8:21:56 PM File: c:\windows\system32\drivers\rasacd.sys ok scanned
12/08/2009 8:21:56 PM File: c:\windows\system32\drivers\rasl2tp.sys ok scanned
12/08/2009 8:21:56 PM File: c:\windows\system32\drivers\raspppoe.sys ok scanned
12/08/2009 8:21:56 PM File: c:\windows\system32\drivers\rassstp.sys ok scanned
12/08/2009 8:21:56 PM File: c:\windows\system32\drivers\rdbss.sys ok scanned
12/08/2009 8:21:56 PM File: c:\windows\system32\drivers\rdpcdd.sys ok scanned
12/08/2009 8:21:56 PM File: c:\windows\system32\drivers\rdpdr.sys ok scanned
12/08/2009 8:21:56 PM File: c:\windows\system32\drivers\rdpencdd.sys ok scanned
12/08/2009 8:21:56 PM File: c:\windows\system32\locator.exe ok scanned
12/08/2009 8:21:56 PM File: c:\windows\system32\drivers\rspndr.sys ok scanned
12/08/2009 8:21:56 PM File: c:\windows\system32\drivers\rtlh86.sys ok scanned
12/08/2009 8:21:56 PM File: c:\windows\system32\drivers\rtstor.sys ok scanned
12/08/2009 8:21:56 PM File: c:\windows\system32\drivers\sbp2port.sys ok scanned
12/08/2009 8:21:56 PM File: c:\windows\system32\drivers\sdbus.sys ok scanned
12/08/2009 8:21:56 PM File: c:\windows\system32\sdrsvc.dll ok scanned
12/08/2009 8:21:56 PM File: c:\program files\microsoft\search enhancement pack\seaport\seaport.exe ok scanned
12/08/2009 8:21:56 PM File: c:\windows\system32\drivers\serenum.sys ok scanned
12/08/2009 8:21:56 PM File: c:\windows\system32\drivers\serial.sys ok scanned
12/08/2009 8:21:56 PM File: c:\windows\system32\drivers\sermouse.sys ok scanned
12/08/2009 8:21:56 PM File: c:\windows\system32\drivers\sffdisk.sys ok scanned
12/08/2009 8:21:56 PM File: c:\windows\system32\drivers\sffp_mmc.sys ok scanned
12/08/2009 8:21:56 PM File: c:\windows\system32\drivers\sffp_sd.sys ok scanned
12/08/2009 8:21:56 PM File: c:\windows\system32\drivers\sfloppy.sys ok scanned
12/08/2009 8:21:56 PM File: c:\windows\system32\drivers\sisagp.sys ok scanned
12/08/2009 8:21:56 PM File: c:\windows\system32\drivers\sisraid2.sys ok scanned
12/08/2009 8:21:57 PM File: c:\windows\system32\drivers\sisraid4.sys packed file PE_Patch
12/08/2009 8:21:57 PM File: c:\windows\system32\drivers\sisraid4.sys//PE_Patch ok scanned
12/08/2009 8:21:57 PM File: c:\windows\system32\drivers\sisraid4.sys ok scanned
12/08/2009 8:21:57 PM File: c:\windows\system32\slsvc.exe ok scanned
12/08/2009 8:21:57 PM File: c:\windows\system32\drivers\smb.sys ok scanned
12/08/2009 8:21:57 PM File: c:\windows\system32\snmptrap.exe ok scanned
12/08/2009 8:21:57 PM File: c:\windows\system32\spoolsv.exe ok scanned
12/08/2009 8:21:57 PM File: c:\windows\system32\drivers\srv.sys ok scanned
12/08/2009 8:21:57 PM File: c:\windows\system32\drivers\srv2.sys ok scanned
12/08/2009 8:21:57 PM File: c:\windows\system32\drivers\srvnet.sys ok scanned
12/08/2009 8:21:57 PM File: c:\windows\system32\drivers\stwrt.sys ok scanned
12/08/2009 8:21:57 PM File: c:\windows\system32\drivers\swenum.sys ok scanned
12/08/2009 8:21:57 PM File: c:\windows\system32\drivers\symc8xx.sys packed file PE_Patch
