Inaccessable sites usually present some version of "server not found".
I cannot access many of my book-marked sites. The url's are good.
I can access a few sites, including Google, The Drudge Report and Geeks to Go.
From a search, it is hit or miss, whether any individual link will take me to the respective site.
A WIFI connection provided normal access.
The problem affects DSL connections, as well as a 2-way satellite connection, with a phone line for upload, and the satellite for download.
This problem started when I downloaded Firefox 3.5, Summer 2009.
About the same time, I updated Windows Vista, and acquired Internet Explorer v. 8, in the process?
There was no improvement, with updates to Firefox 3.5.1 and 3.5.2.
There was no improvement when reverting back to version 3, or the latest update to version 2.
The current version is Firefox 3.6.3, and I just updated Windows.
I just uninstalled Comodo Internet Security, since I had issues with current and previous versions. May be operator error ...
And, I've just downloaded Avast, to install later. SuperAntiSpyware shows no problems.
There are others with the same or similar problem, and no solution.
I do not think this is a problem with Firefox or malware, since I had no problems, at the time of the download and installation.
I believe I have followed the steps noted in the guidelines, with the exception of GMER. I'm posting the result from the original scan.
After a half dozen attempts, last night, I gave up. The last 2 or 3 attempts resulted in the BSOD - Blue Screen & reboot.
Any ideas?
Ran TFC, ERUNT & SuperAntiSpyware.
The problem continues, after re-booting.Malwarebytes' Anti-Malware 1.44
Database version: 3704
Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18702
4/9/2010 1:21:23 AM
mbam-log-2010-04-09 (01-21-23).txt
Scan type: Quick Scan
Objects scanned: 99944
Time elapsed: 5 minute(s), 0 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Process lsass.exe Local Security Authority Process (Microsoft) started consuming 99% of CPU power.
I'm not sure if the high cpu consumption started before, or at the time that I seemed to accidently hit the save button, to save the presentation from the initial load of GMER.
The first time I ran GMER, there was no problem.
I've hardly used the computer, since the Summer of 2009. And very little, since the original scan.
I finally killed the lsass.exe process, then, Windows Logon Application started consuming 50% of the CPU. Host Process for Windows Services started consuming 40% to 49% of the cpu, when I loaded the Services
I could not find this lsass.exe process in the computer's Services Control screen.
Peer functions are all disabled.
I gave up on this session of GMERGMER Scan Log - January 31, 2010
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-31 18:03:20
Windows 6.0.6001 Service Pack 1
Running: gmer.exe; Driver: C:\Users\me\AppData\Local\Temp\pxldypoc.sys
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
Device \Driver\tdx \Device\Tcp socketlock.sys
AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
Device \Driver\tdx \Device\RawIp6 socketlock.sys
Device \Driver\tdx \Device\Tcp6 socketlock.sys
Device \Driver\tdx \Device\Tdx socketlock.sys
Device \Driver\tdx \Device\Udp socketlock.sys
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
Device \Driver\tdx \Device\RawIp socketlock.sys
Device \Driver\tdx \Device\Udp6 socketlock.sys
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
From the efforts of Friday night...
2nd Blue Screen - BSOD
Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.0.6001.2.1.0.768.3
Locale ID: 1033
Additional information about the problem:
BCCode: 10000050
BCP1: A805800B
BCP2: 00000000
BCP3: 9CE47F60
BCP4: 00000000
OS Version: 6_0_6001
Service Pack: 1_0
Product: 768_1
Files that help describe the problem:
C:\Windows\Minidump\Mini041010-02.dmp
C:\Users\me\AppData\Local\Temp\WER-43820-0.sysdata.xml
C:\Users\me\AppData\Local\Temp\WERCD1D.tmp.version.txt
I had other issues with Comodo Internet Security, and uninstalled it.
On re-boot, I was able to access a forum that I had been unable to get into.
After loading a handful of threads, I got the "server not found" error page, and could no longer load threads.
