1st, a log of the Security Task Manager running processes list:
Security Task Manager: Computer MICHAEL-PC, User Michael, 4/26/2010 8:54:56 PM
Name Rating PID CPU Memory Active File Type Start Title, Description Manufacturer : product
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} 52% DLL when programs start <invalid registry entry> (monitors program starts) -
< smss.exe > 42% 308 < smss.exe - Services > Program 6:50:26PM -
< csrss.exe > 42% 448 < csrss.exe - Services > Program 6:50:31PM -
< csrss.exe > 42% 516 < csrss.exe - Access is denied > Program 6:50:32PM -
< services.exe >42% 548 < services.exe - Services > 6:50:32PM -
< lsm.exe > 42% 572 < lsm.exe - Services >Program 6:50:32 PM -
< winlogon.exe >42% 456 < winlogon.exe - Access is denied > Program 6:50:34 PM -
< nvvsvc.exe > 42% 1412 < nvvsvc.exe - Access is denied > Program 6:50:36 PM by NVIDIA Driver Helper Service, Version 186.52 NvSvc -
? 42% 2380 6.4 MB ? Program 6:50:48 PM by < services.exe > Task Host Window -
< ccsvchst.exe > 42% 2404 < ccsvchst.exe - Access is denied > Program 6:50:49 PM by Symantec Service Framework ccSvcHst -
? 42% 2468 5.7 MB ? Program 6:50:49 PM DWM Notification Window -
? 42% 2540 6.0 MB ? Program 6:53:45PM -
NVIDIA Driver Helper Service, Version 186.52 37% 728 C:\Windows\system32\nvvsvc.exe Program 6:50:33 PM by < services.exe > NVIDIA Corporation : NVIDIA Driver Helper Service, Version 186.52
coIEPlugIn 35% C:\Program Files (x86)\Norton 360\Engine\4.1.0.32\coIEPlg.dll Internet when Internet Explorer starts Symantec NCO BHO · Symantec NCO BHO (Browser Extension) Symantec Corporation : Norton Confidential
IPS Browser Helper DLL 35% C:\Program Files (x86)\Norton 360\Engine\4.1.0.32\IPSBHO.DLL Internet when Internet Explorer starts Symantec Intrusion Prevention · Symantec.IPS.WebProtection.1 (Browser Extension) Symantec Corporation : Symantec Intrusion Detection
TCP/IP NetBIOS Helper (LmHosts) 29% < Registry Access is denied, Admin rights missing > Service during system start-up by svchost.exe Provides support for the NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution for clients on the network, therefore enabling users to share files, print, and log on to the network. If this service is stopped, these functions might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. -
Network Location Awareness (nlasvc) 29% < Registry Access is denied, Admin rights missing > Service during system start-up by svchost.exe Collects and stores configuration information for the network and notifies programs when this information is modified. If this service is stopped, configuration information might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. -
Symantec Service Framework 23% 1364 C:\Program Files (x86)\Norton 360\Engine\4.1.0.32\ccSvcHst.exe Program 6:50:36 PM by < services.exe > Symantec Corporation : Symantec Security Technologies
mbamgui.exe 21% C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe Program when Windows starts, Registry: Machine\RunOnce Malwarebytes' Anti-Malware (not active) -
? 14% 2512 53.2 MB 0:18 ? Program 6:50:49 PM Downloads -
Firefox 9% 1236 98.1 MB 0:41 C:\Program Files (x86)\Mozilla Firefox\firefox.exe Program 8:22:46 PM by ? Download Security Task Manager - detect and remove trojans, spyware and malware - Mozilla Firefox Mozilla Corporation : Firefox
Security Task Manager 5% 1752 7% 19.0 MB 0:02 C:\Program Files\Security Task Manager\TaskMan.exe Program 8:54:44 PM by ? Security Task Manager A. & M. Neuber Software : Security Task Manager
From HijackThis:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:22:38 PM, on 4/26/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gate...c0z1l5a4831v25r
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.drudgereport.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gate...c0z1l5a4831v25r
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\4.1.0.32\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\4.1.0.32\IPSBHO.DLL
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\4.1.0.32\coIEPlg.dll
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O16 - DPF: {2AB1C516-D654-4D3A-B3D6-2185BBCEB409} (Cisco Systems WebVPN Relay Loader) - https://umhcremote.u...COL /relayp.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - https://172.26.179.1...tall/msxml4.cab
O16 - DPF: {988E583E-D78B-4BC5-8011-7F6674484D9C} (Centricity Web ViewApp Control 3.0 SPa05) - https://172.26.179.1...l/amiviewer.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files (x86)\SuperSpy\SASWINLO.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files (x86)\Norton 360\Engine\4.1.0.32\ccSvcHst.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
--
End of file - 4974 bytes
The Malwarebytes log file:
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org
Database version: 4041
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
4/26/2010 7:19:13 PM
mbam-log-2010-04-26 (19-19-13).txt
Scan type: Full scan (C:\|)
Objects scanned: 188491
Time elapsed: 23 minute(s), 49 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
The GMER program gives an error upon start, saying
"C:\Windows\system32\config\system: The system cannot find the file specified."