12/08/2009 8:21:57 PM File: c:\windows\system32\drivers\symc8xx.sys//PE_Patch ok scanned
12/08/2009 8:21:57 PM File: c:\windows\system32\drivers\symc8xx.sys ok scanned
12/08/2009 8:21:57 PM File: c:\windows\system32\drivers\sym_hi.sys packed file PE_Patch
12/08/2009 8:21:57 PM File: c:\windows\system32\drivers\sym_hi.sys//PE_Patch ok scanned
12/08/2009 8:21:57 PM File: c:\windows\system32\drivers\sym_hi.sys ok scanned
12/08/2009 8:21:57 PM File: c:\windows\system32\drivers\sym_u3.sys packed file PE_Patch
12/08/2009 8:21:57 PM File: c:\windows\system32\drivers\sym_u3.sys//PE_Patch ok scanned
12/08/2009 8:21:57 PM File: c:\windows\system32\drivers\sym_u3.sys ok scanned
12/08/2009 8:21:57 PM File: c:\windows\system32\drivers\syntp.sys ok scanned
12/08/2009 8:21:57 PM File: c:\windows\system32\drivers\tcpip.sys ok scanned
12/08/2009 8:21:57 PM File: C:\Windows\system32\drivers\tcpip.sys ok scanned
12/08/2009 8:21:57 PM File: c:\windows\system32\drivers\tcpipreg.sys ok scanned
12/08/2009 8:21:57 PM File: c:\windows\system32\drivers\tdpipe.sys ok scanned
12/08/2009 8:21:57 PM File: c:\windows\system32\drivers\tdtcp.sys ok scanned
12/08/2009 8:21:57 PM File: c:\windows\system32\drivers\tdx.sys ok scanned
12/08/2009 8:21:57 PM File: c:\windows\system32\drivers\termdd.sys ok scanned
12/08/2009 8:21:57 PM File: c:\windows\system32\drivers\tmactmon.sys ok scanned
12/08/2009 8:21:57 PM File: c:\program files\trend micro\bm\tmbmsrv.exe ok scanned
12/08/2009 8:21:57 PM File: c:\windows\system32\drivers\tmcomm.sys ok scanned
12/08/2009 8:21:58 PM File: c:\windows\system32\drivers\tmevtmgr.sys ok scanned
12/08/2009 8:21:58 PM File: c:\windows\system32\drivers\tssecsrv.sys ok scanned
12/08/2009 8:21:58 PM File: c:\windows\system32\drivers\tunmp.sys ok scanned
12/08/2009 8:21:58 PM File: c:\windows\system32\drivers\tunnel.sys ok scanned
12/08/2009 8:21:58 PM File: c:\windows\system32\drivers\uagp35.sys ok scanned
12/08/2009 8:21:58 PM File: c:\windows\system32\drivers\udfs.sys ok scanned
12/08/2009 8:21:58 PM File: c:\windows\system32\ui0detect.exe ok scanned
12/08/2009 8:21:58 PM File: c:\windows\system32\drivers\uliagpkx.sys ok scanned
12/08/2009 8:21:58 PM File: c:\windows\system32\drivers\uliahci.sys packed file PE_Patch
12/08/2009 8:21:58 PM File: c:\windows\system32\drivers\uliahci.sys//PE_Patch ok scanned
12/08/2009 8:21:58 PM File: c:\windows\system32\drivers\uliahci.sys ok scanned
12/08/2009 8:21:58 PM File: c:\windows\system32\drivers\ulsata.sys ok scanned
12/08/2009 8:21:58 PM File: c:\windows\system32\drivers\ulsata2.sys ok scanned
12/08/2009 8:21:58 PM File: c:\windows\system32\drivers\umbus.sys ok scanned
12/08/2009 8:21:58 PM File: c:\windows\system32\drivers\usbaapl.sys ok scanned
12/08/2009 8:21:58 PM File: c:\windows\system32\drivers\usbccgp.sys ok scanned
12/08/2009 8:21:58 PM File: c:\windows\system32\drivers\usbcir.sys ok scanned
12/08/2009 8:21:58 PM File: c:\windows\system32\drivers\usbehci.sys ok scanned
12/08/2009 8:21:58 PM File: c:\windows\system32\drivers\usbhub.sys ok scanned