OTL
OTL logfile created on: 4/10/2010 2:50:27 AM - Run 2
OTL by OldTimer - Version 3.1.27.1 Folder = C:\Users\me\Desktop\Tech\Applications
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 72.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 80.23 Gb Total Space | 30.93 Gb Free Space | 38.56% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.69 Gb Free Space | 56.88% Space Free | Partition Type: NTFS
Drive E: | 2.43 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
Drive G: | 15.41 Mb Total Space | 15.41 Mb Free Space | 100.00% Space Free | Partition Type: FAT
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive V: | 78.24 Mb Total Space | 71.09 Mb Free Space | 90.86% Space Free | Partition Type: FAT
Computer Name: ME-PC
Current User Name: me
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2010/01/31 16:40:11 | 000,548,864 | ---- | M] (OldTimer Tools) -- C:\Users\me\Desktop\Tech\Applications\OTL.exe
PRC - [2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/19 02:33:33 | 000,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe
PRC - [2007/12/12 01:02:14 | 000,024,064 | ---- | M] () -- C:\Windows\System32\WLTRYSVC.EXE
PRC - [2007/12/12 01:02:12 | 003,444,736 | ---- | M] (Dell Inc.) -- C:\Windows\System32\WLTRAY.EXE
PRC - [2007/12/12 01:01:26 | 002,506,752 | ---- | M] (Dell Inc.) -- C:\Windows\System32\BCMWLTRY.EXE
PRC - [2007/09/07 13:25:12 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007/09/07 13:23:36 | 000,405,504 | ---- | M] (IDT, Inc.) -- C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
PRC - [2007/07/27 17:43:34 | 000,118,784 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
PRC - [2007/04/27 19:35:28 | 000,857,648 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2007/02/14 11:35:36 | 000,124,488 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom\BACS\BacsTray.exe
PRC - [2006/11/05 12:13:00 | 000,159,744 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
PRC - [2006/08/04 19:39:20 | 000,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe
========== Modules (SafeList) ==========
MOD - [2010/01/31 16:40:11 | 000,548,864 | ---- | M] (OldTimer Tools) -- C:\Users\me\Desktop\Tech\Applications\OTL.exe
MOD - [2008/01/19 02:26:34 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Disabled | Stopped] -- -- (gupdate1c98d2b2e13c40e) Google Update Service (gupdate1c98d2b2e13c40e)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/12 01:02:14 | 000,024,064 | ---- | M] () [Auto | Running] -- C:\Windows\System32\WLTRYSVC.EXE -- (wltrysvc)
SRV - [2007/09/07 13:25:12 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007/08/29 16:25:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
SRV - [2007/08/14 03:40:52 | 000,593,920 | ---- | M] (ATI Technologies Inc.) [On_Demand | Stopped] -- C:\Windows\System32\Ati2evxx.exe -- (Ati External Event Utility)
SRV - [2007/07/11 09:15:58 | 000,202,800 | ---- | M] (SupportSoft, Inc.) [On_Demand | Stopped] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2007/05/31 10:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 10:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/03/19 13:44:44 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2007/03/13 01:23:18 | 000,225,280 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Stopped] -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2007/03/13 01:23:18 | 000,131,072 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Stopped] -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2006/11/08 15:35:38 | 000,053,248 | ---- | M] (Hewlett-Packard) [On_Demand | Stopped] -- C:\Windows\System32\HPZipm12.dll -- (Pml Driver HPZ12)
SRV - [2006/11/08 15:35:36 | 000,043,520 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Windows\System32\HPZinw12.dll -- (Net Driver HPZ12)
SRV - [2006/11/05 12:15:12 | 000,880,640 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9)
SRV - [2006/11/05 12:13:00 | 000,159,744 | ---- | M] (Sonic Solutions) [Auto | Running] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -- (RoxWatch9)
SRV - [2006/11/02 07:35:29 | 000,013,312 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2006/09/14 15:54:34 | 000,073,728 | ---- | M] (MicroVision Development, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr)
SRV - [2006/08/04 19:39:20 | 000,386,560 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\drivers\XAudio.exe -- (XAudioService)
SRV - [2004/10/22 04:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.openintab: true
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..extensions.enabledItems: {ada4b710-8346-4b82-8199-5de2b400a6ae}:1.9.7
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.2
FF - prefs.js..extensions.enabledItems: {9669CC8F-B388-42FE-86F4-CB5E7F5A8BDC}:6.0.4
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.50
FF - prefs.js..extensions.enabledItems: [email protected]:1.1