After I push the Scan button, I get another error message saying "C:\Windows\system32\config\system: The process cannot access the file because it is being used by another process."
I'm not sure how to ascertain which process might be using it...
it completes the scan saying it found any system modification.
The OTL log
OTL logfile created on: 4/26/2010 8:19:18 PM - Run 1
OTL by OldTimer - Version 3.2.3.0 Folder = C:\Users\Michael\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 65.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453.94 Gb Total Space | 380.86 Gb Free Space | 83.90% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: MICHAEL-PC
Current User Name: Michael
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2010/04/26 20:16:25 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Users\Michael\Downloads\OTL.exe
PRC - [2010/02/25 18:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\4.1.0.32\ccsvchst.exe
========== Modules (SafeList) ==========
MOD - [2010/04/26 20:16:25 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Users\Michael\Downloads\OTL.exe
MOD - [2009/07/13 20:15:07 | 000,486,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll
MOD - [2009/07/13 20:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2010/04/26 09:44:28 | 001,255,736 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\SysNative\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV:64bit: - [2009/07/13 20:41:59 | 000,229,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wwansvc.dll -- (WwanSvc)
SRV:64bit: - [2009/07/13 20:41:56 | 000,202,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbiosrvc.dll -- (WbioSrvc)
SRV:64bit: - [2009/07/13 20:41:56 | 000,163,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpo.dll -- (Power)
SRV:64bit: - [2009/07/13 20:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2009/07/13 20:41:54 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sppuinotify.dll -- (sppuinotify)
SRV:64bit: - [2009/07/13 20:41:54 | 000,029,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sensrsvc.dll -- (SensrSvc)
SRV:64bit: - [2009/07/13 20:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\pnrpsvc.dll -- (PNRPsvc)
SRV:64bit: - [2009/07/13 20:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\pnrpsvc.dll -- (p2pimsvc)
SRV:64bit: - [2009/07/13 20:41:53 | 000,187,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\provsvc.dll -- (HomeGroupProvider)
SRV:64bit: - [2009/07/13 20:41:53 | 000,067,072 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\SysNative\RpcEpMap.dll -- (RpcEptMapper)
SRV:64bit: - [2009/07/13 20:41:53 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\pnrpauto.dll -- (PNRPAutoReg)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:41:18 | 000,231,936 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ListSvc.dll -- (HomeGroupListener)
SRV:64bit: - [2009/07/13 20:40:54 | 001,127,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FntCache.dll -- (FontCache)
SRV:64bit: - [2009/07/13 20:40:28 | 000,314,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2009/07/13 20:40:28 | 000,291,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\defragsvc.dll -- (defragsvc)
SRV:64bit: - [2009/07/13 20:40:13 | 000,083,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\bthserv.dll -- (bthserv)
SRV:64bit: - [2009/07/13 20:40:10 | 000,100,864 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\SysNative\bdesvc.dll -- (BDESVC)
SRV:64bit: - [2009/07/13 20:40:05 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AxInstSv.dll -- (AxInstSV)
SRV:64bit: - [2009/07/13 20:40:01 | 000,032,256 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appidsvc.dll -- (AppIDSvc)
SRV:64bit: - [2009/07/13 20:39:51 | 001,503,744 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbengine.exe -- (wbengine)
SRV:64bit: - [2009/07/13 20:39:28 | 003,524,608 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\sppsvc.exe -- (sppsvc)
SRV:64bit: - [2009/07/13 20:39:11 | 000,689,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FXSSVC.exe -- (Fax)
SRV:64bit: - [2007/02/12 19:43:44 | 000,065,536 | ---- | M] (O2Micro International) [Disabled | Stopped] -- C:\Windows\SysNative\drivers\o2flash.exe -- (O2FLASH)
SRV - [2010/02/25 18:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton 360\Engine\4.1.0.32\ccSvcHst.exe -- (N360)
SRV - [2009/07/13 22:20:14 | 000,000,000 | ---D | M] [On_Demand | Stopped] -- C:\Windows\Vss -- (VSS)