12/08/2009 8:21:58 PM File: c:\windows\system32\drivers\usbohci.sys ok scanned
12/08/2009 8:21:58 PM File: c:\windows\system32\drivers\usbprint.sys ok scanned
12/08/2009 8:21:58 PM File: c:\windows\system32\drivers\usbscan.sys ok scanned
12/08/2009 8:21:58 PM File: c:\windows\system32\drivers\usbstor.sys ok scanned
12/08/2009 8:21:58 PM File: c:\windows\system32\drivers\usbuhci.sys ok scanned
12/08/2009 8:21:58 PM File: c:\windows\system32\drivers\usbvideo.sys ok scanned
12/08/2009 8:21:58 PM File: c:\windows\system32\drivers\uvcftr_s.sys ok scanned
12/08/2009 8:21:58 PM File: c:\windows\system32\vds.exe ok scanned
12/08/2009 8:21:58 PM File: c:\windows\system32\drivers\vgapnp.sys ok scanned
12/08/2009 8:21:58 PM File: c:\windows\system32\drivers\vga.sys ok scanned
12/08/2009 8:21:58 PM File: c:\windows\system32\drivers\viaagp.sys ok scanned
12/08/2009 8:21:58 PM File: c:\windows\system32\drivers\viac7.sys ok scanned
12/08/2009 8:21:58 PM File: c:\windows\system32\drivers\viaide.sys ok scanned
12/08/2009 8:21:58 PM File: c:\windows\system32\drivers\volmgr.sys ok scanned
12/08/2009 8:21:58 PM File: c:\windows\system32\drivers\volmgrx.sys ok scanned
12/08/2009 8:21:58 PM File: c:\windows\system32\drivers\volsnap.sys ok scanned
12/08/2009 8:21:58 PM File: c:\windows\system32\drivers\vsmraid.sys ok scanned
12/08/2009 8:21:59 PM File: c:\windows\system32\vssvc.exe ok scanned
12/08/2009 8:21:59 PM File: c:\windows\system32\drivers\wacompen.sys ok scanned
12/08/2009 8:21:59 PM File: c:\windows\system32\drivers\wanarp.sys ok scanned
12/08/2009 8:21:59 PM File: C:\Windows\system32\drivers\wanarp.sys ok scanned
12/08/2009 8:21:59 PM File: c:\windows\system32\drivers\wd.sys ok scanned
12/08/2009 8:21:59 PM File: c:\windows\system32\drivers\wdf01000.sys ok scanned
12/08/2009 8:21:59 PM File: c:\windows\system32\drivers\wmiacpi.sys ok scanned
12/08/2009 8:21:59 PM File: c:\windows\system32\wbem\wmiapsrv.exe ok scanned
12/08/2009 8:21:59 PM File: c:\program files\windows media player\wmpnetwk.exe ok scanned
12/08/2009 8:21:59 PM File: c:\windows\system32\drivers\wpdusb.sys ok scanned
12/08/2009 8:21:59 PM File: c:\windows\system32\drivers\ws2ifsl.sys ok scanned
12/08/2009 8:21:59 PM File: c:\windows\system32\searchindexer.exe ok scanned
12/08/2009 8:21:59 PM File: c:\windows\system32\drivers\wudfrd.sys ok scanned
12/08/2009 8:21:59 PM File: C:\Windows\system32\drivers\ac97intc.sys packed file PE_Patch
12/08/2009 8:21:59 PM File: C:\Windows\system32\drivers\ac97intc.sys//PE_Patch ok scanned
12/08/2009 8:21:59 PM File: C:\Windows\system32\drivers\ac97intc.sys ok scanned
12/08/2009 8:21:59 PM File: C:\Windows\system32\drivers\acpi.sys ok scanned
12/08/2009 8:21:59 PM File: C:\Windows\system32\drivers\agrsm.sys ok scanned
12/08/2009 8:21:59 PM File: C:\Windows\system32\drivers\asyncmac.sys ok scanned
12/08/2009 8:21:59 PM File: C:\Windows\system32\drivers\atapi.sys ok scanned
12/08/2009 8:21:59 PM File: C:\Windows\system32\drivers\bcm4sbxp.sys packed file PE_Patch