FF - prefs.js..extensions.enabledItems: [email protected]:3.5.6
FF - prefs.js..extensions.enabledItems: {A6A0B3F6-6D2D-4c55-96C1-7481BEA2EBF8}:2.1.73
FF - prefs.js..extensions.enabledItems: {C0CB8BA3-6C1B-47e8-A6AB-1FAB889562D9}:0.6.0.5
FF - prefs.js..extensions.enabledItems: {1f91cde0-c040-11da-a94d-0800200c9a66}:3.0.4
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.6
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.47
FF - prefs.js..extensions.enabledItems: {4BBDD651-70CF-4821-84F8-2B918CF89CA3}:6.3.2
FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.11.2
FF - prefs.js..extensions.enabledItems: [email protected]:2.0.3
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/31 22:54:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/31 22:54:47 | 000,000,000 | ---D | M]
[2010/01/31 01:17:26 | 000,000,000 | ---D | M] -- C:\Users\me\AppData\Roaming\Mozilla\Extensions
[2010/04/09 01:23:04 | 000,000,000 | ---D | M] -- C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\06lrcbk0.default\extensions
[2009/11/23 04:11:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\06lrcbk0.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
[2010/03/02 21:13:01 | 000,000,000 | ---D | M] (RSS Ticker) -- C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\06lrcbk0.default\extensions\{1f91cde0-c040-11da-a94d-0800200c9a66}
[2009/11/23 04:11:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\06lrcbk0.default\extensions\{37fa1426-b82d-11db-8314-0800200c9a66}
[2010/03/02 23:09:56 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\06lrcbk0.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2010/03/02 21:12:59 | 000,000,000 | ---D | M] (FEBE) -- C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\06lrcbk0.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2009/11/23 04:11:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\06lrcbk0.default\extensions\{69574B2C-CFBB-469f-9E09-90DCEEBAAC9D}
[2009/11/23 04:11:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\06lrcbk0.default\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}
[2010/03/02 21:13:03 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\06lrcbk0.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009/11/23 04:11:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\06lrcbk0.default\extensions\{8585C31E-1E94-4498-ACEC-CB913A05FC52}
[2009/11/23 04:11:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\06lrcbk0.default\extensions\{91F18F4A-F54E-11DA-87E0-B9A0C6649067}
[2010/03/02 21:13:04 | 000,000,000 | ---D | M] (MR Tech Toolkit) -- C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\06lrcbk0.default\extensions\{9669CC8F-B388-42FE-86F4-CB5E7F5A8BDC}
[2009/11/23 04:11:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\06lrcbk0.default\extensions\{A4BD3865-2EAB-456F-8CC5-94616F8F65D3}
[2010/03/02 21:13:02 | 000,000,000 | ---D | M] (Date Picker/Calendar) -- C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\06lrcbk0.default\extensions\{A6A0B3F6-6D2D-4c55-96C1-7481BEA2EBF8}
[2010/03/02 21:13:05 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\06lrcbk0.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2010/03/02 21:13:01 | 000,000,000 | ---D | M] (QuickNote) -- C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\06lrcbk0.default\extensions\{C0CB8BA3-6C1B-47e8-A6AB-1FAB889562D9}
[2010/03/02 21:13:04 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\06lrcbk0.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/03/02 21:13:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\06lrcbk0.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2009/11/23 04:11:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\06lrcbk0.default\extensions\{d84a846d-f7cb-4187-a408-b171020e8940}
[2010/03/02 21:13:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\06lrcbk0.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2009/11/23 04:11:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\06lrcbk0.default\extensions\{F807FACD-E46A-4793-B345-D58CB177673C}
[2009/11/23 04:11:55 | 000,000,000 | ---D | M] -- C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\06lrcbk0.default\extensions\[email protected]
[2010/03/02 21:13:00 | 000,000,000 | ---D | M] -- C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\06lrcbk0.default\extensions\[email protected]
[2010/03/02 21:13:02 | 000,000,000 | ---D | M] -- C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\06lrcbk0.default\extensions\[email protected]
[2009/11/23 04:11:56 | 000,000,000 | ---D | M] -- C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\06lrcbk0.default\extensions\[email protected]
[2010/03/02 21:13:00 | 000,000,000 | ---D | M] -- C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\06lrcbk0.default\extensions\[email protected]
[2009/11/23 04:11:56 | 000,000,000 | ---D | M] -- C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\06lrcbk0.default\extensions\[email protected]