SRV - [2009/07/13 22:20:14 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2009/07/13 20:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/13 20:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/13 15:30:11 | 000,061,056 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2009/06/10 16:15:04 | 000,436,736 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService)
SRV - [2009/06/10 15:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2010/03/29 14:03:11 | 000,173,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2010/02/26 21:23:54 | 000,149,552 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0401000.020\ironx64.sys -- (SymIRON)
DRV:64bit: - [2010/02/26 21:23:21 | 000,505,392 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\0401000.020\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2010/02/26 21:23:21 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0401000.020\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2010/02/25 18:22:52 | 000,615,040 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0401000.020\cchpx64.sys -- (ccHP)
DRV:64bit: - [2009/11/26 01:41:48 | 000,221,232 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0401000.020\symefa64.sys -- (SymEFA)
DRV:64bit: - [2009/11/21 19:43:47 | 000,451,120 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0401000.020\symtdiv.sys -- (SYMTDIv)
DRV:64bit: - [2009/10/14 22:50:05 | 000,433,200 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0401000.020\symds64.sys -- (SymDS)
DRV:64bit: - [2009/07/13 20:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 20:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,153,152 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ksecpkg.sys -- (KSecPkg)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:48:04 | 000,014,416 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hwpolicy.sys -- (hwpolicy)
DRV:64bit: - [2009/07/13 20:47:49 | 000,055,376 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fsdepends.sys -- (FsDepends)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:45:56 | 000,022,096 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wimmount.sys -- (WIMMount)
DRV:64bit: - [2009/07/13 20:45:55 | 000,217,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vhdmp.sys -- (vhdmp)
DRV:64bit: - [2009/07/13 20:45:55 | 000,036,432 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vdrvroot.sys -- (vdrvroot)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:45:46 | 000,214,096 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\rdyboost.sys -- (rdyboost)
DRV:64bit: - [2009/07/13 20:45:45 | 000,050,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pcw.sys -- (pcw)
DRV:64bit: - [2009/07/13 20:43:14 | 000,460,504 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\cng.sys -- (CNG)
DRV:64bit: - [2009/07/13 20:43:13 | 000,223,448 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fvevol.sys -- (fvevol)
DRV:64bit: - [2009/07/13 19:17:46 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpbus.sys -- (rdpbus)
DRV:64bit: - [2009/07/13 19:16:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV:64bit: - [2009/07/13 19:10:24 | 000,060,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV:64bit: - [2009/07/13 19:09:26 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\wfplwf.sys -- (WfpLwf)
DRV:64bit: - [2009/07/13 19:08:13 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ndiscap.sys -- (NdisCap)
DRV:64bit: - [2009/07/13 19:07:22 | 000,059,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vwififlt.sys -- (vwififlt)
DRV:64bit: - [2009/07/13 19:07:21 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vwifibus.sys -- (vwifibus)
DRV:64bit: - [2009/07/13 19:07:13 | 000,227,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\1394ohci.sys -- (1394ohci)
DRV:64bit: - [2009/07/13 19:07:00 | 000,350,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HdAudio.sys -- (HdAudAddService)
DRV:64bit: - [2009/07/13 19:07:00 | 000,184,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbvideo.sys -- (usbvideo) USB Video Device (WDM)
DRV:64bit: - [2009/07/13 19:06:52 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\umpass.sys -- (UmPass)
DRV:64bit: - [2009/07/13 19:06:24 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV:64bit: - [2009/07/13 19:05:37 | 000,112,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WUDFPf.sys -- (WudfPf)
DRV:64bit: - [2009/07/13 19:02:08 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MTConfig.sys -- (MTConfig)
DRV:64bit: - [2009/07/13 19:00:34 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CompositeBus.sys -- (CompositeBus)
DRV:64bit: - [2009/07/13 19:00:13 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\beep.sys -- (Beep)
DRV:64bit: - [2009/07/13 18:52:39 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\appid.sys -- (AppID)
DRV:64bit: - [2009/07/13 18:50:17 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\SysNative\drivers\scfilter.sys -- (scfilter)
DRV:64bit: - [2009/07/13 18:37:18 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\discache.sys -- (discache)
DRV:64bit: - [2009/07/13 18:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/07/13 18:31:06 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidbatt.sys -- (HidBatt)
DRV:64bit: - [2009/07/13 18:31:03 | 000,017,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CmBatt.sys -- (CmBatt)
DRV:64bit: - [2009/07/13 18:27:17 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipmi.sys -- (AcpiPmi)
DRV:64bit: - [2009/07/13 18:19:25 | 000,060,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdppm.sys -- (AmdPPM)
DRV:64bit: - [2009/06/19 21:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20)
DRV:64bit: - [2009/06/18 23:12:32 | 000,272,432 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/06/10 16:15:04 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV:64bit: - [2009/06/10 16:15:04 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio)
DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 15:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 15:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 20:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/05/20 04:10:00 | 000,393,728 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/05/18 17:17:08 | 000,034,152 | R--- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/14 11:51:40 | 005,435,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5v64.sys -- (netw5v64) Intel®
DRV:64bit: - [2009/05/07 17:29:16 | 000,049,696 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\o2sdx64.sys -- (O2SDRDR)
DRV:64bit: - [2009/05/07 17:20:08 | 000,063,264 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\o2mdx64.sys -- (O2MDRDR)
DRV:64bit: - [2009/02/13 01:24:56 | 001,485,824 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2009/02/13 01:20:56 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAXHWAZL.sys -- (CAXHWAZL)
DRV:64bit: - [2009/02/13 01:19:34 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_CNXT.sys -- (winachsf)
DRV - [2010/03/29 01:00:00 | 001,742,896 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100426.024\EX64.SYS -- (NAVEX15)
DRV - [2010/03/29 01:00:00 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2010/03/29 01:00:00 | 000,132,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/03/29 01:00:00 | 000,116,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100426.024\ENG64.SYS -- (NAVENG)
DRV - [2010/03/24 15:38:07 | 000,678,960 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20100324.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2009/11/16 19:51:14 | 000,466,992 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20100422.002\IDSviA64.sys -- (IDSVia64)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/13 20:16:02 | 000,014,336 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysWOW64\netbios.dll -- (NetBIOS)
DRV - [2009/06/10 16:28:14 | 000,001,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv)
DRV - [2009/06/10 16:15:18 | 000,003,066 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip)
DRV - [2009/06/10 16:15:04 | 000,094,208 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\mdmxsdk.dll -- (mdmxsdk)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gate...c0z1l5a4831v25r
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gate...c0z1l5a4831v25r
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gate...c0z1l5a4831v25r
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.drudgereport.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "http://www.drudgereport.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.47.4
FF - prefs.js..extensions.enabledItems: [email protected]:2.0.3
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.8
FF - prefs.js..extensions.enabledItems: {D9A7CBEC-DE1A-444f-A092-844461596C4D}:4.3
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/04/26 14:28:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/04/26 14:28:44 | 000,000,000 | ---D | M]
[2010/04/26 14:29:52 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Mozilla\Extensions
[2010/04/26 14:39:18 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\lyipe9tb.default\extensions
[2010/04/26 14:36:00 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\lyipe9tb.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/04/26 14:36:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\lyipe9tb.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2010/04/26 14:35:59 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\lyipe9tb.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010/04/26 14:38:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\lyipe9tb.default\extensions\{D9A7CBEC-DE1A-444f-A092-844461596C4D}
[2010/04/26 14:35:59 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\lyipe9tb.default\extensions\[email protected]
[2010/04/26 14:28:44 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
O1 HOSTS File: ([2010/04/26 18:30:41 | 000,000,938 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\4.1.0.32\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\4.1.0.32\ipsbho.dll (Symantec Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\4.1.0.32\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\4.1.0.32\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O13 - gopher Prefix: missing
O16 - DPF: {2AB1C516-D654-4D3A-B3D6-2185BBCEB409} https://umhcremote.u...COL /relayp.cab (Cisco Systems WebVPN Relay Loader)
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} https://172.26.179.1...tall/msxml4.cab (XML DOM Document 4.0)
O16 - DPF: {988E583E-D78B-4BC5-8011-7F6674484D9C} https://172.26.179.1...l/amiviewer.cab (Centricity Web ViewApp Control 3.0 SPa05)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.1.1
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files (x86)\SuperSpy\SASWINLO.dll - C:\Program Files (x86)\SuperSpy\SASWINLO.dll (SUPERAntiSpyware.com)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - Reg Error: Key error. File not found
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{f562a61e-4fa1-11df-aa82-00262d5b36c3}\Shell - "" = AutoRun
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs:64bit: Ias - C:\Windows\SysNative\ias [2009/09/23 16:21:09 | 000,000,000 | ---D | M]
NetSvcs:64bit: Irmon - C:\Windows\SysNative\irmon.dll (Microsoft Corporation)
NetSvcs:64bit: Wmi - C:\Windows\SysNative\wmi.dll (Microsoft Corporation)
NetSvcs:64bit: Themes - C:\Windows\SysNative\themeservice.dll (Microsoft Corporation)
NetSvcs:64bit: BDESVC - C:\Windows\SysNative\bdesvc.dll (Microsoft Corporation)
NetSvcs: Ias - C:\Windows\SysWOW64\ias.dll (Microsoft Corporation)
NetSvcs: Wmi - C:\Windows\SysWOW64\wmi.dll (Microsoft Corporation)
OTL cannot create restorepoints on Vista OSs!
========== Files/Folders - Created Within 90 Days ==========
[2010/04/26 18:54:27 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Malwarebytes
[2010/04/26 18:54:20 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/04/26 18:54:18 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/04/26 18:54:18 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/26 18:54:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/04/26 17:18:54 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/04/26 17:18:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SuperSpy
[2010/04/26 17:18:25 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\SUPERAntiSpyware.com
[2010/04/26 16:38:05 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/04/26 16:11:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/04/26 15:47:13 | 000,000,000 | ---D | C] -- C:\Program Files\Revo Uninstaller
[2010/04/26 15:11:38 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2010/04/26 15:11:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Security Task Manager
[2010/04/26 14:40:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner
[2010/04/26 14:28:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2010/04/26 13:36:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2010/04/26 10:58:37 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2010/04/26 10:58:36 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2010/04/26 09:46:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2010/04/20 08:35:12 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\Adobe
[2010/04/15 10:19:13 | 000,000,000 | ---D | C] -- C:\ProgramData\NovaRad
[2010/04/10 13:42:58 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\Google
[2010/04/09 09:42:49 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\ICAClient
[2010/04/09 09:42:01 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\Citrix
[2010/04/07 10:30:07 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\Diagnostics
[2010/04/07 10:19:57 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\ElevatedDiagnostics
[2010/04/06 19:09:39 | 000,615,040 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0401000.020\cchpx64.sys
[2010/04/06 19:09:39 | 000,505,392 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0401000.020\srtsp64.sys
[2010/04/06 19:09:39 | 000,451,120 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0401000.020\symtdiv.sys
[2010/04/06 19:09:39 | 000,433,200 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0401000.020\symds64.sys
[2010/04/06 19:09:39 | 000,221,232 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0401000.020\symefa64.sys
[2010/04/06 19:09:39 | 000,149,552 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0401000.020\ironx64.sys
[2010/04/06 19:09:39 | 000,032,304 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0401000.020\srtspx64.sys
[2010/04/06 19:09:20 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64\0401000.020
[2010/04/05 21:35:27 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Ventrilo
[2010/04/05 19:31:06 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\Blizzard Entertainment
[2010/04/05 19:21:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
[2010/04/05 19:21:10 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Winamp
[2010/04/05 17:56:34 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\Deployment
[2010/04/05 17:56:34 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\Apps
[2010/04/05 17:40:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\plugins
[2010/04/05 17:40:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio
[2010/04/05 17:40:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2010/04/05 17:40:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2010/04/05 17:37:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2010/04/05 17:36:45 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\Microsoft Help
[2010/04/05 17:36:16 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2010/04/05 16:54:19 | 000,000,000 | ---D | C] -- C:\Users\Michael\Documents\Radiology
[2010/03/31 08:16:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment
[2010/03/30 12:05:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment.aa2c2fe5.temp
[2010/03/30 11:55:25 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\CrashDumps
[2010/03/30 08:03:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment.temp
[2010/03/29 14:23:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2010/03/29 14:05:00 | 000,000,000 | ---D | C] -- C:\Users\Michael\Documents\Symantec
[2010/03/29 14:03:13 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2010/03/29 14:03:12 | 000,173,104 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2010/03/29 14:03:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2010/03/29 14:02:57 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64
[2010/03/29 14:02:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton 360
[2010/03/29 14:02:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2010/03/29 13:26:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard
[2010/03/29 13:22:11 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Blizzard Entertainment
========== Files - Modified Within 90 Days ==========
[2010/04/26 20:19:46 | 005,242,880 | -HS- | M] () -- C:\Users\Michael\NTUSER.DAT
[2010/04/26 20:13:27 | 000,293,376 | ---- | M] () -- C:\Users\Michael\Desktop\gmer.exe
[2010/04/26 20:09:08 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/04/26 20:09:08 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/04/26 19:23:12 | 001,091,950 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0401000.020\Cat.DB
[2010/04/26 18:54:22 | 000,000,793 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/26 18:52:24 | 000,000,708 | ---- | M] () -- C:\Users\Michael\Desktop\NTREGOPT.lnk
[2010/04/26 18:52:24 | 000,000,689 | ---- | M] () -- C:\Users\Michael\Desktop\ERUNT.lnk
[2010/04/26 18:50:35 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/04/26 18:50:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/04/26 18:50:27 | 3217,244,160 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/26 18:49:52 | 002,143,438 | -H-- | M] () -- C:\Users\Michael\AppData\Local\IconCache.db
[2010/04/26 18:30:41 | 000,000,938 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2010/04/26 18:00:50 | 000,559,020 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/04/26 18:00:50 | 000,088,868 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/04/26 17:39:10 | 000,000,925 | ---- | M] () -- C:\Users\Public\Desktop\Wise Registry Cleaner.lnk
[2010/04/26 17:18:32 | 000,001,016 | ---- | M] () -- C:\Users\Michael\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/04/26 16:37:02 | 000,392,792 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20100426-183041.backup
[2010/04/26 16:34:32 | 000,000,017 | ---- | M] () -- C:\Users\Michael\AppData\Local\resmon.resmoncfg
[2010/04/26 15:47:14 | 000,000,870 | ---- | M] () -- C:\Users\Michael\Desktop\Revo Uninstaller.lnk
[2010/04/26 15:02:53 | 000,000,880 | ---- | M] () -- C:\Users\Michael\Desktop\Ventrilo.lnk
[2010/04/26 14:40:56 | 000,001,852 | ---- | M] () -- C:\Users\Michael\Desktop\CCleaner.lnk
[2010/04/26 14:28:45 | 000,001,906 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/04/26 14:04:37 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/04/25 14:39:28 | 000,001,981 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/04/10 13:43:14 | 000,002,490 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010/04/07 10:11:11 | 000,425,488 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/04/07 08:13:52 | 000,002,355 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2010/04/05 19:21:41 | 000,001,026 | ---- | M] () -- C:\Users\Public\Desktop\Winamp.lnk
[2010/04/05 17:56:56 | 000,000,312 | ---- | M] () -- C:\Users\Michael\Desktop\Curse Client.appref-ms
[2010/04/05 17:56:26 | 000,110,832 | ---- | M] () -- C:\Users\Michael\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/04/05 17:37:05 | 000,000,478 | ---- | M] () -- C:\Windows\win.ini
[2010/03/31 09:00:58 | 000,001,219 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/03/30 00:45:56 | 000,024,664 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/03/29 14:03:11 | 000,173,104 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2010/03/29 14:03:11 | 000,007,440 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2010/03/29 14:03:11 | 000,000,854 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2010/03/26 20:39:52 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0401000.020\isolate.ini
[2010/03/01 22:32:06 | 000,007,414 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0401000.020\srtspx64.cat
[2010/03/01 22:32:06 | 000,007,410 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0401000.020\srtsp64.cat
[2010/02/26 21:23:54 | 000,149,552 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0401000.020\ironx64.sys
[2010/02/26 21:23:54 | 000,007,402 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0401000.020\iron.cat
[2010/02/26 21:23:54 | 000,000,771 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0401000.020\iron.inf
[2010/02/26 21:23:21 | 000,505,392 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0401000.020\srtsp64.sys
[2010/02/26 21:23:21 | 000,032,304 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0401000.020\srtspx64.sys
[2010/02/26 21:23:21 | 000,001,437 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0401000.020\srtsp64.inf
[2010/02/26 21:23:21 | 000,001,421 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0401000.020\srtspx64.inf
[2010/02/25 18:22:52 | 000,615,040 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0401000.020\cchpx64.sys
[2010/02/25 12:54:48 | 000,007,358 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0401000.020\cchpx64.cat
[2010/02/05 15:52:57 | 000,001,838 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0401000.020\cchpx64.inf
========== Files Created - No Company Name ==========
[2010/04/26 18:54:22 | 000,000,793 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/26 18:52:24 | 000,000,708 | ---- | C] () -- C:\Users\Michael\Desktop\NTREGOPT.lnk
[2010/04/26 18:52:24 | 000,000,689 | ---- | C] () -- C:\Users\Michael\Desktop\ERUNT.lnk
[2010/04/26 17:39:10 | 000,000,925 | ---- | C] () -- C:\Users\Public\Desktop\Wise Registry Cleaner.lnk
[2010/04/26 17:18:31 | 000,001,016 | ---- | C] () -- C:\Users\Michael\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/04/26 16:34:32 | 000,000,017 | ---- | C] () -- C:\Users\Michael\AppData\Local\resmon.resmoncfg
[2010/04/26 15:47:14 | 000,000,870 | ---- | C] () -- C:\Users\Michael\Desktop\Revo Uninstaller.lnk
[2010/04/26 15:02:53 | 000,000,880 | ---- | C] () -- C:\Users\Michael\Desktop\Ventrilo.lnk
[2010/04/26 14:40:56 | 000,001,852 | ---- | C] () -- C:\Users\Michael\Desktop\CCleaner.lnk
[2010/04/26 14:28:45 | 000,001,906 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/04/20 08:37:17 | 000,001,981 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/04/10 13:43:14 | 000,002,490 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010/04/07 08:13:28 | 001,091,950 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0401000.020\Cat.DB
[2010/04/06 19:09:39 | 000,007,787 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0401000.020\symnetv64.cat
[2010/04/06 19:09:39 | 000,007,414 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0401000.020\srtspx64.cat
[2010/04/06 19:09:39 | 000,007,412 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0401000.020\symefa64.cat
[2010/04/06 19:09:39 | 000,007,410 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0401000.020\srtsp64.cat
[2010/04/06 19:09:39 | 000,007,406 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0401000.020\symds64.cat
[2010/04/06 19:09:39 | 000,007,402 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0401000.020\iron.cat
[2010/04/06 19:09:39 | 000,007,368 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0401000.020\symnet64.cat
[2010/04/06 19:09:39 | 000,003,374 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0401000.020\symefa.inf
[2010/04/06 19:09:39 | 000,002,793 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0401000.020\symds.inf
[2010/04/06 19:09:39 | 000,001,838 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0401000.020\cchpx64.inf
[2010/04/06 19:09:39 | 000,001,473 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0401000.020\symnetv.inf
[2010/04/06 19:09:39 | 000,001,445 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0401000.020\symnet.inf
[2010/04/06 19:09:39 | 000,001,437 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0401000.020\srtsp64.inf
[2010/04/06 19:09:39 | 000,001,421 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0401000.020\srtspx64.inf
[2010/04/06 19:09:39 | 000,000,771 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0401000.020\iron.inf
[2010/04/06 19:09:38 | 000,007,358 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0401000.020\cchpx64.cat
[2010/04/06 19:09:20 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0401000.020\isolate.ini
[2010/04/05 19:21:41 | 000,001,026 | ---- | C] () -- C:\Users\Public\Desktop\Winamp.lnk
[2010/04/05 17:56:56 | 000,000,312 | ---- | C] () -- C:\Users\Michael\Desktop\Curse Client.appref-ms
[2010/03/31 08:16:07 | 000,001,219 | ---- | C] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2010/03/29 14:03:12 | 000,007,440 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2010/03/29 14:03:12 | 000,000,854 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2010/03/29 14:03:10 | 000,002,355 | ---- | C] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2009/10/27 10:59:33 | 000,001,561 | ---- | C] () -- C:\Windows\WPatchProgress.ini
[2009/10/27 10:34:21 | 000,000,033 | ---- | C] () -- C:\Windows\LaunApp.ini
[2009/09/23 01:14:29 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll
[2009/09/23 01:14:29 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll
[2009/09/23 01:14:27 | 000,000,189 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2009/09/23 01:14:27 | 000,000,168 | ---- | C] () -- C:\Windows\WisLangCode.ini
[2009/09/23 01:14:27 | 000,000,147 | ---- | C] () -- C:\Windows\WisPriority.ini
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2008/10/07 11:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008/10/07 11:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008/10/07 11:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008/10/07 11:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008/10/07 11:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008/10/07 11:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008/10/07 11:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008/10/07 11:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008/10/07 11:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008/10/07 11:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
========== LOP Check ==========
[2010/04/09 10:18:23 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\ICAClient
[2009/07/14 00:08:49 | 000,014,390 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2009/07/13 20:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2009/07/27 15:40:53 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2010/04/26 18:50:27 | 3217,244,160 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/26 18:50:31 | 4289,658,880 | -HS- | M] () -- C:\pagefile.sys
[2009/09/29 04:58:13 | 000,000,429 | RHS- | M] () -- C:\Patch.rev
[2010/01/11 14:10:22 | 000,000,184 | RHS- | M] () -- C:\Preload.rev
[2009/10/27 10:22:53 | 000,003,013 | ---- | M] () -- C:\RHDSetup.log
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\System32\config\*.sav >
< %systemroot%\system32\drivers\*.sys /90 >
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWOW64\drivers\mbamswissarmy.sys
< End of report >
I just can't figure out how to get rid of these root level "file missing" registry items nor these persistent running processes. Thanks for the consideration.
Cheers,
M