12/08/2009 8:21:59 PM File: C:\Windows\system32\drivers\bcm4sbxp.sys//PE_Patch ok scanned
12/08/2009 8:21:59 PM File: C:\Windows\system32\drivers\bcm4sbxp.sys ok scanned
12/08/2009 8:21:59 PM File: C:\Windows\system32\drivers\bowser.sys ok scanned
12/08/2009 8:21:59 PM File: C:\Windows\system32\drivers\cdfs.sys ok scanned
12/08/2009 8:21:59 PM File: C:\Windows\system32\drivers\cdrom.sys ok scanned
12/08/2009 8:21:59 PM File: C:\Windows\system32\clfs.sys ok scanned
12/08/2009 8:22:00 PM File: C:\Windows\system32\drivers\cmbatt.sys ok scanned
12/08/2009 8:22:00 PM File: C:\Windows\system32\drivers\compbatt.sys ok scanned
12/08/2009 8:22:00 PM File: C:\Windows\system32\drivers\crcdisk.sys ok scanned
12/08/2009 8:22:00 PM File: C:\Windows\system32\drivers\dfsc.sys ok scanned
12/08/2009 8:22:00 PM File: C:\Windows\system32\drivers\disk.sys ok scanned
12/08/2009 8:22:00 PM File: C:\Windows\system32\drivers\dot4.sys ok scanned
12/08/2009 8:22:00 PM File: C:\Windows\system32\drivers\dot4prt.sys ok scanned
12/08/2009 8:22:00 PM File: C:\Windows\system32\drivers\dot4usb.sys ok scanned
12/08/2009 8:22:00 PM File: C:\Windows\system32\drivers\drmkaud.sys ok scanned
12/08/2009 8:22:00 PM File: C:\Windows\system32\drivers\e1g60i32.sys packed file PE_Patch
12/08/2009 8:22:00 PM File: C:\Windows\system32\drivers\e1g60i32.sys//PE_Patch ok scanned
12/08/2009 8:22:00 PM File: C:\Windows\system32\drivers\e1g60i32.sys ok scanned
12/08/2009 8:22:00 PM File: C:\Windows\system32\drivers\ecache.sys ok scanned
12/08/2009 8:22:00 PM File: C:\Windows\system32\drivers\fdc.sys ok scanned
12/08/2009 8:22:00 PM File: C:\Windows\system32\drivers\fileinfo.sys ok scanned
12/08/2009 8:22:00 PM File: C:\Windows\system32\drivers\filetrace.sys ok scanned
12/08/2009 8:22:00 PM File: C:\Windows\system32\drivers\flpydisk.sys ok scanned
12/08/2009 8:22:00 PM File: C:\Windows\system32\drivers\fltmgr.sys ok scanned
12/08/2009 8:22:00 PM File: C:\Windows\system32\drivers\fssfltr.sys ok scanned
12/08/2009 8:22:00 PM File: C:\Windows\system32\drivers\gearaspiwdm.sys ok scanned
12/08/2009 8:22:00 PM File: C:\Windows\system32\drivers\hdaudio.sys ok scanned
12/08/2009 8:22:00 PM File: C:\Windows\system32\drivers\hdaudbus.sys ok scanned
12/08/2009 8:22:00 PM File: C:\Windows\system32\drivers\hidusb.sys ok scanned
12/08/2009 8:22:00 PM File: C:\Windows\system32\drivers\http.sys ok scanned
12/08/2009 8:22:00 PM File: C:\Windows\system32\drivers\i8042prt.sys ok scanned
12/08/2009 8:22:00 PM File: C:\Windows\system32\drivers\ialmnt5.sys ok scanned
12/08/2009 8:22:00 PM File: C:\Windows\system32\drivers\iastor.sys ok scanned
12/08/2009 8:22:00 PM File: C:\Windows\system32\drivers\igdkmd32.sys ok scanned
12/08/2009 8:22:00 PM File: C:\Windows\system32\drivers\intelide.sys ok scanned
12/08/2009 8:22:00 PM File: C:\Windows\system32\drivers\intelppm.sys ok scanned
12/08/2009 8:22:00 PM File: C:\Windows\system32\drivers\ipfltdrv.sys ok scanned
12/08/2009 8:22:00 PM File: C:\Windows\system32\drivers\ipnat.sys ok scanned