[2009/11/23 04:11:56 | 000,000,000 | ---D | M] -- C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\06lrcbk0.default\extensions\[email protected]
[2010/03/02 21:13:02 | 000,000,000 | ---D | M] -- C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\06lrcbk0.default\extensions\[email protected]
[2010/03/03 17:01:23 | 000,000,000 | ---D | M] -- C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\06lrcbk0.default\extensions\[email protected]
[2009/11/23 04:11:56 | 000,000,000 | ---D | M] -- C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\06lrcbk0.default\extensions\[email protected]
[2009/11/23 04:11:56 | 000,000,000 | ---D | M] -- C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\06lrcbk0.default\extensions\[email protected]
[2009/11/23 04:11:55 | 000,000,000 | ---D | M] -- C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\06lrcbk0.default\extensions\[email protected]\content
[2009/11/23 04:11:55 | 000,000,000 | ---D | M] -- C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\06lrcbk0.default\extensions\[email protected]\defaults
[2009/11/23 04:11:55 | 000,000,000 | ---D | M] -- C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\06lrcbk0.default\extensions\[email protected]\locale
[2009/11/22 23:01:25 | 000,000,000 | ---D | M] -- C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles(392)\bhl7uhbf.default\extensions
[2009/08/12 23:28:31 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles(392)\bhl7uhbf.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/01/31 01:17:18 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
O1 HOSTS File: ([2010/01/31 22:50:34 | 000,619,896 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 fr.a2dfp.net
O1 - Hosts: 127.0.0.1 m.fr.a2dfp.net
O1 - Hosts: 127.0.0.1 ad.a8.net
O1 - Hosts: 127.0.0.1 asy.a8ww.net
O1 - Hosts: 127.0.0.1 adv.abv.bg
O1 - Hosts: 127.0.0.1 bimg.abv.bg
O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com
O1 - Hosts: 127.0.0.1 accuserveadsystem.com
O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com
O1 - Hosts: 127.0.0.1 achmedia.com
O1 - Hosts: 127.0.0.1 aconti.net
O1 - Hosts: 127.0.0.1 secure.aconti.net
O1 - Hosts: 127.0.0.1 www.aconti.net #[Dialer.Aconti]
O1 - Hosts: 127.0.0.1 ads.active.com
O1 - Hosts: 127.0.0.1 am1.activemeter.com
O1 - Hosts: 127.0.0.1 www.activemeter.com #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ads.activepower.net
O1 - Hosts: 127.0.0.1 data2.activshopper.com #[Trackware.ActivShopper]
O1 - Hosts: 127.0.0.1 stat.active24stats.nl #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ad2games.com
O1 - Hosts: 127.0.0.1 cms.ad2click.nl
O1 - Hosts: 127.0.0.1 ads.ad2games.com
O1 - Hosts: 127.0.0.1 content.ad20.net
O1 - Hosts: 16418 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll ()
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [bacstray] C:\Program Files\Broadcom\BACS\BacsTray.exe (Broadcom Corporation)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Windows\System32\WLTRAY.EXE (Dell Inc.)
O4 - HKLM..\Run: [DELL Webcam Manager] C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\me\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\AdvancedOptions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserFolderInStartMenu = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictWelcomeCenter = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AlwaysShowClassicMenu = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DontSetAutoplayCheckbox = 1
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: 207 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} http://pccheckup.del...oad/tgctlcm.cab (Support.com Configuration Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {A796D216-2DE1-4EA8-BABB-FE6E7C959098} http://www.hp.com/cp...ddObjSigned.cab (HPSDDX Class)
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.1_02)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {E001C731-5E37-4538-A5CB-8168736A2360} http://91.199.104.31...ActiveQscan.cab (Confirmation)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.67.222.222 208.67.220.220 205.167.142.102
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents\2 Photos\1 Edited Images\North Pole SunSet.jpg
O24 - Desktop BackupWallPaper: C:\Documents\2 Photos\1 Edited Images\North Pole SunSet.jpg
O27 - HKLM IFEO\taskmgr.exe: Debugger - C:\Users\me\Desktop\Tech\procexp.exe (Sysinternals)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll ()
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007/09/28 15:38:42 | 000,001,046 | ---- | M] () - V:\AUTOEXEC.UP -- [ FAT ]
O32 - AutoRun File - [2008/01/10 05:55:48 | 000,001,046 | ---- | M] () - V:\autoexec.bat -- [ FAT ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008/07/20 04:21:18 | 000,000,000 | ---D | M]
NetSvcs: Irmon - C:\Windows\System32\irmon.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
OTL cannot create restorepoints on Vista OSs!