12/08/2009 8:22:00 PM File: C:\Windows\system32\drivers\irenum.sys ok scanned
12/08/2009 8:22:01 PM File: c:\windows\system32\drivers\61613178.sys ok scanned
12/08/2009 8:22:01 PM File: C:\Windows\system32\drivers\msiscsi.sys ok scanned
12/08/2009 8:22:01 PM File: C:\Windows\system32\drivers\kbdclass.sys ok scanned
12/08/2009 8:22:01 PM File: C:\Windows\system32\drivers\ksecdd.sys ok scanned
12/08/2009 8:22:01 PM File: C:\Windows\system32\drivers\lltdio.sys ok scanned
12/08/2009 8:22:01 PM File: C:\Windows\system32\drivers\modem.sys ok scanned
12/08/2009 8:22:01 PM File: C:\Windows\system32\drivers\monitor.sys ok scanned
12/08/2009 8:22:01 PM File: C:\Windows\system32\drivers\mouclass.sys ok scanned
12/08/2009 8:22:01 PM File: C:\Windows\system32\drivers\mouhid.sys ok scanned
12/08/2009 8:22:01 PM File: C:\Windows\system32\drivers\mountmgr.sys ok scanned
12/08/2009 8:22:01 PM File: C:\Windows\system32\drivers\mpsdrv.sys ok scanned
12/08/2009 8:22:01 PM File: C:\Windows\system32\drivers\mrxsmb.sys ok scanned
12/08/2009 8:22:01 PM File: C:\Windows\system32\drivers\mrxsmb10.sys ok scanned
12/08/2009 8:22:01 PM File: C:\Windows\system32\drivers\mrxsmb20.sys ok scanned
12/08/2009 8:22:01 PM File: C:\Windows\system32\drivers\msahci.sys ok scanned
12/08/2009 8:22:01 PM File: C:\Windows\system32\drivers\msisadrv.sys ok scanned
12/08/2009 8:22:01 PM File: C:\Windows\system32\drivers\mskssrv.sys ok scanned
12/08/2009 8:22:01 PM File: C:\Windows\system32\drivers\mspclock.sys ok scanned
12/08/2009 8:22:01 PM File: C:\Windows\system32\drivers\mspqm.sys ok scanned
12/08/2009 8:22:01 PM File: C:\Windows\system32\drivers\mssmbios.sys ok scanned
12/08/2009 8:22:01 PM File: C:\Windows\system32\drivers\mstee.sys ok scanned
12/08/2009 8:22:01 PM File: C:\Windows\system32\drivers\mup.sys ok scanned
12/08/2009 8:22:01 PM File: C:\Windows\system32\drivers\nwifi.sys ok scanned
12/08/2009 8:22:01 PM File: C:\Windows\system32\drivers\ndis.sys ok scanned
12/08/2009 8:22:01 PM File: C:\Windows\system32\drivers\ndistapi.sys ok scanned
12/08/2009 8:22:01 PM File: C:\Windows\system32\drivers\ndisuio.sys ok scanned
12/08/2009 8:22:01 PM File: C:\Windows\system32\drivers\ndiswan.sys ok scanned
12/08/2009 8:22:01 PM File: C:\Windows\system32\drivers\netbios.sys ok scanned
12/08/2009 8:22:01 PM File: C:\Windows\system32\drivers\netbt.sys ok scanned
12/08/2009 8:22:01 PM File: C:\Windows\system32\drivers\netw2v32.sys packed file PE_Patch
12/08/2009 8:22:01 PM File: C:\Windows\system32\drivers\netw2v32.sys//PE_Patch ok scanned
12/08/2009 8:22:01 PM File: C:\Windows\system32\drivers\netw2v32.sys ok scanned
12/08/2009 8:22:01 PM File: C:\Windows\system32\drivers\netw4v32.sys ok scanned
12/08/2009 8:22:01 PM File: C:\Windows\system32\drivers\nsiproxy.sys ok scanned
12/08/2009 8:22:01 PM File: C:\Windows\system32\drivers\ohci1394.sys ok scanned
12/08/2009 8:22:01 PM File: C:\Windows\system32\drivers\partmgr.sys ok scanned
12/08/2009 8:22:02 PM File: C:\Windows\system32\drivers\pci.sys ok scanned
12/08/2009 8:22:02 PM File: C:\Windows\system32\drivers\peauth.sys ok scanned
12/08/2009 8:22:02 PM File: C:\Windows\system32\drivers\raspptp.sys ok scanned
12/08/2009 8:22:02 PM File: C:\Windows\system32\drivers\pacer.sys ok scanned
12/08/2009 8:22:02 PM File: C:\Windows\system32\drivers\rasacd.sys ok scanned
12/08/2009 8:22:02 PM File: C:\Windows\system32\drivers\rasl2tp.sys ok scanned
12/08/2009 8:22:02 PM File: C:\Windows\system32\drivers\raspppoe.sys ok scanned
12/08/2009 8:22:02 PM File: C:\Windows\system32\drivers\rassstp.sys ok scanned
12/08/2009 8:22:02 PM File: C:\Windows\system32\drivers\rdbss.sys ok scanned
12/08/2009 8:22:02 PM File: C:\Windows\system32\drivers\rdpcdd.sys ok scanned
12/08/2009 8:22:02 PM File: C:\Windows\system32\drivers\rdpencdd.sys ok scanned
12/08/2009 8:22:02 PM File: C:\Windows\system32\regsvc.dll ok scanned
12/08/2009 8:22:02 PM File: C:\Windows\system32\drivers\rspndr.sys ok scanned
12/08/2009 8:22:02 PM File: C:\Windows\system32\drivers\rtlh86.sys ok scanned
12/08/2009 8:22:02 PM File: C:\Windows\system32\drivers\rtstor.sys ok scanned
12/08/2009 8:22:02 PM File: C:\Windows\system32\drivers\sdbus.sys ok scanned
12/08/2009 8:22:02 PM File: C:\Windows\system32\sdrsvc.dll ok scanned
12/08/2009 8:22:02 PM File: c:\program files\trend micro\internet security\sfctlcom.exe ok scanned
12/08/2009 8:22:02 PM File: C:\Windows\system32\drivers\smb.sys ok scanned
12/08/2009 8:22:02 PM File: c:\windows\system32\drivers\sptd.sys skipped locked
12/08/2009 8:22:02 PM File: C:\Windows\system32\drivers\srv.sys ok scanned
12/08/2009 8:22:02 PM File: C:\Windows\system32\drivers\srv2.sys ok scanned
12/08/2009 8:22:02 PM File: C:\Windows\system32\drivers\srvnet.sys ok scanned
12/08/2009 8:22:02 PM File: C:\Windows\system32\drivers\stwrt.sys ok scanned
12/08/2009 8:22:02 PM File: C:\Windows\system32\drivers\swenum.sys ok scanned
12/08/2009 8:22:02 PM File: C:\Windows\system32\swprv.dll ok scanned
12/08/2009 8:22:02 PM File: C:\Windows\system32\drivers\syntp.sys ok scanned
12/08/2009 8:22:02 PM File: C:\Windows\system32\drivers\tcpipreg.sys ok scanned
12/08/2009 8:22:02 PM File: C:\Windows\system32\drivers\tdpipe.sys ok scanned
12/08/2009 8:22:02 PM File: C:\Windows\system32\drivers\tdtcp.sys ok scanned
12/08/2009 8:22:03 PM File: C:\Windows\system32\drivers\tdx.sys ok scanned
12/08/2009 8:22:03 PM File: C:\Windows\system32\drivers\termdd.sys ok scanned
12/08/2009 8:22:03 PM File: C:\Windows\system32\drivers\tmactmon.sys ok scanned
12/08/2009 8:22:03 PM File: C:\Windows\system32\drivers\tmcomm.sys ok scanned
12/08/2009 8:22:03 PM File: C:\Windows\system32\drivers\tmevtmgr.sys ok scanned
12/08/2009 8:22:03 PM File: c:\windows\system32\drivers\tmlwf.sys ok scanned
12/08/2009 8:22:03 PM File: c:\program files\trend micro\internet security\tmpfw.exe ok scanned
12/08/2009 8:22:03 PM File: c:\windows\system32\drivers\tmpreflt.sys ok scanned
12/08/2009 8:22:03 PM File: c:\program files\trend micro\internet security\tmproxy.exe ok scanned