========== Files/Folders - Created Within 14 Days ==========
[2010/04/09 20:57:01 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2010/04/09 03:49:48 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/04/09 03:49:31 | 000,000,000 | ---D | C] -- C:\Users\me\AppData\Roaming\SUPERAntiSpyware.com
[2010/04/09 03:49:31 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/04/09 03:43:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2008/06/06 14:01:16 | 000,262,144 | ---- | C] (Ask.com) -- C:\Program Files\Uninstall Ask Toolbar.dll
========== Files - Modified Within 14 Days ==========
[2010/04/10 02:50:33 | 003,145,728 | ---- | M] () -- C:\Users\me\ntuser.dat
[2010/04/10 02:38:36 | 000,734,432 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/04/10 02:38:36 | 000,625,820 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/04/10 02:38:36 | 000,113,466 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/04/10 02:34:45 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/04/10 02:34:45 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/04/10 02:33:27 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2010/04/10 02:33:14 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/04/10 02:33:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/04/10 02:33:08 | 2011,172,864 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/10 01:31:39 | 000,320,056 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/04/10 01:29:46 | 000,524,288 | -HS- | M] () -- C:\Users\me\ntuser.dat{aa33bf11-150d-11df-8243-001d09b41017}.TMContainer00000000000000000001.regtrans-ms
[2010/04/10 01:29:46 | 000,065,536 | -HS- | M] () -- C:\Users\me\ntuser.dat{aa33bf11-150d-11df-8243-001d09b41017}.TM.blf
[2010/04/10 01:29:44 | 002,486,453 | -H-- | M] () -- C:\Users\me\AppData\Local\IconCache.db
[2010/04/10 01:21:22 | 000,000,817 | ---- | M] () -- C:\prefs.js
[2010/04/10 01:09:28 | 000,083,224 | ---- | M] () -- C:\Users\me\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/04/10 00:13:37 | 001,117,857 | ---- | M] () -- C:\Windows\System32\drivers\sfi.dat
[2010/04/09 20:23:16 | 000,000,130 | ---- | M] () -- C:\Windows\cfplogvw.INI
========== Files Created - No Company Name ==========
[2010/04/10 01:21:22 | 000,000,817 | ---- | C] () -- C:\prefs.js
[2010/04/09 03:46:09 | 2011,172,864 | -HS- | C] () -- C:\hiberfil.sys
[2010/02/08 03:51:07 | 000,000,130 | ---- | C] () -- C:\Windows\cfplogvw.INI
[2009/07/18 22:19:08 | 000,044,544 | ---- | C] () -- C:\Windows\System32\Gif89.dll
[2008/08/10 18:06:19 | 000,000,221 | ---- | C] () -- C:\Windows\NCLogConfig.ini
[2008/06/29 16:23:58 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2008/05/25 18:32:04 | 000,000,428 | ---- | C] () -- C:\Users\me\AppData\Roaming\testtool.ini
[2008/05/11 18:38:17 | 000,000,518 | ---- | C] () -- C:\Windows\System32\SP7311.INI
[2008/05/04 11:08:55 | 000,020,480 | ---- | C] () -- C:\Windows\System32\CPUINFO2.DLL
[2008/04/24 15:59:10 | 000,024,227 | ---- | C] () -- C:\Users\me\AppData\Roaming\UserTile.png
[2008/04/07 15:10:31 | 000,007,291 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2008/03/29 04:22:25 | 000,003,712 | ---- | C] () -- C:\Windows\System32\socketlock.sys
[2008/03/27 00:09:12 | 000,000,164 | ---- | C] () -- C:\Windows\wininit.ini
[2008/03/25 12:34:41 | 000,007,944 | ---- | C] () -- C:\Users\me\AppData\Local\d3d9caps.dat
[2008/03/24 20:24:16 | 000,040,448 | ---- | C] () -- C:\Users\me\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/01/10 09:13:14 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008/01/10 09:13:12 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008/01/10 09:13:01 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008/01/10 01:49:10 | 000,054,784 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2006/11/07 14:25:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/09/17 00:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/17 00:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
========== LOP Check ==========
[2008/10/10 03:45:20 | 000,000,000 | ---D | M] -- C:\Users\me\AppData\Roaming\Image Zone Express
[2008/09/06 22:14:45 | 000,000,000 | ---D | M] -- C:\Users\me\AppData\Roaming\ImgBurn
[2009/09/05 12:14:49 | 000,000,000 | ---D | M] -- C:\Users\me\AppData\Roaming\IObit
[2008/03/25 13:08:18 | 000,000,000 | ---D | M] -- C:\Users\me\AppData\Roaming\Opera
[2008/04/24 15:59:10 | 000,000,000 | ---D | M] -- C:\Users\me\AppData\Roaming\PeerNetworking
[2008/04/10 14:53:17 | 000,000,000 | ---D | M] -- C:\Users\me\AppData\Roaming\Printer Info Cache
[2009/03/30 21:31:10 | 000,000,000 | ---D | M] -- C:\Users\me\AppData\Roaming\QuickScan
[2008/11/29 16:46:56 | 000,000,000 | ---D | M] -- C:\Users\me\AppData\Roaming\SecondLife
[2008/03/24 21:27:07 | 000,000,000 | ---D | M] -- C:\Users\me\AppData\Roaming\Smith Micro
[2008/04/16 13:37:24 | 000,000,000 | ---D | M] -- C:\Users\me\AppData\Roaming\tmp
[2008/05/25 15:32:06 | 000,000,000 | ---D | M] -- C:\Users\me\AppData\Roaming\uTorrent
[2008/04/01 23:37:02 | 000,000,000 | ---D | M] -- C:\Users\me\AppData\Roaming\WinPatrol
[2010/04/10 01:29:47 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
< MD5 for: AGP440.SYS >