12/08/2009 8:22:03 PM File: c:\windows\system32\drivers\tmtdi.sys ok scanned
12/08/2009 8:22:03 PM File: c:\windows\system32\drivers\tmwfp.sys ok scanned
12/08/2009 8:22:03 PM File: c:\windows\system32\drivers\tmxpflt.sys ok scanned
12/08/2009 8:22:03 PM File: C:\Windows\system32\drivers\tssecsrv.sys ok scanned
12/08/2009 8:22:03 PM File: C:\Windows\system32\drivers\tunmp.sys ok scanned
12/08/2009 8:22:03 PM File: C:\Windows\system32\drivers\tunnel.sys ok scanned
12/08/2009 8:22:03 PM File: C:\Windows\system32\drivers\udfs.sys ok scanned
12/08/2009 8:22:03 PM File: C:\Windows\system32\drivers\umbus.sys ok scanned
12/08/2009 8:22:03 PM File: C:\Windows\system32\drivers\usbaapl.sys ok scanned
12/08/2009 8:22:03 PM File: C:\Windows\system32\drivers\usbccgp.sys ok scanned
12/08/2009 8:22:03 PM File: C:\Windows\system32\drivers\usbehci.sys ok scanned
12/08/2009 8:22:03 PM File: C:\Windows\system32\drivers\usbhub.sys ok scanned
12/08/2009 8:22:03 PM File: C:\Windows\system32\drivers\usbprint.sys ok scanned
12/08/2009 8:22:03 PM File: C:\Windows\system32\drivers\usbscan.sys ok scanned
12/08/2009 8:22:03 PM File: C:\Windows\system32\drivers\usbstor.sys ok scanned
12/08/2009 8:22:03 PM File: C:\Windows\system32\drivers\usbuhci.sys ok scanned
12/08/2009 8:22:03 PM File: C:\Windows\system32\drivers\usbvideo.sys ok scanned
12/08/2009 8:22:03 PM File: c:\windows\system32\drivers\uti4njex.sys ok scanned
12/08/2009 8:22:03 PM File: C:\Windows\system32\drivers\uvcftr_s.sys ok scanned
12/08/2009 8:22:04 PM File: C:\Windows\system32\drivers\vgapnp.sys ok scanned
12/08/2009 8:22:04 PM File: C:\Windows\system32\drivers\volmgr.sys ok scanned
12/08/2009 8:22:04 PM File: C:\Windows\system32\drivers\volmgrx.sys ok scanned
12/08/2009 8:22:04 PM File: C:\Windows\system32\drivers\volsnap.sys ok scanned
12/08/2009 8:22:04 PM File: c:\windows\system32\drivers\vsapint.sys ok scanned
12/08/2009 8:22:04 PM File: C:\Windows\system32\drivers\wdf01000.sys ok scanned
12/08/2009 8:22:04 PM File: C:\Windows\system32\drivers\wpdusb.sys ok scanned
12/08/2009 8:22:04 PM File: C:\Windows\system32\drivers\wudfrd.sys ok scanned
12/08/2009 8:22:04 PM File: C:\Windows\system32\drivers\sptd.sys skipped locked
12/08/2009 8:22:04 PM File: C:\Windows\system32\drivers\tmlwf.sys ok scanned
12/08/2009 8:22:04 PM File: C:\Windows\system32\drivers\tmpreflt.sys ok scanned
12/08/2009 8:22:04 PM File: C:\Windows\system32\drivers\tmtdi.sys ok scanned
12/08/2009 8:22:04 PM File: C:\Windows\system32\drivers\tmwfp.sys ok scanned
12/08/2009 8:22:04 PM File: C:\Windows\system32\drivers\tmxpflt.sys ok scanned
12/08/2009 8:22:04 PM File: C:\Windows\system32\drivers\vsapint.sys ok scanned
12/08/2009 8:22:05 PM File: c:\windows\system32\autochk.exe ok scanned
12/08/2009 8:22:05 PM File: C:\Windows\system32\autochk.exe skipped processing stopped
12/08/2009 8:25:27 PM File: c:\windows\system32\ntvdm.exe ok scanned
12/08/2009 8:25:27 PM File: C:\Windows\system32\ntvdm.exe ok scanned