[2008/01/19 02:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/19 02:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/10 08:59:15 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\System32\drivers\AGP440.sys
[2008/01/10 08:59:15 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_8ed06b47\AGP440.sys
[2008/01/10 08:59:15 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.16400_none_b82caac9c18a4e3b\AGP440.sys
[2008/01/10 08:59:14 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=BF34B4A0E0B64440C5389AA6B902F4AD -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20496_none_b85af81edaeb8461\AGP440.sys
[2006/11/02 04:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
< MD5 for: ATAPI.SYS >
[2008/01/19 02:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys
[2008/01/19 02:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/19 02:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2008/01/10 09:00:05 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=3E39E69F31F95D056703212E94320899 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_e6b2949c\atapi.sys
[2008/01/10 09:00:05 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=3E39E69F31F95D056703212E94320899 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20544_none_dbb443eb3d9db847\atapi.sys
[2006/11/02 04:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/01/10 08:59:50 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=5653737BAD8C6C10136451C195C19881 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20485_none_db8a029f3dbd443b\atapi.sys
[2008/01/10 09:12:37 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=61CA2C1E145809813C28752298CF9843 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_5da5d093\atapi.sys
[2008/01/10 09:12:37 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=61CA2C1E145809813C28752298CF9843 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20580_none_db8503133dc1c2af\atapi.sys
[2008/01/10 09:12:37 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=7EB55F6BEFB392BD312CD0CD5263305D -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_6c3af7d3\atapi.sys
[2008/01/10 09:12:37 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=7EB55F6BEFB392BD312CD0CD5263305D -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16470_none_db063634249c06f4\atapi.sys
[2008/01/10 08:59:11 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=9E7E85EC61D1C9C3171CC08427108863 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_5a9555b4\atapi.sys
[2008/01/10 08:59:11 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=9E7E85EC61D1C9C3171CC08427108863 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20509_none_dbe4850d3d78c736\atapi.sys
[2008/01/10 08:59:50 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=A779CA2C76DA4FCB595E692C05E8E4EB -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_82339ef2\atapi.sys
[2008/01/10 08:59:50 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=A779CA2C76DA4FCB595E692C05E8E4EB -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16391_none_daf194c024ab5b06\atapi.sys
[2008/03/30 10:51:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008/03/30 10:51:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008/03/30 10:51:17 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_64dfd8ea\atapi.sys
[2008/03/30 10:51:17 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys
< MD5 for: CNGAUDIT.DLL >
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
< MD5 for: IASTORV.SYS >
[2008/01/19 02:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/19 02:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 04:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006/11/02 04:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
< MD5 for: NETLOGON.DLL >
[2006/11/02 04:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2008/01/19 02:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll
[2008/01/19 02:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
< MD5 for: NVSTOR.SYS >
[2006/11/02 04:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006/11/02 04:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/19 02:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/19 02:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
< MD5 for: SCECLI.DLL >
[2008/01/19 02:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll
[2008/01/19 02:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006/11/02 04:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[2007/12/12 01:01:24 | 000,054,784 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\bcmwlrmt.dll
[2008/01/19 02:33:59 | 001,208,320 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\comsvcs.dll
[2008/01/19 02:38:03 | 000,242,744 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2008/01/19 02:36:10 | 000,225,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2006/11/02 05:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 05:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 05:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 05:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 05:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
========== Alternate Data Streams ==========
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:5C321E34
< End of report >