Statistics
----------
Object Scanned Detected Untreated Deleted Moved to Quarantine Archives Packed files Password protected Corrupted
------ ------- -------- --------- ------- ------------------- -------- ------------ ------------------ ---------


Settings
--------
Parameter Value
--------- -----
Security Level Custom
Action Prompt for action when the scan is complete
Run mode Manually
File types Scan all files
Scan only new and changed files No
Scan archives All
Scan embedded OLE objects All
Skip if object is larger than No
Skip if scan takes longer than No
Parse email formats No
Scan password-protected archives No
Enable iChecker technology No
Enable iSwift technology No
Show detected threats on "Detected" tab Yes
Rootkits search Yes
Deep rootkits search Yes
Use heuristic analyzer Yes


Quarantine
----------
Status Object Size Added
------ ------ ---- -----


Backup
------
Status Object Size
------ ------ ----
  • 0

#74
chamber
Posted 13 August 2009 - 04:15 PM

chamber

    Face Burnin' Malware Fighter

  • Visiting Consultant
  • 2,712 posts
Hi Cdn_Red,

Are things running ok now?

Now for the good news,

Congratulations your logs appear clean!! :)

Clean up

Follow these steps to uninstall Combofix and tools used in the removal of malware
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    Posted Image

  • Download OTC to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.

Browsers

Just because your computer came loaded with Internet Explorer doesn't mean that you have to use it, there are other free alternatives, FIREFOX and OPERA, both are free to use and are more secure than IE.

If you are using firefox you can stay more secure by adding NoScript and WOT (Web Of Trust)

NoScript stops Java scripts from starting on a web page unless you give permission for them, and WOT (Web Of Trust) has a comprehensive list of ratings for different websites allowing you to easily see if a website that you are about to go to has a bad reputation; in fact it will warn you to check if you are sure that you want to continue to a bad website.
  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialize and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • Change the Navigate sub-frames across different domains to Prompt
  • When all these settings have been made, click on the OK button
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Next press the Apply button and then the OK to exit the Internet Properties page.

Additional Security Measures

Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

SpywareBlaster- SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

You should have a good anti spyware program - We recommend MalwareBytes Anti-Malware and SUPERAntiSpyware

MVPS Hosts file The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer

Winpatrol Download and install the free version of Winpatrol. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.

Spring Cleaning

TFC - Temp File Cleaner by OldTimer - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders

Auslogics Disc Defrag or JKDefrag - Two good disc defragmenters for you to choose from.

Also, please read this great article by Tony Klein So How Did I Get Infected In First Place
  • 0

#75
Cdn_Red
Posted 13 August 2009 - 06:53 PM

Cdn_Red

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Things have been running GREAT! Thank you so, so much for your help and for the advice. I have passed it along to the concerned party as well...

I have long been a fan of Firefox. I have been lucky and been virus- or malware-free for a long time but will still really benefit from your advice. There are some sneaky things out there!

Again, thank you so much.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP