Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

lsass.exe cpu 100% no networking

Started by johonn , Sep 14 2010 06:44 PM

  • This topic is locked This topic is locked

#1
johonn
Posted 14 September 2010 - 06:44 PM

johonn

    Member

  • Member
  • PipPipPip
  • 120 posts
First symptom noticed was no networking on the machine. Microsoft Security Essentials turned off and we were unable to turn it back on. USB recognition is spotty. lsass.exe consuming 100% of CPU in safe mode. Ran scans as instructed in the malware removal guide. We couldn't find a logfile for the MBAM scan. We ran a GMER scan with no results. Now we're in normal windows mode and lsass.exe is not acting the same - no idea what is going on here, but weird things are happening like copy/paste disabled. So... here is the one OTL logfile we were able to obtain. Only one was created. Thanks!

OTL logfile created on: 9/14/2010 8:30:27 PM - Run 2
OTL by OldTimer - Version 3.2.12.0 Folder = J:\
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 85.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): G:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = G: | %SystemRoot% = G:\WINDOWS | %ProgramFiles% = G:\Program Files
Drive C: | 465.76 Gb Total Space | 161.02 Gb Free Space | 34.57% Space Free | Partition Type: NTFS
Drive D: | 698.64 Gb Total Space | 182.84 Gb Free Space | 26.17% Space Free | Partition Type: NTFS
Drive E: | 55.83 Gb Total Space | 8.36 Gb Free Space | 14.98% Space Free | Partition Type: NTFS
Drive F: | 57.26 Gb Total Space | 56.56 Gb Free Space | 98.78% Space Free | Partition Type: NTFS
Drive G: | 152.66 Gb Total Space | 121.51 Gb Free Space | 79.60% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
Drive I: | 0.08 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive J: | 970.74 Mb Total Space | 970.18 Mb Free Space | 99.94% Space Free | Partition Type: FAT32

Computer Name: DEEPWOOD
Current User Name: Donovan Gerrans
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/09/14 20:23:10 | 000,576,000 | ---- | M] (OldTimer Tools) -- J:\OTL.exe
PRC - [2010/06/01 14:53:46 | 001,093,208 | ---- | M] (Microsoft Corporation) -- G:\Program Files\Microsoft Security Essentials\msseces.exe
PRC - [2010/01/08 00:51:02 | 000,380,928 | ---- | M] (Spigot, Inc.) -- G:\Program Files\Application Updater\ApplicationUpdater.exe
PRC - [2008/05/26 22:19:14 | 000,123,904 | ---- | M] (Microsoft Corporation) -- G:\Program Files\Windows Desktop Search\WindowsSearch.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- G:\WINDOWS\explorer.exe
PRC - [2006/04/03 13:57:20 | 000,159,744 | ---- | M] () -- G:\Program Files\OKIDATA\OKI LPR Utility\Okilpr.exe


========== Modules (SafeList) ==========

MOD - [2010/09/14 20:23:10 | 000,576,000 | ---- | M] (OldTimer Tools) -- J:\OTL.exe
MOD - [2008/04/13 17:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- G:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- G:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Stopped] -- G:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- G:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/01/08 00:51:02 | 000,380,928 | ---- | M] (Spigot, Inc.) [Auto | Running] -- G:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- G:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2008/04/13 17:12:36 | 000,033,280 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- G:\WINDOWS\system32\snmp.exe -- (SNMP)
SRV - [2004/02/29 23:00:00 | 000,024,576 | ---- | M] (Oki Data Corporation) [Auto | Stopped] -- G:\WINDOWS\system32\spool\drivers\w32x86\3\OPHALDCS.EXE -- (DCSLoader)
SRV - [2002/09/03 10:06:31 | 000,019,456 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- G:\WINDOWS\system32\tcpsvcs.exe -- (LPDSVC)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Boot | Stopped] -- G:\WINDOWS\System32\drivers\lgjfcxbv.sys -- (askf)
DRV - [2010/03/25 21:30:22 | 000,151,216 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- G:\WINDOWS\system32\drivers\MpFilter.sys -- (MpFilter)
DRV - [2009/05/09 01:14:20 | 000,014,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- G:\WINDOWS\system32\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2008/08/14 03:04:36 | 000,138,496 | ---- | M] () [Kernel | System | Stopped] -- G:\WINDOWS\System32\drivers\afd.sys -- (AFD)
DRV - [2008/06/20 04:51:12 | 000,361,600 | ---- | M] () [Kernel | System | Stopped] -- G:\WINDOWS\system32\drivers\tcpip.sys -- (Tcpip)
DRV - [2008/04/13 12:21:00 | 000,162,816 | ---- | M] () [Kernel | System | Stopped] -- G:\WINDOWS\system32\drivers\netbt.sys -- (NetBT)
DRV - [2008/04/13 11:36:38 | 000,020,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- G:\WINDOWS\system32\drivers\hidbatt.sys -- (HidBatt)
DRV - [2003/08/29 04:59:24 | 001,101,696 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- G:\WINDOWS\system32\drivers\BCMSM.sys -- (BCMModem)
DRV - [2003/04/24 16:58:00 | 001,271,706 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- G:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2001/08/22 08:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- G:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)
DRV - [2001/08/17 07:05:16 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- G:\WINDOWS\system32\drivers\OVCD.sys -- (QCDonner)
DRV - [2001/08/17 06:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- G:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - G:\Program Files\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..browser.startup.homepage: "http://en-US.start3....en-US:official"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8
FF - prefs.js..extensions.enabledItems: [email protected]:1.2.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.1.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.2.3
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.30
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10
FF - prefs.js..extensions.enabledItems: {07b2a769-ed19-4483-87ce-c643914c81bb}:3.0.0.91

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: G:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/07/26 16:39:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Components: G:\Program Files\Mozilla Firefox\components [2010/09/11 22:15:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Plugins: G:\Program Files\Mozilla Firefox\plugins [2010/09/08 14:55:33 | 000,000,000 | ---D | M]

[2010/06/14 01:39:23 | 000,000,000 | ---D | M] -- G:\Documents and Settings\Donovan Gerrans\Application Data\Mozilla\Extensions
[2010/09/09 22:21:00 | 000,000,000 | ---D | M] -- G:\Documents and Settings\Donovan Gerrans\Application Data\Mozilla\Firefox\Profiles\e7oi83pg.default\extensions
[2010/06/23 18:50:32 | 000,000,000 | ---D | M] (Vista-aero) -- G:\Documents and Settings\Donovan Gerrans\Application Data\Mozilla\Firefox\Profiles\e7oi83pg.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb}
[2010/08/31 20:02:47 | 000,000,000 | ---D | M] (FlashGot) -- G:\Documents and Settings\Donovan Gerrans\Application Data\Mozilla\Firefox\Profiles\e7oi83pg.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2010/06/30 18:26:03 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- G:\Documents and Settings\Donovan Gerrans\Application Data\Mozilla\Firefox\Profiles\e7oi83pg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/07/27 18:29:45 | 000,000,000 | ---D | M] (DownloadHelper) -- G:\Documents and Settings\Donovan Gerrans\Application Data\Mozilla\Firefox\Profiles\e7oi83pg.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/09/07 19:57:27 | 000,000,000 | ---D | M] (DownThemAll!) -- G:\Documents and Settings\Donovan Gerrans\Application Data\Mozilla\Firefox\Profiles\e7oi83pg.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010/06/24 16:41:55 | 000,000,000 | ---D | M] -- G:\Documents and Settings\Donovan Gerrans\Application Data\Mozilla\Firefox\Profiles\e7oi83pg.default\extensions\[email protected]
[2010/06/23 18:50:31 | 000,000,000 | ---D | M] (No name found) -- G:\Documents and Settings\Donovan Gerrans\Application Data\Mozilla\Firefox\Profiles\e7oi83pg.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb}\chrome\mozapps\extensions
[2010/09/09 13:54:29 | 000,000,000 | ---D | M] -- G:\Program Files\Mozilla Firefox\extensions
[2010/05/24 18:49:08 | 000,000,000 | ---D | M] (Java Console) -- G:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2004/09/27 07:52:48 | 000,000,000 | ---D | M] (Java Console) -- G:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- G:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/03/31 07:09:22 | 010,437,264 | ---- | M] (PDFTron Systems Inc.) -- G:\Program Files\Mozilla Firefox\plugins\PDFNetC.dll
[2010/04/08 09:36:02 | 000,107,760 | ---- | M] () -- G:\Program Files\Mozilla Firefox\plugins\ScorchPDFWrapper.dll

O1 HOSTS File: ([2002/09/03 09:34:19 | 000,000,734 | ---- | M]) - G:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - G:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - G:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - G:\Program Files\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - G:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (Spigot, Inc.)
O4 - HKLM..\Run: [LogonStudio] G:\Program Files\WinCustomize\LogonStudio\logonstudio.exe (Stardock and Luca Saggese)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] G:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSSE] G:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] G:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [SearchSettings] G:\Program Files\pdfforge Toolbar\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [TkBellExe] G:\Program Files\RealMedia\Update_OB\realsched.exe File not found
O4 - HKCU..\Run: [YXE7DXCQ37] G:\DOCUME~1\DONOVA~1\LOCALS~1\Temp\Wqh.exe File not found
O4 - Startup: G:\Documents and Settings\All Users\Start Menu\Programs\Startup\OKI LPR Utility.lnk = G:\Program Files\OKIDATA\OKI LPR Utility\Okilpr.exe ()
O4 - Startup: G:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = G:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O4 - Startup: G:\Documents and Settings\Donovan Gerrans\Start Menu\Programs\Startup\ImpulseNow.lnk = G:\Program Files\Stardock\Impulse\Now\ImpulseNow.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - G:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: En&queue current page with Bulk Image Downloader - G:\Program Files\Bulk Image Downloader\iemenu\iebidqueue.htm ()
O8 - Extra context menu item: Enqueue link target with Bulk Ima&ge Downloader - G:\Program Files\Bulk Image Downloader\iemenu\iebidlinkqueue.htm ()
O8 - Extra context menu item: Open &link target with Bulk Image Downloader - G:\Program Files\Bulk Image Downloader\iemenu\iebidlink.htm ()
O8 - Extra context menu item: Open current page with Bulk I&mage Downloader - G:\Program Files\Bulk Image Downloader\iemenu\iebid.htm ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - G:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1276501468140 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: DirectAnimation Java Classes file://G:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://G:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - G:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - G:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - G:\WINDOWS\explorer.exe (Microsoft Corporation)
O22 - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - G:\Program Files\Stardock\Fences\FencesMenu.dll (Stardock)
O24 - Desktop WallPaper: G:\Documents and Settings\Donovan Gerrans\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: G:\Documents and Settings\Donovan Gerrans\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - G:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/06/13 22:56:44 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/07/29 14:54:51 | 000,000,000 | ---D | M] - D:\Autodesk Architectural Desktop 2004 -- [ NTFS ]
O32 - AutoRun File - [2006/10/29 11:41:34 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - G:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - G:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.ac3filter - G:\WINDOWS\System32\ac3filter.acm ()
Drivers32: msacm.l3acm - G:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - G:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - G:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - G:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - G:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - G:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - G:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - G:\WINDOWS\System32\ir32_32.dll ()
Drivers32: wave - G:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)
Unable to start service RpcSs!

========== Files/Folders - Created Within 90 Days ==========

[2010/09/12 08:40:01 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- G:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/09/12 08:40:00 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- G:\WINDOWS\System32\drivers\mbam.sys
[2010/09/11 22:35:32 | 000,000,000 | ---D | C] -- G:\WINDOWS\ERDNT
[2010/09/11 22:34:56 | 000,000,000 | ---D | C] -- G:\Program Files\ERUNT
[2010/09/10 22:12:04 | 000,000,000 | ---D | C] -- G:\Documents and Settings\Donovan Gerrans\Local Settings\Application Data\PCHealth
[2010/09/09 19:17:47 | 000,219,136 | ---- | C] (Don HO [email protected]) -- G:\WINDOWS\Wjyfua.exe
[2010/09/02 22:55:37 | 000,000,000 | ---D | C] -- G:\Documents and Settings\Donovan Gerrans\Application Data\ArcSoft
[2010/09/02 21:03:09 | 000,000,000 | ---D | C] -- G:\Documents and Settings\Donovan Gerrans\Application Data\Thinstall
[2010/08/16 22:07:24 | 000,000,000 | ---D | C] -- G:\Documents and Settings\All Users\Application Data\SlySoft
[2010/08/16 22:05:33 | 000,000,000 | ---D | C] -- G:\Program Files\SlySoft
[2010/07/30 19:53:14 | 000,000,000 | ---D | C] -- G:\Program Files\DCoder Image Source
[2010/07/30 19:53:01 | 000,000,000 | ---D | C] -- G:\Program Files\FFMPEG Core Files
[2010/07/30 19:52:51 | 000,000,000 | ---D | C] -- G:\Program Files\SHOUTcast Source
[2010/07/30 19:52:50 | 000,000,000 | ---D | C] -- G:\Program Files\MONOGRAM AMR SplitterDecoder
[2010/07/30 19:52:48 | 000,000,000 | ---D | C] -- G:\Program Files\CD Audio Reader Filter
[2010/07/30 19:52:47 | 000,000,000 | ---D | C] -- G:\Program Files\OpenSource AVI Splitter
[2010/07/30 19:52:45 | 000,000,000 | ---D | C] -- G:\Program Files\Gabest MPEG Splitter
[2010/07/30 19:52:43 | 000,000,000 | ---D | C] -- G:\Program Files\OpenSource DTSAC3DD+ Source Filter
[2010/07/30 19:52:35 | 000,000,000 | ---D | C] -- G:\Program Files\RealMedia
[2010/07/30 19:52:14 | 000,000,000 | ---D | C] -- G:\Program Files\DScaler5
[2010/07/30 19:52:07 | 000,000,000 | ---D | C] -- G:\Program Files\AC3Filter
[2010/07/30 19:51:55 | 000,000,000 | ---D | C] -- G:\Program Files\OpenSource Flash Video Splitter
[2010/07/30 19:51:51 | 000,000,000 | ---D | C] -- G:\Program Files\DirectVobSub
[2010/07/30 19:51:46 | 000,000,000 | ---D | C] -- G:\Program Files\Haali
[2010/07/30 19:51:32 | 000,000,000 | ---D | C] -- G:\Program Files\Bass Audio Decoder
[2010/07/30 19:51:03 | 000,000,000 | ---D | C] -- G:\Program Files\ffdshow
[2010/07/30 18:21:27 | 000,000,000 | ---D | C] -- G:\Documents and Settings\Donovan Gerrans\Application Data\HpUpdate
[2010/07/30 18:21:25 | 000,000,000 | ---D | C] -- G:\WINDOWS\Hewlett-Packard
[2010/07/30 13:17:58 | 000,000,000 | ---D | C] -- G:\Documents and Settings\Donovan Gerrans\Application Data\Google
[2010/07/26 16:39:11 | 000,000,000 | ---D | C] -- G:\Program Files\Common Files\xing shared
[2010/07/26 16:38:45 | 000,000,000 | ---D | C] -- G:\Program Files\Real
[2010/07/26 16:38:44 | 000,000,000 | ---D | C] -- G:\Program Files\Common Files\Real
[2010/07/26 16:38:44 | 000,000,000 | ---D | C] -- G:\Documents and Settings\All Users\Application Data\Real
[2010/07/26 16:38:42 | 000,000,000 | ---D | C] -- G:\Documents and Settings\Donovan Gerrans\Application Data\Real
[2010/07/26 16:35:03 | 000,000,000 | ---D | C] -- G:\Program Files\iPod
[2010/07/16 18:06:35 | 000,000,000 | ---D | C] -- G:\WINDOWS\Sun
[2010/07/16 18:06:28 | 000,000,000 | ---D | C] -- G:\Documents and Settings\All Users\Application Data\Sun
[2010/07/16 18:02:48 | 000,000,000 | ---D | C] -- G:\Documents and Settings\Donovan Gerrans\Application Data\Sun
[2010/07/12 20:41:09 | 000,000,000 | ---D | C] -- G:\Documents and Settings\All Users\Documents\microsoft
[2010/07/12 20:40:00 | 000,000,000 | ---D | C] -- G:\Program Files\MSECache
[2010/07/09 15:55:53 | 000,000,000 | ---D | C] -- G:\WINDOWS\Minidump
[2010/07/09 03:00:24 | 000,000,000 | ---D | C] -- G:\Program Files\MSXML 4.0
[2010/07/07 21:48:32 | 000,000,000 | ---D | C] -- G:\Documents and Settings\Donovan Gerrans\Application Data\HP
[2010/07/07 21:37:27 | 000,000,000 | ---D | C] -- G:\Program Files\Common Files\HP
[2010/07/07 21:36:06 | 000,000,000 | ---D | C] -- G:\Documents and Settings\All Users\Application Data\HP Product Assistant
[2010/07/07 21:36:05 | 000,000,000 | ---D | C] -- G:\Documents and Settings\All Users\Application Data\HP
[2010/07/07 21:35:06 | 000,000,000 | ---D | C] -- G:\Program Files\Common Files\Hewlett-Packard
[2010/07/07 21:35:05 | 000,000,000 | ---D | C] -- G:\Program Files\Hewlett-Packard
[2010/07/07 21:34:25 | 000,000,000 | ---D | C] -- G:\Program Files\HP
[2010/07/06 14:46:36 | 000,000,000 | ---D | C] -- G:\Documents and Settings\Donovan Gerrans\Application Data\Search Settings
[2010/07/06 14:46:34 | 000,000,000 | ---D | C] -- G:\Documents and Settings\Donovan Gerrans\Application Data\pdfforge
[2010/07/06 14:20:39 | 000,000,000 | ---D | C] -- G:\Program Files\Application Updater
[2010/07/06 14:20:38 | 000,000,000 | ---D | C] -- G:\Program Files\pdfforge Toolbar
[2010/07/06 14:20:05 | 000,000,000 | ---D | C] -- G:\Program Files\PDFCreator
[2010/07/01 21:52:08 | 000,000,000 | ---D | C] -- G:\spoolerlogs
[2010/06/29 22:21:44 | 000,000,000 | ---D | C] -- G:\Documents and Settings\Donovan Gerrans\Local Settings\Application Data\Aston2
[2010/06/29 22:21:44 | 000,000,000 | ---D | C] -- G:\Documents and Settings\Donovan Gerrans\Application Data\Aston2
[2010/06/29 21:58:57 | 000,012,288 | ---- | C] (Oki Data Corporation) -- G:\WINDOWS\System32\okComDLL.dll
[2010/06/29 21:58:56 | 000,245,760 | ---- | C] (Oki Data Corporation) -- G:\WINDOWS\System32\OkDrtPrn.exe
[2010/06/29 21:58:56 | 000,126,976 | ---- | C] (Oki Data Corporation) -- G:\WINDOWS\System32\OkDrtPrn.dll
[2010/06/29 21:58:56 | 000,012,288 | ---- | C] (Oki Data Corporation) -- G:\WINDOWS\System32\fxComDLL.dll
[2010/06/29 21:58:56 | 000,012,288 | ---- | C] (Oki Data Corporation) -- G:\WINDOWS\System32\efComDLL.dll
[2010/06/29 21:58:30 | 000,102,400 | ---- | C] (Oki Data Corporation) -- G:\WINDOWS\System32\opnetext.dll
[2010/06/29 21:58:05 | 000,086,016 | ---- | C] (Oki Data Corporation) -- G:\WINDOWS\System32\oklpinst.dll
[2010/06/29 21:58:05 | 000,040,960 | ---- | C] (Oki Data Corporation) -- G:\WINDOWS\System32\oklprrsc.dll
[2010/06/29 21:58:05 | 000,023,552 | ---- | C] (Oki Data Corporation) -- G:\WINDOWS\System32\oklprmon.dll
[2010/06/29 21:48:16 | 000,000,000 | ---D | C] -- G:\Documents and Settings\Donovan Gerrans\OkiData
[2010/06/29 21:43:11 | 000,000,000 | ---D | C] -- G:\Documents and Settings\Donovan Gerrans\Application Data\InstallShield
[2010/06/29 21:36:18 | 000,000,000 | ---D | C] -- G:\Program Files\PhotoZoom Pro 3
[2010/06/29 16:48:18 | 000,000,000 | ---D | C] -- G:\Program Files\WinCustomize
[2010/06/29 16:48:18 | 000,000,000 | ---D | C] -- G:\Program Files\Common Files\Stardock
[2010/06/28 19:10:40 | 000,000,000 | ---D | C] -- G:\Program Files\PowerZip
[2010/06/28 18:25:54 | 000,000,000 | ---D | C] -- G:\Documents and Settings\Donovan Gerrans\Application Data\Windows Search
[2010/06/27 21:30:12 | 000,000,000 | ---D | C] -- G:\Documents and Settings\Donovan Gerrans\Local Settings\Application Data\Kolor
[2010/06/27 21:14:24 | 000,000,000 | ---D | C] -- G:\Program Files\Kolor
[2010/06/27 21:09:58 | 000,000,000 | ---D | C] -- G:\Program Files\MosaicCreator
[2010/06/27 06:56:20 | 000,000,000 | ---D | C] -- G:\Documents and Settings\Donovan Gerrans\Application Data\BID
[2010/06/27 05:45:05 | 000,000,000 | R--D | C] -- G:\Documents and Settings\Donovan Gerrans\My Documents\My Videos
[2010/06/27 05:45:05 | 000,000,000 | R--D | C] -- G:\Documents and Settings\All Users\Documents\My Videos
[2010/06/25 20:53:26 | 000,000,000 | ---D | C] -- G:\Program Files\Windows Media Connect 2
[2010/06/25 20:50:47 | 000,000,000 | ---D | C] -- G:\Documents and Settings\All Users\Application Data\xml_param
[2010/06/25 20:49:23 | 000,000,000 | ---D | C] -- G:\WINDOWS\System32\drivers\UMDF
[2010/06/25 20:49:23 | 000,000,000 | ---D | C] -- G:\WINDOWS\System32\LogFiles
[2010/06/25 20:43:49 | 000,000,000 | ---D | C] -- G:\WINDOWS\XSxS
[2010/06/25 20:43:49 | 000,000,000 | ---D | C] -- G:\Program Files\Xenocode
[2010/06/25 20:43:49 | 000,000,000 | ---D | C] -- G:\Documents and Settings\Donovan Gerrans\Local Settings\Application Data\Xenocode
[2010/06/24 20:16:03 | 000,000,000 | ---D | C] -- G:\Program Files\Intel
[2010/06/24 17:31:50 | 000,090,112 | R--- | C] (Okidata Corporation) -- G:\WINDOWS\System32\OPDMN014.DLL
[2010/06/24 17:31:50 | 000,069,632 | R--- | C] (Oki Data Corporation) -- G:\WINDOWS\System32\OPUSB010.DLL
[2010/06/24 17:31:50 | 000,065,536 | R--- | C] (Oki Data Corporation) -- G:\WINDOWS\System32\OPM01LOC.DLL
[2010/06/24 17:31:50 | 000,057,344 | R--- | C] (Oki Data Corporation) -- G:\WINDOWS\System32\OPSLD010.DLL
[2010/06/24 17:31:50 | 000,049,152 | R--- | C] (Okidata Corporation) -- G:\WINDOWS\System32\OPS01LOC.DLL
[2010/06/24 17:31:50 | 000,045,132 | R--- | C] (Oki Data Corporation) -- G:\WINDOWS\System32\OPCLB012.DLL
[2010/06/24 17:31:50 | 000,040,960 | R--- | C] (Oki Data Corporation) -- G:\WINDOWS\System32\OPDVA012.DLL
[2010/06/23 22:21:21 | 000,065,536 | R--- | C] (Oki Data Corporation) -- G:\WINDOWS\System32\OPEXTUAC.DLL
[2010/06/23 22:21:21 | 000,053,248 | R--- | C] (Oki Data Corporation) -- G:\WINDOWS\System32\OPUSBEXT.DLL
[2010/06/23 22:21:21 | 000,040,960 | ---- | C] (Oki Data Corporation) -- G:\WINDOWS\System32\OKLMON32.DLL
[2010/06/22 14:44:37 | 000,000,000 | ---D | C] -- G:\Program Files\Bonjour
[2010/06/21 11:42:01 | 000,000,000 | ---D | C] -- G:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2010/06/19 22:50:44 | 000,000,000 | ---D | C] -- G:\Documents and Settings\Donovan Gerrans\dwhelper
[2010/06/19 22:13:06 | 000,049,152 | ---- | C] (Analog Devices Inc.) -- G:\WINDOWS\System32\DSndUp.exe
[2010/06/19 22:13:06 | 000,045,056 | ---- | C] (adi) -- G:\WINDOWS\System32\CleanUp.exe
[2010/06/19 22:13:06 | 000,000,000 | ---D | C] -- G:\Program Files\Analog Devices
[2010/06/19 21:58:45 | 000,000,000 | ---D | C] -- G:\Documents and Settings\Donovan Gerrans\Local Settings\Application Data\Font Fitting Room Deluxe
[2010/06/19 21:58:39 | 000,000,000 | ---D | C] -- G:\Program Files\Font Fitting Room Deluxe
[2010/06/19 21:15:39 | 000,000,000 | ---D | C] -- G:\Documents and Settings\Donovan Gerrans\Application Data\Azureus
[2010/06/19 20:58:06 | 000,000,000 | ---D | C] -- G:\Program Files\Microsoft
[2010/06/19 20:57:39 | 000,000,000 | ---D | C] -- G:\Program Files\Microsoft Silverlight
[2010/06/19 20:56:18 | 000,000,000 | ---D | C] -- G:\Program Files\Vuze
[2010/06/19 20:56:18 | 000,000,000 | ---D | C] -- G:\Program Files\Common Files\i4j_jres
[2010/06/19 20:56:17 | 000,000,000 | ---D | C] -- G:\Program Files\Bing Bar Installer
[2010/06/17 21:04:18 | 000,000,000 | ---D | C] -- G:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2010/06/17 19:25:29 | 000,000,000 | ---D | C] -- G:\WINDOWS\Prefetch
[2010/06/17 06:27:30 | 000,000,000 | ---D | C] -- G:\WINDOWS\System32\scripting
[2010/06/17 06:27:29 | 000,000,000 | ---D | C] -- G:\WINDOWS\l2schemas
[2010/06/17 06:27:28 | 000,000,000 | ---D | C] -- G:\WINDOWS\System32\en
[2010/06/17 06:23:11 | 000,000,000 | ---D | C] -- G:\WINDOWS\network diagnostic

========== Files - Modified Within 90 Days ==========

[2010/09/14 20:17:34 | 000,000,024 | ---- | M] () -- G:\WINDOWS\LogonStudio.ini
[2010/09/14 20:15:58 | 000,002,048 | --S- | M] () -- G:\WINDOWS\bootstat.dat
[2010/09/14 19:25:09 | 000,002,206 | ---- | M] () -- G:\WINDOWS\System32\wpa.dbl
[2010/09/13 16:32:49 | 007,077,888 | ---- | M] () -- G:\Documents and Settings\Donovan Gerrans\ntuser.dat
[2010/09/13 16:32:44 | 000,000,178 | -HS- | M] () -- G:\Documents and Settings\Donovan Gerrans\ntuser.ini
[2010/09/12 08:40:03 | 000,000,724 | ---- | M] () -- G:\Documents and Settings\Donovan Gerrans\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2010/09/12 08:40:03 | 000,000,706 | ---- | M] () -- G:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/12 07:51:07 | 000,000,006 | -H-- | M] () -- G:\WINDOWS\tasks\SA.DAT
[2010/09/12 07:37:00 | 000,000,308 | -H-- | M] () -- G:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010/09/12 07:26:05 | 000,000,904 | ---- | M] () -- G:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/09/12 02:05:02 | 000,000,408 | -H-- | M] () -- G:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/09/11 22:34:58 | 000,000,621 | ---- | M] () -- G:\Documents and Settings\Donovan Gerrans\Desktop\NTREGOPT.lnk
[2010/09/11 22:34:58 | 000,000,602 | ---- | M] () -- G:\Documents and Settings\Donovan Gerrans\Desktop\ERUNT.lnk
[2010/09/11 22:32:41 | 000,000,298 | ---- | M] () -- G:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-507921405-362288127-682003330-1004.job
[2010/09/11 22:32:19 | 000,000,900 | ---- | M] () -- G:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/09/10 19:06:20 | 000,002,461 | ---- | M] () -- G:\Documents and Settings\Donovan Gerrans\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Publisher 2007.lnk
[2010/09/10 19:05:11 | 000,002,539 | ---- | M] () -- G:\Documents and Settings\Donovan Gerrans\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook 2007.lnk
[2010/09/10 03:19:34 | 000,194,560 | ---- | M] () -- G:\Documents and Settings\Donovan Gerrans\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/09 22:22:50 | 000,000,306 | ---- | M] () -- G:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-507921405-362288127-682003330-1004.job
[2010/09/09 19:17:13 | 000,219,136 | ---- | M] (Don HO [email protected]) -- G:\WINDOWS\Wjyfua.exe
[2010/09/09 16:01:36 | 000,002,541 | ---- | M] () -- G:\Documents and Settings\Donovan Gerrans\Application Data\Microsoft\Internet Explorer\Quick Launch\Jasc Paint Shop Pro 9.lnk
[2010/09/03 04:20:50 | 000,000,664 | ---- | M] () -- G:\WINDOWS\System32\d3d9caps.dat
[2010/09/02 22:56:05 | 000,000,863 | ---- | M] () -- G:\Documents and Settings\Donovan Gerrans\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to PMK.exe.lnk
[2010/08/31 20:28:45 | 000,088,596 | ---- | M] () -- G:\Documents and Settings\Donovan Gerrans\My Documents\Photo of Gerrans, the Villa...tif
[2010/08/22 08:54:32 | 004,316,946 | -H-- | M] () -- G:\Documents and Settings\Donovan Gerrans\Local Settings\Application Data\IconCache.db
[2010/08/21 20:39:30 | 000,001,739 | ---- | M] () -- G:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/08/16 22:31:16 | 001,175,136 | ---- | M] () -- G:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/16 22:29:02 | 000,001,374 | ---- | M] () -- G:\WINDOWS\imsins.BAK
[2010/08/16 22:26:24 | 000,523,720 | ---- | M] () -- G:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/16 22:26:24 | 000,457,646 | ---- | M] () -- G:\WINDOWS\System32\perfh009.dat
[2010/08/16 22:26:24 | 000,075,882 | ---- | M] () -- G:\WINDOWS\System32\perfc009.dat
[2010/07/30 18:57:19 | 000,000,050 | ---- | M] () -- G:\WINDOWS\cdplayer.ini
[2010/07/30 17:15:57 | 000,000,054 | ---- | M] () -- G:\WINDOWS\JascCmdFile.INI
[2010/07/26 16:35:35 | 000,001,804 | ---- | M] () -- G:\Documents and Settings\Donovan Gerrans\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2010/07/26 16:35:35 | 000,001,804 | ---- | M] () -- G:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/07/26 11:42:02 | 000,000,284 | ---- | M] () -- G:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/07/14 03:02:17 | 000,002,555 | ---- | M] () -- G:\Documents and Settings\Donovan Gerrans\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Access 2007.lnk
[2010/07/07 21:43:01 | 000,127,757 | ---- | M] () -- G:\WINDOWS\hpgins23.dat.temp
[2010/07/07 21:43:01 | 000,127,757 | ---- | M] () -- G:\WINDOWS\hpgins23.dat
[2010/07/07 21:37:27 | 000,001,897 | ---- | M] () -- G:\Documents and Settings\All Users\Desktop\HP Photosmart Essential.lnk
[2010/07/07 21:36:22 | 000,000,994 | ---- | M] () -- G:\Documents and Settings\Donovan Gerrans\Application Data\Microsoft\Internet Explorer\Quick Launch\HP Solution Center.lnk
[2010/07/07 21:36:22 | 000,000,994 | ---- | M] () -- G:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk
[2010/07/06 14:20:14 | 000,000,734 | ---- | M] () -- G:\Documents and Settings\Donovan Gerrans\Application Data\Microsoft\Internet Explorer\Quick Launch\PDFCreator.lnk
[2010/07/04 19:23:29 | 000,002,491 | ---- | M] () -- G:\Documents and Settings\Donovan Gerrans\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2007.lnk
[2010/07/02 17:55:05 | 000,427,920 | ---- | M] () -- G:\Documents and Settings\Donovan Gerrans\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/07/01 21:47:05 | 000,000,106 | ---- | M] () -- G:\WINDOWS\OPHA.ini
[2010/07/01 21:45:16 | 000,017,468 | ---- | M] () -- G:\WINDOWS\System32\OPC5150N.cah
[2010/07/01 21:28:14 | 000,000,216 | ---- | M] () -- G:\WINDOWS\OPPB.INI
[2010/06/29 22:21:39 | 000,000,676 | ---- | M] () -- G:\Documents and Settings\Donovan Gerrans\Desktop\Aston2.lnk
[2010/06/29 21:58:06 | 000,001,651 | ---- | M] () -- G:\Documents and Settings\All Users\Start Menu\Programs\Startup\OKI LPR Utility.lnk
[2010/06/29 21:57:05 | 000,017,780 | ---- | M] () -- G:\WINDOWS\System32\OP8800.cah
[2010/06/29 21:57:05 | 000,013,332 | ---- | M] () -- G:\WINDOWS\System32\OPPB_M00.cah
[2010/06/29 21:36:30 | 000,001,442 | ---- | M] () -- G:\WINDOWS\cnzsdw-m64.ini
[2010/06/29 21:36:22 | 000,000,778 | ---- | M] () -- G:\Documents and Settings\Donovan Gerrans\Desktop\PhotoZoom Pro 3.lnk
[2010/06/27 21:25:34 | 000,000,893 | ---- | M] () -- G:\Documents and Settings\Donovan Gerrans\Application Data\Microsoft\Internet Explorer\Quick Launch\Autopano Giga 2.lnk
[2010/06/26 18:44:24 | 000,000,810 | ---- | M] () -- G:\Documents and Settings\Donovan Gerrans\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/06/26 03:16:44 | 000,023,392 | ---- | M] () -- G:\WINDOWS\System32\nscompat.tlb
[2010/06/26 03:16:44 | 000,016,832 | ---- | M] () -- G:\WINDOWS\System32\amcompat.tlb
[2010/06/25 20:54:47 | 000,000,592 | ---- | M] () -- G:\WINDOWS\win.ini
[2010/06/25 20:50:23 | 000,316,640 | ---- | M] () -- G:\WINDOWS\WMSysPr9.prx
[2010/06/25 20:49:25 | 000,000,000 | -H-- | M] () -- G:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2010/06/24 17:52:40 | 000,034,640 | ---- | M] () -- G:\WINDOWS\System32\OPHA_M00.cah
[2010/06/21 18:18:16 | 000,048,106 | ---- | M] () -- G:\Documents and Settings\Donovan Gerrans\My Documents\Melaleuca 2010 06 21.TIF
[2010/06/19 21:58:40 | 000,000,775 | ---- | M] () -- G:\Documents and Settings\Donovan Gerrans\Desktop\FFR Deluxe.lnk
[2010/06/19 20:57:37 | 000,001,515 | ---- | M] () -- G:\Documents and Settings\Donovan Gerrans\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2010/06/19 20:57:37 | 000,001,515 | ---- | M] () -- G:\Documents and Settings\All Users\Desktop\Vuze.lnk
[2010/06/17 21:55:52 | 000,000,000 | ---- | M] () -- G:\WINDOWS\nsreg.dat
[2010/06/17 20:38:05 | 000,002,599 | ---- | M] () -- G:\Documents and Settings\Donovan Gerrans\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office InfoPath 2007.lnk

========== Files Created - No Company Name ==========

[2010/09/12 08:45:19 | 000,127,757 | ---- | C] () -- G:\WINDOWS\hpgins23.dat.temp
[2010/09/12 08:45:19 | 000,000,280 | ---- | C] () -- G:\WINDOWS\hpgmdl23.dat.temp
[2010/09/12 08:40:03 | 000,000,724 | ---- | C] () -- G:\Documents and Settings\Donovan Gerrans\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2010/09/12 08:40:03 | 000,000,706 | ---- | C] () -- G:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/11 22:34:58 | 000,000,621 | ---- | C] () -- G:\Documents and Settings\Donovan Gerrans\Desktop\NTREGOPT.lnk
[2010/09/11 22:34:58 | 000,000,602 | ---- | C] () -- G:\Documents and Settings\Donovan Gerrans\Desktop\ERUNT.lnk
[2010/09/09 19:17:38 | 000,000,308 | -H-- | C] () -- G:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010/09/07 19:08:33 | 000,001,804 | ---- | C] () -- G:\Documents and Settings\Donovan Gerrans\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2010/09/02 22:56:05 | 000,000,863 | ---- | C] () -- G:\Documents and Settings\Donovan Gerrans\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to PMK.exe.lnk
[2010/08/31 20:28:43 | 000,088,596 | ---- | C] () -- G:\Documents and Settings\Donovan Gerrans\My Documents\Photo of Gerrans, the Villa...tif
[2010/08/21 20:39:30 | 000,001,739 | ---- | C] () -- G:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/07/30 19:52:08 | 000,497,664 | ---- | C] () -- G:\WINDOWS\System32\ac3filter.acm
[2010/07/30 19:51:06 | 000,000,547 | ---- | C] () -- G:\WINDOWS\System32\ff_vfw.dll.manifest
[2010/07/30 19:51:05 | 000,085,504 | ---- | C] () -- G:\WINDOWS\System32\ff_vfw.dll
[2010/07/30 18:57:18 | 000,000,050 | ---- | C] () -- G:\WINDOWS\cdplayer.ini
[2010/07/26 16:39:40 | 000,000,298 | ---- | C] () -- G:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-507921405-362288127-682003330-1004.job
[2010/07/26 16:39:38 | 000,000,306 | ---- | C] () -- G:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-507921405-362288127-682003330-1004.job
[2010/07/26 16:35:35 | 000,001,804 | ---- | C] () -- G:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/07/19 22:07:19 | 000,000,664 | ---- | C] () -- G:\WINDOWS\System32\d3d9caps.dat
[2010/07/07 21:48:23 | 000,000,994 | ---- | C] () -- G:\Documents and Settings\Donovan Gerrans\Application Data\Microsoft\Internet Explorer\Quick Launch\HP Solution Center.lnk
[2010/07/07 21:37:27 | 000,001,897 | ---- | C] () -- G:\Documents and Settings\All Users\Desktop\HP Photosmart Essential.lnk
[2010/07/07 21:36:22 | 000,000,994 | ---- | C] () -- G:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk
[2010/07/07 21:32:01 | 000,004,480 | ---- | C] () -- G:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2010/07/07 21:31:59 | 000,127,757 | ---- | C] () -- G:\WINDOWS\hpgins23.dat
[2010/07/07 21:31:59 | 000,000,280 | ---- | C] () -- G:\WINDOWS\hpgmdl23.dat
[2010/07/06 19:57:08 | 000,000,054 | ---- | C] () -- G:\WINDOWS\JascCmdFile.INI
[2010/07/06 14:20:13 | 000,000,734 | ---- | C] () -- G:\Documents and Settings\Donovan Gerrans\Application Data\Microsoft\Internet Explorer\Quick Launch\PDFCreator.lnk
[2010/07/06 14:20:08 | 000,116,224 | ---- | C] () -- G:\WINDOWS\System32\pdfcmnnt.dll
[2010/07/01 21:47:05 | 000,000,106 | ---- | C] () -- G:\WINDOWS\OPHA.ini
[2010/06/29 22:21:39 | 000,000,676 | ---- | C] () -- G:\Documents and Settings\Donovan Gerrans\Desktop\Aston2.lnk
[2010/06/29 21:58:56 | 000,032,768 | R--- | C] () -- G:\WINDOWS\System32\OkDPnRes.dll
[2010/06/29 21:58:56 | 000,025,468 | R--- | C] () -- G:\WINDOWS\System32\OKDRTPRN.HLP
[2010/06/29 21:58:56 | 000,000,121 | R--- | C] () -- G:\WINDOWS\System32\OkDrtPrn.cnt
[2010/06/29 21:58:30 | 000,010,245 | ---- | C] () -- G:\WINDOWS\System32\OPNETEXT.HLP
[2010/06/29 21:58:30 | 000,003,036 | ---- | C] () -- G:\WINDOWS\System32\opnedef.str
[2010/06/29 21:58:30 | 000,000,131 | ---- | C] () -- G:\WINDOWS\System32\opnetext.cnt
[2010/06/29 21:58:30 | 000,000,000 | ---- | C] () -- G:\WINDOWS\System32\opnetext.gid
[2010/06/29 21:58:06 | 000,001,651 | ---- | C] () -- G:\Documents and Settings\All Users\Start Menu\Programs\Startup\OKI LPR Utility.lnk
[2010/06/29 21:57:05 | 000,017,780 | ---- | C] () -- G:\WINDOWS\System32\OP8800.cah
[2010/06/29 21:57:05 | 000,013,332 | ---- | C] () -- G:\WINDOWS\System32\OPPB_M00.cah
[2010/06/29 21:57:05 | 000,000,216 | ---- | C] () -- G:\WINDOWS\OPPB.INI
[2010/06/29 21:44:11 | 007,077,888 | ---- | C] () -- G:\Documents and Settings\Donovan Gerrans\ntuser.dat
[2010/06/29 21:36:30 | 000,001,442 | ---- | C] () -- G:\WINDOWS\cnzsdw-m64.ini
[2010/06/29 21:36:22 | 000,000,778 | ---- | C] () -- G:\Documents and Settings\Donovan Gerrans\Desktop\PhotoZoom Pro 3.lnk
[2010/06/29 16:49:49 | 000,000,024 | ---- | C] () -- G:\WINDOWS\LogonStudio.ini
[2010/06/29 16:48:19 | 000,187,392 | ---- | C] () -- G:\WINDOWS\System32\JPGUtils.dll
[2010/06/27 21:14:27 | 000,000,893 | ---- | C] () -- G:\Documents and Settings\Donovan Gerrans\Application Data\Microsoft\Internet Explorer\Quick Launch\Autopano Giga 2.lnk
[2010/06/25 20:49:25 | 000,000,000 | -H-- | C] () -- G:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2010/06/24 17:52:40 | 000,034,640 | ---- | C] () -- G:\WINDOWS\System32\OPHA_M00.cah
[2010/06/24 17:52:40 | 000,017,468 | ---- | C] () -- G:\WINDOWS\System32\OPC5150N.cah
[2010/06/21 18:18:15 | 000,048,106 | ---- | C] () -- G:\Documents and Settings\Donovan Gerrans\My Documents\Melaleuca 2010 06 21.TIF
[2010/06/19 21:58:40 | 000,000,775 | ---- | C] () -- G:\Documents and Settings\Donovan Gerrans\Desktop\FFR Deluxe.lnk
[2010/06/19 21:25:45 | 000,194,560 | ---- | C] () -- G:\Documents and Settings\Donovan Gerrans\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/19 20:57:37 | 000,001,515 | ---- | C] () -- G:\Documents and Settings\Donovan Gerrans\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2010/06/19 20:57:37 | 000,001,515 | ---- | C] () -- G:\Documents and Settings\All Users\Desktop\Vuze.lnk
[2010/06/17 21:55:52 | 000,000,000 | ---- | C] () -- G:\WINDOWS\nsreg.dat
[2010/06/14 00:22:45 | 000,012,288 | ---- | C] () -- G:\WINDOWS\System32\e100bmsg.dll
[2010/06/13 23:42:37 | 000,001,793 | ---- | C] () -- G:\WINDOWS\System32\fxsperf.ini
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- G:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- G:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- G:\WINDOWS\System32\gthrctr.ini
[2005/12/21 01:39:34 | 000,012,288 | R--- | C] () -- G:\WINDOWS\System32\hpnvr82.dll
[2002/09/03 10:06:26 | 000,361,600 | ---- | C] () -- G:\WINDOWS\System32\drivers\tcpip.sys
[2002/09/03 09:47:40 | 000,162,816 | ---- | C] () -- G:\WINDOWS\System32\drivers\netbt.sys
[2002/09/03 09:27:01 | 000,138,496 | ---- | C] () -- G:\WINDOWS\System32\drivers\afd.sys

========== LOP Check ==========

[2010/06/14 01:15:32 | 000,000,000 | ---D | M] -- G:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/08/16 22:07:24 | 000,000,000 | ---D | M] -- G:\Documents and Settings\All Users\Application Data\SlySoft
[2010/06/15 06:28:22 | 000,000,000 | ---D | M] -- G:\Documents and Settings\All Users\Application Data\Stardock
[2010/06/26 03:03:54 | 000,000,000 | ---D | M] -- G:\Documents and Settings\All Users\Application Data\xml_param
[2010/06/15 17:55:02 | 000,000,000 | ---D | M] -- G:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/06/15 22:04:44 | 000,000,000 | -H-D | M] -- G:\Documents and Settings\All Users\Application Data\{A87EB928-0C6C-4071-AEF1-59E32BAEDF1B}
[2010/06/30 21:08:29 | 000,000,000 | ---D | M] -- G:\Documents and Settings\Donovan Gerrans\Application Data\Aston2
[2010/06/29 22:31:46 | 000,000,000 | ---D | M] -- G:\Documents and Settings\Donovan Gerrans\Application Data\Azureus
[2010/07/17 20:48:53 | 000,000,000 | ---D | M] -- G:\Documents and Settings\Donovan Gerrans\Application Data\BID
[2010/07/06 14:46:34 | 000,000,000 | ---D | M] -- G:\Documents and Settings\Donovan Gerrans\Application Data\pdfforge
[2010/07/06 14:46:36 | 000,000,000 | ---D | M] -- G:\Documents and Settings\Donovan Gerrans\Application Data\Search Settings
[2010/06/15 06:29:07 | 000,000,000 | ---D | M] -- G:\Documents and Settings\Donovan Gerrans\Application Data\Stardock
[2010/09/02 21:03:09 | 000,000,000 | ---D | M] -- G:\Documents and Settings\Donovan Gerrans\Application Data\Thinstall
[2010/06/15 22:32:43 | 000,000,000 | ---D | M] -- G:\Documents and Settings\Donovan Gerrans\Application Data\Windows Desktop Search
[2010/06/28 18:25:54 | 000,000,000 | ---D | M] -- G:\Documents and Settings\Donovan Gerrans\Application Data\Windows Search
[2010/09/12 02:05:02 | 000,000,408 | -H-- | M] () -- G:\WINDOWS\Tasks\MP Scheduled Scan.job
[2010/09/12 07:37:00 | 000,000,308 | -H-- | M] () -- G:\WINDOWS\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/09/14 20:15:56 | 2145,386,496 | -HS- | M] () -- G:\pagefile.sys

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2010/06/13 15:27:07 | 000,094,208 | ---- | M] () -- G:\WINDOWS\system32\config\default.sav
[2010/06/13 15:27:07 | 000,602,112 | ---- | M] () -- G:\WINDOWS\system32\config\software.sav
[2010/06/13 15:27:07 | 000,434,176 | ---- | M] () -- G:\WINDOWS\system32\config\system.sav

< >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsU >

< pdate\AU >

< >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Wi >

< ndowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
< End of report >
  • 0

Advertisements

#2
Salagubang
Posted 14 September 2010 - 09:00 PM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
Hi Johonn,

Welcome to Geekstogo. My name is Salagubang and I'll be helping you with this problem. :)

I am still a trainee so all my posts will be checked by an Expert. It's your advantage that there are two people looking at your log but responses may be a little delayed so please be patient.

  • Please read all of my response through at least once before attempting to follow the procedures described. I would recommend printing them out, if you can, as you can check off each step as you complete it. If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you
  • English is not my first language, so please do not use slang or idioms, as this makes it difficult to understand for me.

I am currently reviewing your logs. Please be patient. :)
  • 0

#3
Salagubang
Posted 15 September 2010 - 05:34 PM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
Hi Johonn,

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
DRV - File not found [Kernel | Boot | Stopped] -- G:\WINDOWS\System32\drivers\lgjfcxbv.sys -- (askf)
O4 - HKCU..\Run: [YXE7DXCQ37] G:\DOCUME~1\DONOVA~1\LOCALS~1\Temp\Wqh.exe File not found
[2010/09/09 19:17:47 | 000,219,136 | ---- | C] (Don HO [email protected]) -- G:\WINDOWS\Wjyfua.exe

:Services

:Reg

:Files

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again
  • Under the Extras Registry section, ensure that Safelist is selected
  • Click the Quick Scan button. Post the OTL and Extras log it produces in your next reply.

StepTwo

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

StepThree

Please download ComboFix from one of these locations:

Bleepingcomputer
ForoSpyware
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in
  • 0

#4
johonn
Posted 18 September 2010 - 09:18 PM

johonn

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 120 posts
Thanks so much for replying! Sorry for the delay - we are pretty busy but hopefully should be able to post some more logs for you soon!
  • 0

#5
johonn
Posted 20 September 2010 - 09:01 PM

johonn

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 120 posts
Ok here we go... I have an OTL log and the TDSSkiller log. We didn't do the combofix step, cause we didn't have the program already installed and we can't get combofix to download and install it since we don't have internet connection on that machine. So here are the logs I have... I'll try to get that other one for you soon.

Here's the logs:

OTL logfile created on: 9/20/2010 9:16:48 PM - Run 3
OTL by OldTimer - Version 3.2.12.0 Folder = J:\
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 86.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): G:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = G: | %SystemRoot% = G:\WINDOWS | %ProgramFiles% = G:\Program Files
Drive C: | 465.76 Gb Total Space | 161.02 Gb Free Space | 34.57% Space Free | Partition Type: NTFS
Drive D: | 698.64 Gb Total Space | 182.84 Gb Free Space | 26.17% Space Free | Partition Type: NTFS
Drive E: | 55.83 Gb Total Space | 8.36 Gb Free Space | 14.98% Space Free | Partition Type: NTFS
Drive F: | 57.26 Gb Total Space | 56.56 Gb Free Space | 98.78% Space Free | Partition Type: NTFS
Drive G: | 152.66 Gb Total Space | 121.50 Gb Free Space | 79.58% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 970.74 Mb Total Space | 912.48 Mb Free Space | 94.00% Space Free | Partition Type: FAT32

Computer Name: DEEPWOOD
Current User Name: Donovan Gerrans
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/09/14 20:23:10 | 000,576,000 | ---- | M] (OldTimer Tools) -- J:\OTL.exe
PRC - [2010/09/07 08:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- G:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/06/01 14:53:46 | 001,093,208 | ---- | M] (Microsoft Corporation) -- G:\Program Files\Microsoft Security Essentials\msseces.exe
PRC - [2010/01/08 00:51:02 | 000,380,928 | ---- | M] (Spigot, Inc.) -- G:\Program Files\Application Updater\ApplicationUpdater.exe
PRC - [2008/05/26 22:19:14 | 000,123,904 | ---- | M] (Microsoft Corporation) -- G:\Program Files\Windows Desktop Search\WindowsSearch.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- G:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/09/14 20:23:10 | 000,576,000 | ---- | M] (OldTimer Tools) -- J:\OTL.exe
MOD - [2008/04/13 17:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- G:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- G:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/09/07 08:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- G:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/09/07 08:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- G:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/09/07 08:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Stopped] -- G:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Stopped] -- G:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- G:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/01/08 00:51:02 | 000,380,928 | ---- | M] (Spigot, Inc.) [Auto | Running] -- G:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- G:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2008/04/13 17:12:36 | 000,033,280 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- G:\WINDOWS\system32\snmp.exe -- (SNMP)
SRV - [2004/02/29 23:00:00 | 000,024,576 | ---- | M] (Oki Data Corporation) [Auto | Stopped] -- G:\WINDOWS\system32\spool\drivers\w32x86\3\OPHALDCS.EXE -- (DCSLoader)
SRV - [2002/09/03 10:06:31 | 000,019,456 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- G:\WINDOWS\system32\tcpsvcs.exe -- (LPDSVC)


========== Driver Services (SafeList) ==========

DRV - [2010/09/07 07:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- G:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/09/07 07:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- G:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/09/07 07:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand | Stopped] -- G:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/09/07 07:47:19 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- G:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/09/07 07:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- G:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/09/07 07:46:51 | 000,028,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- G:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/03/25 21:30:22 | 000,151,216 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- G:\WINDOWS\system32\drivers\MpFilter.sys -- (MpFilter)
DRV - [2009/05/09 01:14:20 | 000,014,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- G:\WINDOWS\system32\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2008/08/14 03:04:36 | 000,138,496 | ---- | M] () [Kernel | System | Stopped] -- G:\WINDOWS\System32\drivers\afd.sys -- (AFD)
DRV - [2008/06/20 04:51:12 | 000,361,600 | ---- | M] () [Kernel | System | Stopped] -- G:\WINDOWS\system32\drivers\tcpip.sys -- (Tcpip)
DRV - [2008/04/13 12:21:00 | 000,162,816 | ---- | M] () [Kernel | System | Stopped] -- G:\WINDOWS\system32\drivers\netbt.sys -- (NetBT)
DRV - [2008/04/13 11:36:38 | 000,020,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- G:\WINDOWS\system32\drivers\hidbatt.sys -- (HidBatt)
DRV - [2003/08/29 04:59:24 | 001,101,696 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- G:\WINDOWS\system32\drivers\BCMSM.sys -- (BCMModem)
DRV - [2003/04/24 16:58:00 | 001,271,706 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- G:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2001/08/22 08:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- G:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)
DRV - [2001/08/17 07:05:16 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- G:\WINDOWS\system32\drivers\OVCD.sys -- (QCDonner)
DRV - [2001/08/17 06:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- G:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - G:\Program Files\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..browser.startup.homepage: "http://en-US.start3....en-US:official"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8
FF - prefs.js..extensions.enabledItems: [email protected]:1.2.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.1.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.2.3
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.30
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10
FF - prefs.js..extensions.enabledItems: {07b2a769-ed19-4483-87ce-c643914c81bb}:3.0.0.91

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: G:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/07/26 16:39:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Components: G:\Program Files\Mozilla Firefox\components [2010/09/11 22:15:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Plugins: G:\Program Files\Mozilla Firefox\plugins [2010/09/08 14:55:33 | 000,000,000 | ---D | M]

[2010/06/14 01:39:23 | 000,000,000 | ---D | M] -- G:\Documents and Settings\Donovan Gerrans\Application Data\Mozilla\Extensions
[2010/09/09 22:21:00 | 000,000,000 | ---D | M] -- G:\Documents and Settings\Donovan Gerrans\Application Data\Mozilla\Firefox\Profiles\e7oi83pg.default\extensions
[2010/06/23 18:50:32 | 000,000,000 | ---D | M] (Vista-aero) -- G:\Documents and Settings\Donovan Gerrans\Application Data\Mozilla\Firefox\Profiles\e7oi83pg.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb}
[2010/08/31 20:02:47 | 000,000,000 | ---D | M] (FlashGot) -- G:\Documents and Settings\Donovan Gerrans\Application Data\Mozilla\Firefox\Profiles\e7oi83pg.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2010/06/30 18:26:03 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- G:\Documents and Settings\Donovan Gerrans\Application Data\Mozilla\Firefox\Profiles\e7oi83pg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/07/27 18:29:45 | 000,000,000 | ---D | M] (DownloadHelper) -- G:\Documents and Settings\Donovan Gerrans\Application Data\Mozilla\Firefox\Profiles\e7oi83pg.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/09/07 19:57:27 | 000,000,000 | ---D | M] (DownThemAll!) -- G:\Documents and Settings\Donovan Gerrans\Application Data\Mozilla\Firefox\Profiles\e7oi83pg.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010/06/24 16:41:55 | 000,000,000 | ---D | M] -- G:\Documents and Settings\Donovan Gerrans\Application Data\Mozilla\Firefox\Profiles\e7oi83pg.default\extensions\[email protected]
[2010/06/23 18:50:31 | 000,000,000 | ---D | M] (No name found) -- G:\Documents and Settings\Donovan Gerrans\Application Data\Mozilla\Firefox\Profiles\e7oi83pg.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb}\chrome\mozapps\extensions
[2010/09/09 13:54:29 | 000,000,000 | ---D | M] -- G:\Program Files\Mozilla Firefox\extensions
[2010/05/24 18:49:08 | 000,000,000 | ---D | M] (Java Console) -- G:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2004/09/27 07:52:48 | 000,000,000 | ---D | M] (Java Console) -- G:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- G:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/03/31 07:09:22 | 010,437,264 | ---- | M] (PDFTron Systems Inc.) -- G:\Program Files\Mozilla Firefox\plugins\PDFNetC.dll
[2010/04/08 09:36:02 | 000,107,760 | ---- | M] () -- G:\Program Files\Mozilla Firefox\plugins\ScorchPDFWrapper.dll

O1 HOSTS File: ([2010/09/20 21:09:12 | 000,000,098 | ---- | M]) - G:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - G:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - G:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - G:\Program Files\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - G:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (Spigot, Inc.)
O4 - HKLM..\Run: [avast5] G:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [LogonStudio] G:\Program Files\WinCustomize\LogonStudio\logonstudio.exe (Stardock and Luca Saggese)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] G:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSSE] G:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] G:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [SearchSettings] G:\Program Files\pdfforge Toolbar\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [TkBellExe] G:\Program Files\RealMedia\Update_OB\realsched.exe File not found
O4 - Startup: G:\Documents and Settings\All Users\Start Menu\Programs\Startup\OKI LPR Utility.lnk = G:\Program Files\OKIDATA\OKI LPR Utility\Okilpr.exe ()
O4 - Startup: G:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = G:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O4 - Startup: G:\Documents and Settings\Donovan Gerrans\Start Menu\Programs\Startup\ImpulseNow.lnk = G:\Program Files\Stardock\Impulse\Now\ImpulseNow.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - G:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: En&queue current page with Bulk Image Downloader - G:\Program Files\Bulk Image Downloader\iemenu\iebidqueue.htm ()
O8 - Extra context menu item: Enqueue link target with Bulk Ima&ge Downloader - G:\Program Files\Bulk Image Downloader\iemenu\iebidlinkqueue.htm ()
O8 - Extra context menu item: Open &link target with Bulk Image Downloader - G:\Program Files\Bulk Image Downloader\iemenu\iebidlink.htm ()
O8 - Extra context menu item: Open current page with Bulk I&mage Downloader - G:\Program Files\Bulk Image Downloader\iemenu\iebid.htm ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - G:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1276501468140 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: DirectAnimation Java Classes file://G:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://G:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - G:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - G:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - G:\WINDOWS\explorer.exe (Microsoft Corporation)
O22 - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - G:\Program Files\Stardock\Fences\FencesMenu.dll (Stardock)
O24 - Desktop WallPaper: G:\Documents and Settings\Donovan Gerrans\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: G:\Documents and Settings\Donovan Gerrans\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - G:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/06/13 22:56:44 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/07/29 14:54:51 | 000,000,000 | ---D | M] - D:\Autodesk Architectural Desktop 2004 -- [ NTFS ]
O32 - AutoRun File - [2006/10/29 11:41:34 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/09/14 21:01:55 | 000,165,584 | ---- | C] (AVAST Software) -- G:\WINDOWS\System32\drivers\aswSP.sys
[2010/09/14 21:01:55 | 000,017,744 | ---- | C] (AVAST Software) -- G:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/09/14 21:01:53 | 000,023,376 | ---- | C] (AVAST Software) -- G:\WINDOWS\System32\drivers\aswRdr.sys
[2010/09/14 21:01:51 | 000,046,672 | ---- | C] (AVAST Software) -- G:\WINDOWS\System32\drivers\aswTdi.sys
[2010/09/14 21:01:48 | 000,100,176 | ---- | C] (AVAST Software) -- G:\WINDOWS\System32\drivers\aswmon2.sys
[2010/09/14 21:01:48 | 000,094,544 | ---- | C] (AVAST Software) -- G:\WINDOWS\System32\drivers\aswmon.sys
[2010/09/14 21:01:48 | 000,028,880 | ---- | C] (AVAST Software) -- G:\WINDOWS\System32\drivers\aavmker4.sys
[2010/09/14 21:01:07 | 000,038,848 | ---- | C] (AVAST Software) -- G:\WINDOWS\avastSS.scr
[2010/09/14 21:01:06 | 000,167,592 | ---- | C] (AVAST Software) -- G:\WINDOWS\System32\aswBoot.exe
[2010/09/14 20:35:00 | 000,000,000 | -HSD | C] -- G:\Documents and Settings\Donovan Gerrans\IECompatCache
[2010/09/12 08:40:01 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- G:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/09/12 08:40:00 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- G:\WINDOWS\System32\drivers\mbam.sys
[2010/09/11 22:35:32 | 000,000,000 | ---D | C] -- G:\WINDOWS\ERDNT
[2010/09/11 22:34:56 | 000,000,000 | ---D | C] -- G:\Program Files\ERUNT
[2010/09/10 22:12:04 | 000,000,000 | ---D | C] -- G:\Documents and Settings\Donovan Gerrans\Local Settings\Application Data\PCHealth
[2010/09/02 22:55:37 | 000,000,000 | ---D | C] -- G:\Documents and Settings\Donovan Gerrans\Application Data\ArcSoft
[2010/09/02 21:03:09 | 000,000,000 | ---D | C] -- G:\Documents and Settings\Donovan Gerrans\Application Data\Thinstall
[2010/08/16 22:07:24 | 000,000,000 | ---D | C] -- G:\Documents and Settings\All Users\Application Data\SlySoft
[2010/08/16 22:05:33 | 000,000,000 | ---D | C] -- G:\Program Files\SlySoft
[2010/07/30 19:53:14 | 000,000,000 | ---D | C] -- G:\Program Files\DCoder Image Source
[2010/07/30 19:53:01 | 000,000,000 | ---D | C] -- G:\Program Files\FFMPEG Core Files
[2010/07/30 19:52:51 | 000,000,000 | ---D | C] -- G:\Program Files\SHOUTcast Source
[2010/07/30 19:52:50 | 000,000,000 | ---D | C] -- G:\Program Files\MONOGRAM AMR SplitterDecoder
[2010/07/30 19:52:48 | 000,000,000 | ---D | C] -- G:\Program Files\CD Audio Reader Filter
[2010/07/30 19:52:47 | 000,000,000 | ---D | C] -- G:\Program Files\OpenSource AVI Splitter
[2010/07/30 19:52:45 | 000,000,000 | ---D | C] -- G:\Program Files\Gabest MPEG Splitter
[2010/07/30 19:52:43 | 000,000,000 | ---D | C] -- G:\Program Files\OpenSource DTSAC3DD+ Source Filter
[2010/07/30 19:52:35 | 000,000,000 | ---D | C] -- G:\Program Files\RealMedia
[2010/07/30 19:52:14 | 000,000,000 | ---D | C] -- G:\Program Files\DScaler5
[2010/07/30 19:52:07 | 000,000,000 | ---D | C] -- G:\Program Files\AC3Filter
[2010/07/30 19:51:55 | 000,000,000 | ---D | C] -- G:\Program Files\OpenSource Flash Video Splitter
[2010/07/30 19:51:51 | 000,000,000 | ---D | C] -- G:\Program Files\DirectVobSub
[2010/07/30 19:51:46 | 000,000,000 | ---D | C] -- G:\Program Files\Haali
[2010/07/30 19:51:32 | 000,000,000 | ---D | C] -- G:\Program Files\Bass Audio Decoder
[2010/07/30 19:51:03 | 000,000,000 | ---D | C] -- G:\Program Files\ffdshow
[2010/07/30 18:21:27 | 000,000,000 | ---D | C] -- G:\Documents and Settings\Donovan Gerrans\Application Data\HpUpdate
[2010/07/30 18:21:25 | 000,000,000 | ---D | C] -- G:\WINDOWS\Hewlett-Packard
[2010/07/30 13:17:58 | 000,000,000 | ---D | C] -- G:\Documents and Settings\Donovan Gerrans\Application Data\Google
[2010/07/26 16:39:11 | 000,000,000 | ---D | C] -- G:\Program Files\Common Files\xing shared
[2010/07/26 16:38:45 | 000,000,000 | ---D | C] -- G:\Program Files\Real
[2010/07/26 16:38:44 | 000,000,000 | ---D | C] -- G:\Program Files\Common Files\Real
[2010/07/26 16:38:44 | 000,000,000 | ---D | C] -- G:\Documents and Settings\All Users\Application Data\Real
[2010/07/26 16:38:42 | 000,000,000 | ---D | C] -- G:\Documents and Settings\Donovan Gerrans\Application Data\Real
[2010/07/26 16:35:03 | 000,000,000 | ---D | C] -- G:\Program Files\iPod
[2010/07/16 18:06:35 | 000,000,000 | ---D | C] -- G:\WINDOWS\Sun
[2010/07/16 18:06:28 | 000,000,000 | ---D | C] -- G:\Documents and Settings\All Users\Application Data\Sun
[2010/07/16 18:02:48 | 000,000,000 | ---D | C] -- G:\Documents and Settings\Donovan Gerrans\Application Data\Sun
[2010/07/12 20:41:09 | 000,000,000 | ---D | C] -- G:\Documents and Settings\All Users\Documents\microsoft
[2010/07/12 20:40:00 | 000,000,000 | ---D | C] -- G:\Program Files\MSECache
[2010/07/09 15:55:53 | 000,000,000 | ---D | C] -- G:\WINDOWS\Minidump
[2010/07/09 03:00:24 | 000,000,000 | ---D | C] -- G:\Program Files\MSXML 4.0
[2010/07/07 21:48:32 | 000,000,000 | ---D | C] -- G:\Documents and Settings\Donovan Gerrans\Application Data\HP
[2010/07/07 21:37:27 | 000,000,000 | ---D | C] -- G:\Program Files\Common Files\HP
[2010/07/07 21:36:06 | 000,000,000 | ---D | C] -- G:\Documents and Settings\All Users\Application Data\HP Product Assistant
[2010/07/07 21:36:05 | 000,000,000 | ---D | C] -- G:\Documents and Settings\All Users\Application Data\HP
[2010/07/07 21:35:06 | 000,000,000 | ---D | C] -- G:\Program Files\Common Files\Hewlett-Packard
[2010/07/07 21:35:05 | 000,000,000 | ---D | C] -- G:\Program Files\Hewlett-Packard
[2010/07/07 21:34:25 | 000,000,000 | ---D | C] -- G:\Program Files\HP
[2010/07/06 14:46:36 | 000,000,000 | ---D | C] -- G:\Documents and Settings\Donovan Gerrans\Application Data\Search Settings
[2010/07/06 14:46:34 | 000,000,000 | ---D | C] -- G:\Documents and Settings\Donovan Gerrans\Application Data\pdfforge
[2010/07/06 14:20:39 | 000,000,000 | ---D | C] -- G:\Program Files\Application Updater
[2010/07/06 14:20:38 | 000,000,000 | ---D | C] -- G:\Program Files\pdfforge Toolbar
[2010/07/06 14:20:05 | 000,000,000 | ---D | C] -- G:\Program Files\PDFCreator
[2010/07/01 21:52:08 | 000,000,000 | ---D | C] -- G:\spoolerlogs
[2010/06/29 22:21:44 | 000,000,000 | ---D | C] -- G:\Documents and Settings\Donovan Gerrans\Local Settings\Application Data\Aston2
[2010/06/29 22:21:44 | 000,000,000 | ---D | C] -- G:\Documents and Settings\Donovan Gerrans\Application Data\Aston2
[2010/06/29 21:58:57 | 000,012,288 | ---- | C] (Oki Data Corporation) -- G:\WINDOWS\System32\okComDLL.dll
[2010/06/29 21:58:56 | 000,245,760 | ---- | C] (Oki Data Corporation) -- G:\WINDOWS\System32\OkDrtPrn.exe
[2010/06/29 21:58:56 | 000,126,976 | ---- | C] (Oki Data Corporation) -- G:\WINDOWS\System32\OkDrtPrn.dll
[2010/06/29 21:58:56 | 000,012,288 | ---- | C] (Oki Data Corporation) -- G:\WINDOWS\System32\fxComDLL.dll
[2010/06/29 21:58:56 | 000,012,288 | ---- | C] (Oki Data Corporation) -- G:\WINDOWS\System32\efComDLL.dll
[2010/06/29 21:58:30 | 000,102,400 | ---- | C] (Oki Data Corporation) -- G:\WINDOWS\System32\opnetext.dll
[2010/06/29 21:58:05 | 000,086,016 | ---- | C] (Oki Data Corporation) -- G:\WINDOWS\System32\oklpinst.dll
[2010/06/29 21:58:05 | 000,040,960 | ---- | C] (Oki Data Corporation) -- G:\WINDOWS\System32\oklprrsc.dll
[2010/06/29 21:58:05 | 000,023,552 | ---- | C] (Oki Data Corporation) -- G:\WINDOWS\System32\oklprmon.dll
[2010/06/29 21:48:16 | 000,000,000 | ---D | C] -- G:\Documents and Settings\Donovan Gerrans\OkiData
[2010/06/29 21:43:11 | 000,000,000 | ---D | C] -- G:\Documents and Settings\Donovan Gerrans\Application Data\InstallShield
[2010/06/29 21:36:18 | 000,000,000 | ---D | C] -- G:\Program Files\PhotoZoom Pro 3
[2010/06/29 16:48:18 | 000,000,000 | ---D | C] -- G:\Program Files\WinCustomize
[2010/06/29 16:48:18 | 000,000,000 | ---D | C] -- G:\Program Files\Common Files\Stardock
[2010/06/28 19:10:40 | 000,000,000 | ---D | C] -- G:\Program Files\PowerZip
[2010/06/28 18:25:54 | 000,000,000 | ---D | C] -- G:\Documents and Settings\Donovan Gerrans\Application Data\Windows Search
[2010/06/27 21:30:12 | 000,000,000 | ---D | C] -- G:\Documents and Settings\Donovan Gerrans\Local Settings\Application Data\Kolor
[2010/06/27 21:14:24 | 000,000,000 | ---D | C] -- G:\Program Files\Kolor
[2010/06/27 21:09:58 | 000,000,000 | ---D | C] -- G:\Program Files\MosaicCreator
[2010/06/27 06:56:20 | 000,000,000 | ---D | C] -- G:\Documents and Settings\Donovan Gerrans\Application Data\BID
[2010/06/27 05:45:05 | 000,000,000 | R--D | C] -- G:\Documents and Settings\Donovan Gerrans\My Documents\My Videos
[2010/06/27 05:45:05 | 000,000,000 | R--D | C] -- G:\Documents and Settings\All Users\Documents\My Videos
[2010/06/25 20:53:26 | 000,000,000 | ---D | C] -- G:\Program Files\Windows Media Connect 2
[2010/06/25 20:50:47 | 000,000,000 | ---D | C] -- G:\Documents and Settings\All Users\Application Data\xml_param
[2010/06/25 20:49:23 | 000,000,000 | ---D | C] -- G:\WINDOWS\System32\drivers\UMDF
[2010/06/25 20:49:23 | 000,000,000 | ---D | C] -- G:\WINDOWS\System32\LogFiles
[2010/06/25 20:43:49 | 000,000,000 | ---D | C] -- G:\WINDOWS\XSxS
[2010/06/25 20:43:49 | 000,000,000 | ---D | C] -- G:\Program Files\Xenocode
[2010/06/25 20:43:49 | 000,000,000 | ---D | C] -- G:\Documents and Settings\Donovan Gerrans\Local Settings\Application Data\Xenocode
[2010/06/24 20:16:03 | 000,000,000 | ---D | C] -- G:\Program Files\Intel
[2010/06/24 17:31:50 | 000,090,112 | R--- | C] (Okidata Corporation) -- G:\WINDOWS\System32\OPDMN014.DLL
[2010/06/24 17:31:50 | 000,069,632 | R--- | C] (Oki Data Corporation) -- G:\WINDOWS\System32\OPUSB010.DLL
[2010/06/24 17:31:50 | 000,065,536 | R--- | C] (Oki Data Corporation) -- G:\WINDOWS\System32\OPM01LOC.DLL
[2010/06/24 17:31:50 | 000,057,344 | R--- | C] (Oki Data Corporation) -- G:\WINDOWS\System32\OPSLD010.DLL
[2010/06/24 17:31:50 | 000,049,152 | R--- | C] (Okidata Corporation) -- G:\WINDOWS\System32\OPS01LOC.DLL
[2010/06/24 17:31:50 | 000,045,132 | R--- | C] (Oki Data Corporation) -- G:\WINDOWS\System32\OPCLB012.DLL
[2010/06/24 17:31:50 | 000,040,960 | R--- | C] (Oki Data Corporation) -- G:\WINDOWS\System32\OPDVA012.DLL
[2010/06/23 22:21:21 | 000,065,536 | R--- | C] (Oki Data Corporation) -- G:\WINDOWS\System32\OPEXTUAC.DLL
[2010/06/23 22:21:21 | 000,053,248 | R--- | C] (Oki Data Corporation) -- G:\WINDOWS\System32\OPUSBEXT.DLL
[2010/06/23 22:21:21 | 000,040,960 | ---- | C] (Oki Data Corporation) -- G:\WINDOWS\System32\OKLMON32.DLL

========== Files - Modified Within 90 Days ==========

[2010/09/20 21:12:04 | 000,000,024 | ---- | M] () -- G:\WINDOWS\LogonStudio.ini
[2010/09/20 21:10:21 | 000,002,048 | --S- | M] () -- G:\WINDOWS\bootstat.dat
[2010/09/20 21:09:22 | 007,077,888 | ---- | M] () -- G:\Documents and Settings\Donovan Gerrans\ntuser.dat
[2010/09/20 21:09:22 | 000,000,178 | -HS- | M] () -- G:\Documents and Settings\Donovan Gerrans\ntuser.ini
[2010/09/20 21:09:12 | 000,000,098 | ---- | M] () -- G:\WINDOWS\System32\drivers\etc\Hosts
[2010/09/14 21:01:56 | 000,001,710 | ---- | M] () -- G:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/09/14 21:01:49 | 000,002,626 | ---- | M] () -- G:\WINDOWS\System32\CONFIG.NT
[2010/09/14 19:25:09 | 000,002,206 | ---- | M] () -- G:\WINDOWS\System32\wpa.dbl
[2010/09/12 08:40:03 | 000,000,724 | ---- | M] () -- G:\Documents and Settings\Donovan Gerrans\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2010/09/12 08:40:03 | 000,000,706 | ---- | M] () -- G:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/12 07:51:07 | 000,000,006 | -H-- | M] () -- G:\WINDOWS\tasks\SA.DAT
[2010/09/12 07:37:00 | 000,000,308 | -H-- | M] () -- G:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010/09/12 07:26:05 | 000,000,904 | ---- | M] () -- G:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/09/12 02:05:02 | 000,000,408 | -H-- | M] () -- G:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/09/11 22:34:58 | 000,000,621 | ---- | M] () -- G:\Documents and Settings\Donovan Gerrans\Desktop\NTREGOPT.lnk
[2010/09/11 22:34:58 | 000,000,602 | ---- | M] () -- G:\Documents and Settings\Donovan Gerrans\Desktop\ERUNT.lnk
[2010/09/11 22:32:41 | 000,000,298 | ---- | M] () -- G:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-507921405-362288127-682003330-1004.job
[2010/09/11 22:32:19 | 000,000,900 | ---- | M] () -- G:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/09/10 19:06:20 | 000,002,461 | ---- | M] () -- G:\Documents and Settings\Donovan Gerrans\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Publisher 2007.lnk
[2010/09/10 19:05:11 | 000,002,539 | ---- | M] () -- G:\Documents and Settings\Donovan Gerrans\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook 2007.lnk
[2010/09/10 03:19:34 | 000,194,560 | ---- | M] () -- G:\Documents and Settings\Donovan Gerrans\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/09 22:22:50 | 000,000,306 | ---- | M] () -- G:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-507921405-362288127-682003330-1004.job
[2010/09/09 16:01:36 | 000,002,541 | ---- | M] () -- G:\Documents and Settings\Donovan Gerrans\Application Data\Microsoft\Internet Explorer\Quick Launch\Jasc Paint Shop Pro 9.lnk
[2010/09/07 08:12:17 | 000,038,848 | ---- | M] (AVAST Software) -- G:\WINDOWS\avastSS.scr
[2010/09/07 08:11:54 | 000,167,592 | ---- | M] (AVAST Software) -- G:\WINDOWS\System32\aswBoot.exe
[2010/09/07 07:52:25 | 000,046,672 | ---- | M] (AVAST Software) -- G:\WINDOWS\System32\drivers\aswTdi.sys
[2010/09/07 07:52:03 | 000,165,584 | ---- | M] (AVAST Software) -- G:\WINDOWS\System32\drivers\aswSP.sys
[2010/09/07 07:47:46 | 000,023,376 | ---- | M] (AVAST Software) -- G:\WINDOWS\System32\drivers\aswRdr.sys
[2010/09/07 07:47:19 | 000,100,176 | ---- | M] (AVAST Software) -- G:\WINDOWS\System32\drivers\aswmon2.sys
[2010/09/07 07:47:16 | 000,094,544 | ---- | M] (AVAST Software) -- G:\WINDOWS\System32\drivers\aswmon.sys
[2010/09/07 07:47:07 | 000,017,744 | ---- | M] (AVAST Software) -- G:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/09/07 07:46:51 | 000,028,880 | ---- | M] (AVAST Software) -- G:\WINDOWS\System32\drivers\aavmker4.sys
[2010/09/03 04:20:50 | 000,000,664 | ---- | M] () -- G:\WINDOWS\System32\d3d9caps.dat
[2010/09/02 22:56:05 | 000,000,863 | ---- | M] () -- G:\Documents and Settings\Donovan Gerrans\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to PMK.exe.lnk
[2010/08/31 20:28:45 | 000,088,596 | ---- | M] () -- G:\Documents and Settings\Donovan Gerrans\My Documents\Photo of Gerrans, the Villa...tif
[2010/08/22 08:54:32 | 004,316,946 | -H-- | M] () -- G:\Documents and Settings\Donovan Gerrans\Local Settings\Application Data\IconCache.db
[2010/08/21 20:39:30 | 000,001,739 | ---- | M] () -- G:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/08/16 22:31:16 | 001,175,136 | ---- | M] () -- G:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/16 22:29:02 | 000,001,374 | ---- | M] () -- G:\WINDOWS\imsins.BAK
[2010/08/16 22:26:24 | 000,523,720 | ---- | M] () -- G:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/16 22:26:24 | 000,457,646 | ---- | M] () -- G:\WINDOWS\System32\perfh009.dat
[2010/08/16 22:26:24 | 000,075,882 | ---- | M] () -- G:\WINDOWS\System32\perfc009.dat
[2010/07/30 18:57:19 | 000,000,050 | ---- | M] () -- G:\WINDOWS\cdplayer.ini
[2010/07/30 17:15:57 | 000,000,054 | ---- | M] () -- G:\WINDOWS\JascCmdFile.INI
[2010/07/26 16:35:35 | 000,001,804 | ---- | M] () -- G:\Documents and Settings\Donovan Gerrans\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2010/07/26 16:35:35 | 000,001,804 | ---- | M] () -- G:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/07/26 11:42:02 | 000,000,284 | ---- | M] () -- G:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/07/14 03:02:17 | 000,002,555 | ---- | M] () -- G:\Documents and Settings\Donovan Gerrans\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Access 2007.lnk
[2010/07/07 21:43:01 | 000,127,757 | ---- | M] () -- G:\WINDOWS\hpgins23.dat.temp
[2010/07/07 21:43:01 | 000,127,757 | ---- | M] () -- G:\WINDOWS\hpgins23.dat
[2010/07/07 21:37:27 | 000,001,897 | ---- | M] () -- G:\Documents and Settings\All Users\Desktop\HP Photosmart Essential.lnk
[2010/07/07 21:36:22 | 000,000,994 | ---- | M] () -- G:\Documents and Settings\Donovan Gerrans\Application Data\Microsoft\Internet Explorer\Quick Launch\HP Solution Center.lnk
[2010/07/07 21:36:22 | 000,000,994 | ---- | M] () -- G:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk
[2010/07/06 14:20:14 | 000,000,734 | ---- | M] () -- G:\Documents and Settings\Donovan Gerrans\Application Data\Microsoft\Internet Explorer\Quick Launch\PDFCreator.lnk
[2010/07/04 19:23:29 | 000,002,491 | ---- | M] () -- G:\Documents and Settings\Donovan Gerrans\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2007.lnk
[2010/07/02 17:55:05 | 000,427,920 | ---- | M] () -- G:\Documents and Settings\Donovan Gerrans\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/07/01 21:47:05 | 000,000,106 | ---- | M] () -- G:\WINDOWS\OPHA.ini
[2010/07/01 21:45:16 | 000,017,468 | ---- | M] () -- G:\WINDOWS\System32\OPC5150N.cah
[2010/07/01 21:28:14 | 000,000,216 | ---- | M] () -- G:\WINDOWS\OPPB.INI
[2010/06/29 22:21:39 | 000,000,676 | ---- | M] () -- G:\Documents and Settings\Donovan Gerrans\Desktop\Aston2.lnk
[2010/06/29 21:58:06 | 000,001,651 | ---- | M] () -- G:\Documents and Settings\All Users\Start Menu\Programs\Startup\OKI LPR Utility.lnk
[2010/06/29 21:57:05 | 000,017,780 | ---- | M] () -- G:\WINDOWS\System32\OP8800.cah
[2010/06/29 21:57:05 | 000,013,332 | ---- | M] () -- G:\WINDOWS\System32\OPPB_M00.cah
[2010/06/29 21:36:30 | 000,001,442 | ---- | M] () -- G:\WINDOWS\cnzsdw-m64.ini
[2010/06/29 21:36:22 | 000,000,778 | ---- | M] () -- G:\Documents and Settings\Donovan Gerrans\Desktop\PhotoZoom Pro 3.lnk
[2010/06/27 21:25:34 | 000,000,893 | ---- | M] () -- G:\Documents and Settings\Donovan Gerrans\Application Data\Microsoft\Internet Explorer\Quick Launch\Autopano Giga 2.lnk
[2010/06/26 18:44:24 | 000,000,810 | ---- | M] () -- G:\Documents and Settings\Donovan Gerrans\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/06/26 03:16:44 | 000,023,392 | ---- | M] () -- G:\WINDOWS\System32\nscompat.tlb
[2010/06/26 03:16:44 | 000,016,832 | ---- | M] () -- G:\WINDOWS\System32\amcompat.tlb
[2010/06/25 20:54:47 | 000,000,592 | ---- | M] () -- G:\WINDOWS\win.ini
[2010/06/25 20:50:23 | 000,316,640 | ---- | M] () -- G:\WINDOWS\WMSysPr9.prx
[2010/06/25 20:49:25 | 000,000,000 | -H-- | M] () -- G:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2010/06/24 17:52:40 | 000,034,640 | ---- | M] () -- G:\WINDOWS\System32\OPHA_M00.cah

========== Files Created - No Company Name ==========

[2010/09/14 21:01:56 | 000,001,710 | ---- | C] () -- G:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/09/12 08:45:19 | 000,127,757 | ---- | C] () -- G:\WINDOWS\hpgins23.dat.temp
[2010/09/12 08:45:19 | 000,000,280 | ---- | C] () -- G:\WINDOWS\hpgmdl23.dat.temp
[2010/09/12 08:40:03 | 000,000,724 | ---- | C] () -- G:\Documents and Settings\Donovan Gerrans\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2010/09/12 08:40:03 | 000,000,706 | ---- | C] () -- G:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/11 22:34:58 | 000,000,621 | ---- | C] () -- G:\Documents and Settings\Donovan Gerrans\Desktop\NTREGOPT.lnk
[2010/09/11 22:34:58 | 000,000,602 | ---- | C] () -- G:\Documents and Settings\Donovan Gerrans\Desktop\ERUNT.lnk
[2010/09/09 19:17:38 | 000,000,308 | -H-- | C] () -- G:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010/09/07 19:08:33 | 000,001,804 | ---- | C] () -- G:\Documents and Settings\Donovan Gerrans\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2010/09/02 22:56:05 | 000,000,863 | ---- | C] () -- G:\Documents and Settings\Donovan Gerrans\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to PMK.exe.lnk
[2010/08/31 20:28:43 | 000,088,596 | ---- | C] () -- G:\Documents and Settings\Donovan Gerrans\My Documents\Photo of Gerrans, the Villa...tif
[2010/08/21 20:39:30 | 000,001,739 | ---- | C] () -- G:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/07/30 19:52:08 | 000,497,664 | ---- | C] () -- G:\WINDOWS\System32\ac3filter.acm
[2010/07/30 19:51:06 | 000,000,547 | ---- | C] () -- G:\WINDOWS\System32\ff_vfw.dll.manifest
[2010/07/30 19:51:05 | 000,085,504 | ---- | C] () -- G:\WINDOWS\System32\ff_vfw.dll
[2010/07/30 18:57:18 | 000,000,050 | ---- | C] () -- G:\WINDOWS\cdplayer.ini
[2010/07/26 16:39:40 | 000,000,298 | ---- | C] () -- G:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-507921405-362288127-682003330-1004.job
[2010/07/26 16:39:38 | 000,000,306 | ---- | C] () -- G:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-507921405-362288127-682003330-1004.job
[2010/07/26 16:35:35 | 000,001,804 | ---- | C] () -- G:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/07/19 22:07:19 | 000,000,664 | ---- | C] () -- G:\WINDOWS\System32\d3d9caps.dat
[2010/07/07 21:48:23 | 000,000,994 | ---- | C] () -- G:\Documents and Settings\Donovan Gerrans\Application Data\Microsoft\Internet Explorer\Quick Launch\HP Solution Center.lnk
[2010/07/07 21:37:27 | 000,001,897 | ---- | C] () -- G:\Documents and Settings\All Users\Desktop\HP Photosmart Essential.lnk
[2010/07/07 21:36:22 | 000,000,994 | ---- | C] () -- G:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk
[2010/07/07 21:32:01 | 000,004,480 | ---- | C] () -- G:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2010/07/07 21:31:59 | 000,127,757 | ---- | C] () -- G:\WINDOWS\hpgins23.dat
[2010/07/07 21:31:59 | 000,000,280 | ---- | C] () -- G:\WINDOWS\hpgmdl23.dat
[2010/07/06 19:57:08 | 000,000,054 | ---- | C] () -- G:\WINDOWS\JascCmdFile.INI
[2010/07/06 14:20:13 | 000,000,734 | ---- | C] () -- G:\Documents and Settings\Donovan Gerrans\Application Data\Microsoft\Internet Explorer\Quick Launch\PDFCreator.lnk
[2010/07/06 14:20:08 | 000,116,224 | ---- | C] () -- G:\WINDOWS\System32\pdfcmnnt.dll
[2010/07/01 21:47:05 | 000,000,106 | ---- | C] () -- G:\WINDOWS\OPHA.ini
[2010/06/29 22:21:39 | 000,000,676 | ---- | C] () -- G:\Documents and Settings\Donovan Gerrans\Desktop\Aston2.lnk
[2010/06/29 21:58:56 | 000,032,768 | R--- | C] () -- G:\WINDOWS\System32\OkDPnRes.dll
[2010/06/29 21:58:56 | 000,025,468 | R--- | C] () -- G:\WINDOWS\System32\OKDRTPRN.HLP
[2010/06/29 21:58:56 | 000,000,121 | R--- | C] () -- G:\WINDOWS\System32\OkDrtPrn.cnt
[2010/06/29 21:58:30 | 000,010,245 | ---- | C] () -- G:\WINDOWS\System32\OPNETEXT.HLP
[2010/06/29 21:58:30 | 000,003,036 | ---- | C] () -- G:\WINDOWS\System32\opnedef.str
[2010/06/29 21:58:30 | 000,000,131 | ---- | C] () -- G:\WINDOWS\System32\opnetext.cnt
[2010/06/29 21:58:30 | 000,000,000 | ---- | C] () -- G:\WINDOWS\System32\opnetext.gid
[2010/06/29 21:58:06 | 000,001,651 | ---- | C] () -- G:\Documents and Settings\All Users\Start Menu\Programs\Startup\OKI LPR Utility.lnk
[2010/06/29 21:57:05 | 000,017,780 | ---- | C] () -- G:\WINDOWS\System32\OP8800.cah
[2010/06/29 21:57:05 | 000,013,332 | ---- | C] () -- G:\WINDOWS\System32\OPPB_M00.cah
[2010/06/29 21:57:05 | 000,000,216 | ---- | C] () -- G:\WINDOWS\OPPB.INI
[2010/06/29 21:44:11 | 007,077,888 | ---- | C] () -- G:\Documents and Settings\Donovan Gerrans\ntuser.dat
[2010/06/29 21:36:30 | 000,001,442 | ---- | C] () -- G:\WINDOWS\cnzsdw-m64.ini
[2010/06/29 21:36:22 | 000,000,778 | ---- | C] () -- G:\Documents and Settings\Donovan Gerrans\Desktop\PhotoZoom Pro 3.lnk
[2010/06/29 16:49:49 | 000,000,024 | ---- | C] () -- G:\WINDOWS\LogonStudio.ini
[2010/06/29 16:48:19 | 000,187,392 | ---- | C] () -- G:\WINDOWS\System32\JPGUtils.dll
[2010/06/27 21:14:27 | 000,000,893 | ---- | C] () -- G:\Documents and Settings\Donovan Gerrans\Application Data\Microsoft\Internet Explorer\Quick Launch\Autopano Giga 2.lnk
[2010/06/25 20:49:25 | 000,000,000 | -H-- | C] () -- G:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2010/06/24 17:52:40 | 000,034,640 | ---- | C] () -- G:\WINDOWS\System32\OPHA_M00.cah
[2010/06/24 17:52:40 | 000,017,468 | ---- | C] () -- G:\WINDOWS\System32\OPC5150N.cah
[2010/06/19 21:25:45 | 000,194,560 | ---- | C] () -- G:\Documents and Settings\Donovan Gerrans\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/14 00:22:45 | 000,012,288 | ---- | C] () -- G:\WINDOWS\System32\e100bmsg.dll
[2010/06/13 23:42:37 | 000,001,793 | ---- | C] () -- G:\WINDOWS\System32\fxsperf.ini
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- G:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- G:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- G:\WINDOWS\System32\gthrctr.ini
[2005/12/21 01:39:34 | 000,012,288 | R--- | C] () -- G:\WINDOWS\System32\hpnvr82.dll
[2002/09/03 10:06:26 | 000,361,600 | ---- | C] () -- G:\WINDOWS\System32\drivers\tcpip.sys
[2002/09/03 09:47:40 | 000,162,816 | ---- | C] () -- G:\WINDOWS\System32\drivers\netbt.sys
[2002/09/03 09:27:01 | 000,138,496 | ---- | C] () -- G:\WINDOWS\System32\drivers\afd.sys

========== LOP Check ==========

[2010/06/14 01:15:32 | 000,000,000 | ---D | M] -- G:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/08/16 22:07:24 | 000,000,000 | ---D | M] -- G:\Documents and Settings\All Users\Application Data\SlySoft
[2010/06/15 06:28:22 | 000,000,000 | ---D | M] -- G:\Documents and Settings\All Users\Application Data\Stardock
[2010/06/26 03:03:54 | 000,000,000 | ---D | M] -- G:\Documents and Settings\All Users\Application Data\xml_param
[2010/06/15 17:55:02 | 000,000,000 | ---D | M] -- G:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/06/15 22:04:44 | 000,000,000 | -H-D | M] -- G:\Documents and Settings\All Users\Application Data\{A87EB928-0C6C-4071-AEF1-59E32BAEDF1B}
[2010/06/30 21:08:29 | 000,000,000 | ---D | M] -- G:\Documents and Settings\Donovan Gerrans\Application Data\Aston2
[2010/06/29 22:31:46 | 000,000,000 | ---D | M] -- G:\Documents and Settings\Donovan Gerrans\Application Data\Azureus
[2010/07/17 20:48:53 | 000,000,000 | ---D | M] -- G:\Documents and Settings\Donovan Gerrans\Application Data\BID
[2010/07/06 14:46:34 | 000,000,000 | ---D | M] -- G:\Documents and Settings\Donovan Gerrans\Application Data\pdfforge
[2010/07/06 14:46:36 | 000,000,000 | ---D | M] -- G:\Documents and Settings\Donovan Gerrans\Application Data\Search Settings
[2010/06/15 06:29:07 | 000,000,000 | ---D | M] -- G:\Documents and Settings\Donovan Gerrans\Application Data\Stardock
[2010/09/02 21:03:09 | 000,000,000 | ---D | M] -- G:\Documents and Settings\Donovan Gerrans\Application Data\Thinstall
[2010/06/15 22:32:43 | 000,000,000 | ---D | M] -- G:\Documents and Settings\Donovan Gerrans\Application Data\Windows Desktop Search
[2010/06/28 18:25:54 | 000,000,000 | ---D | M] -- G:\Documents and Settings\Donovan Gerrans\Application Data\Windows Search
[2010/09/12 02:05:02 | 000,000,408 | -H-- | M] () -- G:\WINDOWS\Tasks\MP Scheduled Scan.job
[2010/09/12 07:37:00 | 000,000,308 | -H-- | M] () -- G:\WINDOWS\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job

========== Purity Check ==========


< End of report >



2010/09/20 21:22:40.0406 TDSS rootkit removing tool 2.4.2.1 Sep 7 2010 14:43:44
2010/09/20 21:22:40.0406 ================================================================================
2010/09/20 21:22:40.0406 SystemInfo:
2010/09/20 21:22:40.0406
2010/09/20 21:22:40.0406 OS Version: 5.1.2600 ServicePack: 3.0
2010/09/20 21:22:40.0406 Product type: Workstation
2010/09/20 21:22:40.0406 ComputerName: DEEPWOOD
2010/09/20 21:22:40.0406 UserName: Donovan Gerrans
2010/09/20 21:22:40.0406 Windows directory: G:\WINDOWS
2010/09/20 21:22:40.0406 System windows directory: G:\WINDOWS
2010/09/20 21:22:40.0406 Processor architecture: Intel x86
2010/09/20 21:22:40.0406 Number of processors: 1
2010/09/20 21:22:40.0406 Page size: 0x1000
2010/09/20 21:22:40.0406 Boot type: Normal boot
2010/09/20 21:22:40.0406 ================================================================================
2010/09/20 21:22:41.0000 Initialize success
2010/09/20 21:22:49.0687 ================================================================================
2010/09/20 21:22:49.0687 Scan started
2010/09/20 21:22:49.0687 Mode: Manual;
2010/09/20 21:22:49.0687 ================================================================================
2010/09/20 21:22:50.0218 Aavmker4 (8d488938e2f7048906f1fbd3af394887) G:\WINDOWS\system32\drivers\Aavmker4.sys
2010/09/20 21:22:50.0390 ACPI (8fd99680a539792a30e97944fdaecf17) G:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/09/20 21:22:50.0453 ACPIEC (9859c0f6936e723e4892d7141b1327d5) G:\WINDOWS\system32\drivers\ACPIEC.sys
2010/09/20 21:22:50.0609 aeaudio (11c04b17ed2abbb4833694bcd644ac90) G:\WINDOWS\system32\drivers\aeaudio.sys
2010/09/20 21:22:50.0703 aec (8bed39e3c35d6a489438b8141717a557) G:\WINDOWS\system32\drivers\aec.sys
2010/09/20 21:22:50.0781 AFD (65408d8f728f5abd9e154d08cf4fbaf0) G:\WINDOWS\System32\drivers\afd.sys
2010/09/20 21:22:50.0796 Suspicious file (Forged): G:\WINDOWS\System32\drivers\afd.sys. Real md5: 65408d8f728f5abd9e154d08cf4fbaf0, Fake md5: 409e5e11cecf38f14a2ef4a4e98f20d5
2010/09/20 21:22:50.0796 AFD - detected Forged file (1)
2010/09/20 21:22:50.0859 agp440 (08fd04aa961bdc77fb983f328334e3d7) G:\WINDOWS\system32\DRIVERS\agp440.sys
2010/09/20 21:22:51.0296 aswFsBlk (a0d86b8ac93ef95620420c7a24ac5344) G:\WINDOWS\system32\drivers\aswFsBlk.sys
2010/09/20 21:22:51.0375 aswMon2 (7d880c76a285a41284d862e2d798ec0d) G:\WINDOWS\system32\drivers\aswMon2.sys
2010/09/20 21:22:51.0437 aswRdr (69823954bbd461a73d69774928c9737e) G:\WINDOWS\system32\drivers\aswRdr.sys
2010/09/20 21:22:51.0515 aswSP (7ecc2776638b04553f9a85bd684c3abf) G:\WINDOWS\system32\drivers\aswSP.sys
2010/09/20 21:22:51.0593 aswTdi (095ed820a926aa8189180b305e1bcfc9) G:\WINDOWS\system32\drivers\aswTdi.sys
2010/09/20 21:22:51.0671 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) G:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/09/20 21:22:51.0765 atapi (9f3a2f5aa6875c72bf062c712cfa2674) G:\WINDOWS\system32\DRIVERS\atapi.sys
2010/09/20 21:22:51.0859 Atmarpc (9916c1225104ba14794209cfa8012159) G:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/09/20 21:22:51.0953 audstub (d9f724aa26c010a217c97606b160ed68) G:\WINDOWS\system32\DRIVERS\audstub.sys
2010/09/20 21:22:52.0078 BCMModem (41347688046d49cde0f6d138a534f73d) G:\WINDOWS\system32\DRIVERS\BCMSM.sys
2010/09/20 21:22:52.0187 Beep (da1f27d85e0d1525f6621372e7b685e9) G:\WINDOWS\system32\drivers\Beep.sys
2010/09/20 21:22:52.0265 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) G:\WINDOWS\system32\drivers\cbidf2k.sys
2010/09/20 21:22:52.0343 CCDECODE (0be5aef125be881c4f854c554f2b025c) G:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/09/20 21:22:52.0484 Cdaudio (c1b486a7658353d33a10cc15211a873b) G:\WINDOWS\system32\drivers\Cdaudio.sys
2010/09/20 21:22:52.0546 Cdfs (c885b02847f5d2fd45a24e219ed93b32) G:\WINDOWS\system32\drivers\Cdfs.sys
2010/09/20 21:22:52.0593 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) G:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/09/20 21:22:52.0750 Compbatt (6e4c9f21f0fae8940661144f41b13203) G:\WINDOWS\system32\DRIVERS\compbatt.sys
2010/09/20 21:22:52.0968 Disk (044452051f3e02e7963599fc8f4f3e25) G:\WINDOWS\system32\DRIVERS\disk.sys
2010/09/20 21:22:53.0031 dmboot (d992fe1274bde0f84ad826acae022a41) G:\WINDOWS\system32\drivers\dmboot.sys
2010/09/20 21:22:53.0125 dmio (7c824cf7bbde77d95c08005717a95f6f) G:\WINDOWS\system32\drivers\dmio.sys
2010/09/20 21:22:53.0218 dmload (e9317282a63ca4d188c0df5e09c6ac5f) G:\WINDOWS\system32\drivers\dmload.sys
2010/09/20 21:22:53.0312 DMusic (8a208dfcf89792a484e76c40e5f50b45) G:\WINDOWS\system32\drivers\DMusic.sys
2010/09/20 21:22:53.0421 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) G:\WINDOWS\system32\drivers\drmkaud.sys
2010/09/20 21:22:53.0500 E100B (98b46b331404a951cabad8b4877e1276) G:\WINDOWS\system32\DRIVERS\e100b325.sys
2010/09/20 21:22:53.0625 Fastfat (38d332a6d56af32635675f132548343e) G:\WINDOWS\system32\drivers\Fastfat.sys
2010/09/20 21:22:53.0703 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) G:\WINDOWS\system32\DRIVERS\fdc.sys
2010/09/20 21:22:53.0750 Fips (d45926117eb9fa946a6af572fbe1caa3) G:\WINDOWS\system32\drivers\Fips.sys
2010/09/20 21:22:53.0796 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) G:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/09/20 21:22:53.0843 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) G:\WINDOWS\system32\drivers\fltmgr.sys
2010/09/20 21:22:53.0906 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) G:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/09/20 21:22:54.0000 Ftdisk (6ac26732762483366c3969c9e4d2259d) G:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/09/20 21:22:54.0078 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) G:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2010/09/20 21:22:54.0125 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) G:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/09/20 21:22:54.0203 HidBatt (748031ff4fe45ccc47546294905feab8) G:\WINDOWS\system32\DRIVERS\HidBatt.sys
2010/09/20 21:22:54.0250 hidusb (ccf82c5ec8a7326c3066de870c06daf1) G:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/09/20 21:22:54.0390 HTTP (f80a415ef82cd06ffaf0d971528ead38) G:\WINDOWS\system32\Drivers\HTTP.sys
2010/09/20 21:22:54.0562 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) G:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/09/20 21:22:54.0625 Imapi (083a052659f5310dd8b6a6cb05edcf8e) G:\WINDOWS\system32\DRIVERS\imapi.sys
2010/09/20 21:22:54.0765 intelppm (8c953733d8f36eb2133f5bb58808b66b) G:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/09/20 21:22:54.0828 ip6fw (3bb22519a194418d5fec05d800a19ad0) G:\WINDOWS\system32\drivers\ip6fw.sys
2010/09/20 21:22:54.0906 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) G:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/09/20 21:22:54.0984 IpInIp (b87ab476dcf76e72010632b5550955f5) G:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/09/20 21:22:55.0046 IpNat (cc748ea12c6effde940ee98098bf96bb) G:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/09/20 21:22:55.0109 IPSec (23c74d75e36e7158768dd63d92789a91) G:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/09/20 21:22:55.0171 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) G:\WINDOWS\system32\DRIVERS\irenum.sys
2010/09/20 21:22:55.0250 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) G:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/09/20 21:22:55.0312 Kbdclass (463c1ec80cd17420a542b7f36a36f128) G:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/09/20 21:22:55.0359 kbdhid (9ef487a186dea361aa06913a75b3fa99) G:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/09/20 21:22:55.0437 kmixer (692bcf44383d056aed41b045a323d378) G:\WINDOWS\system32\drivers\kmixer.sys
2010/09/20 21:22:55.0531 KSecDD (b467646c54cc746128904e1654c750c1) G:\WINDOWS\system32\drivers\KSecDD.sys
2010/09/20 21:22:55.0687 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) G:\WINDOWS\system32\drivers\mnmdd.sys
2010/09/20 21:22:55.0765 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) G:\WINDOWS\system32\drivers\Modem.sys
2010/09/20 21:22:55.0828 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) G:\WINDOWS\system32\drivers\MODEMCSA.sys
2010/09/20 21:22:55.0875 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) G:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/09/20 21:22:55.0953 mouhid (b1c303e17fb9d46e87a98e4ba6769685) G:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/09/20 21:22:56.0000 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) G:\WINDOWS\system32\drivers\MountMgr.sys
2010/09/20 21:22:56.0046 MpFilter (c98301ad8173a2235a9ab828955c32bb) G:\WINDOWS\system32\DRIVERS\MpFilter.sys
2010/09/20 21:22:56.0156 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) G:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/09/20 21:22:56.0250 MRxSmb (f3aefb11abc521122b67095044169e98) G:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/09/20 21:22:56.0328 Msfs (c941ea2454ba8350021d774daf0f1027) G:\WINDOWS\system32\drivers\Msfs.sys
2010/09/20 21:22:56.0390 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) G:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/09/20 21:22:56.0484 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) G:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/09/20 21:22:56.0546 MSPQM (bad59648ba099da4a17680b39730cb3d) G:\WINDOWS\system32\drivers\MSPQM.sys
2010/09/20 21:22:56.0609 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) G:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/09/20 21:22:56.0656 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) G:\WINDOWS\system32\drivers\MSTEE.sys
2010/09/20 21:22:56.0703 Mup (2f625d11385b1a94360bfc70aaefdee1) G:\WINDOWS\system32\drivers\Mup.sys
2010/09/20 21:22:56.0781 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) G:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/09/20 21:22:56.0843 NDIS (1df7f42665c94b825322fae71721130d) G:\WINDOWS\system32\drivers\NDIS.sys
2010/09/20 21:22:56.0906 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) G:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/09/20 21:22:56.0953 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) G:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/09/20 21:22:57.0000 Ndisuio (f927a4434c5028758a842943ef1a3849) G:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/09/20 21:22:57.0046 NdisWan (edc1531a49c80614b2cfda43ca8659ab) G:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/09/20 21:22:57.0109 NDProxy (6215023940cfd3702b46abc304e1d45a) G:\WINDOWS\system32\drivers\NDProxy.sys
2010/09/20 21:22:57.0156 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) G:\WINDOWS\system32\DRIVERS\netbios.sys
2010/09/20 21:22:57.0218 NetBT (91a8143bf85ffaa29206e44c978e4d55) G:\WINDOWS\system32\DRIVERS\netbt.sys
2010/09/20 21:22:57.0218 Suspicious file (Forged): G:\WINDOWS\system32\DRIVERS\netbt.sys. Real md5: 91a8143bf85ffaa29206e44c978e4d55, Fake md5: 9005df6cff0965f4a386b23c108eab42
2010/09/20 21:22:57.0218 NetBT - detected Forged file (1)
2010/09/20 21:22:57.0312 Npfs (3182d64ae053d6fb034f44b6def8034a) G:\WINDOWS\system32\drivers\Npfs.sys
2010/09/20 21:22:57.0375 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) G:\WINDOWS\system32\drivers\Ntfs.sys
2010/09/20 21:22:57.0484 NuidFltr (cf7e041663119e09d2e118521ada9300) G:\WINDOWS\system32\DRIVERS\NuidFltr.sys
2010/09/20 21:22:57.0593 Null (73c1e1f395918bc2c6dd67af7591a3ad) G:\WINDOWS\system32\drivers\Null.sys
2010/09/20 21:22:57.0703 nv (b93ee8e8ad859dd1890cd5177c49017d) G:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/09/20 21:22:57.0781 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) G:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/09/20 21:22:57.0859 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) G:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/09/20 21:22:57.0921 OMCI (cec7e2c6c1fa00c7ab2f5434f848ae51) G:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS
2010/09/20 21:22:58.0015 Parport (5575faf8f97ce5e713d108c2a58d7c7c) G:\WINDOWS\system32\DRIVERS\parport.sys
2010/09/20 21:22:58.0062 PartMgr (beb3ba25197665d82ec7065b724171c6) G:\WINDOWS\system32\drivers\PartMgr.sys
2010/09/20 21:22:58.0140 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) G:\WINDOWS\system32\drivers\ParVdm.sys
2010/09/20 21:22:58.0187 PCI (a219903ccf74233761d92bef471a07b1) G:\WINDOWS\system32\DRIVERS\pci.sys
2010/09/20 21:22:58.0296 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) G:\WINDOWS\system32\DRIVERS\pciide.sys
2010/09/20 21:22:58.0359 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) G:\WINDOWS\system32\drivers\Pcmcia.sys
2010/09/20 21:22:58.0703 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) G:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/09/20 21:22:58.0765 Processor (a32bebaf723557681bfc6bd93e98bd26) G:\WINDOWS\system32\DRIVERS\processr.sys
2010/09/20 21:22:58.0812 PSched (09298ec810b07e5d582cb3a3f9255424) G:\WINDOWS\system32\DRIVERS\psched.sys
2010/09/20 21:22:58.0875 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) G:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/09/20 21:22:58.0968 QCDonner (fddd1aeb9f81ef1e6e48ae1edc2a97d6) G:\WINDOWS\system32\DRIVERS\OVCD.sys
2010/09/20 21:22:59.0203 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) G:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/09/20 21:22:59.0250 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) G:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/09/20 21:22:59.0312 RasPppoe (5bc962f2654137c9909c3d4603587dee) G:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/09/20 21:22:59.0343 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) G:\WINDOWS\system32\DRIVERS\raspti.sys
2010/09/20 21:22:59.0406 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) G:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/09/20 21:22:59.0453 RDPCDD (4912d5b403614ce99c28420f75353332) G:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/09/20 21:22:59.0531 RDPWD (6728e45b66f93c08f11de2e316fc70dd) G:\WINDOWS\system32\drivers\RDPWD.sys
2010/09/20 21:22:59.0609 redbook (f828dd7e1419b6653894a8f97a0094c5) G:\WINDOWS\system32\DRIVERS\redbook.sys
2010/09/20 21:22:59.0718 Secdrv (90a3935d05b494a5a39d37e71f09a677) G:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/09/20 21:22:59.0781 serenum (0f29512ccd6bead730039fb4bd2c85ce) G:\WINDOWS\system32\DRIVERS\serenum.sys
2010/09/20 21:22:59.0828 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) G:\WINDOWS\system32\DRIVERS\serial.sys
2010/09/20 21:22:59.0906 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) G:\WINDOWS\system32\drivers\Sfloppy.sys
2010/09/20 21:23:00.0015 SLIP (866d538ebe33709a5c9f5c62b73b7d14) G:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/09/20 21:23:00.0125 smwdm (31fd0707c7dbe715234f2823b27214fe) G:\WINDOWS\system32\drivers\smwdm.sys
2010/09/20 21:23:00.0265 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) G:\WINDOWS\system32\drivers\splitter.sys
2010/09/20 21:23:00.0328 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) G:\WINDOWS\system32\DRIVERS\sr.sys
2010/09/20 21:23:00.0421 Srv (da852e3e0bf1cea75d756f9866241e57) G:\WINDOWS\system32\DRIVERS\srv.sys
2010/09/20 21:23:00.0546 streamip (77813007ba6265c4b6098187e6ed79d2) G:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/09/20 21:23:00.0656 swenum (3941d127aef12e93addf6fe6ee027e0f) G:\WINDOWS\system32\DRIVERS\swenum.sys
2010/09/20 21:23:00.0671 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) G:\WINDOWS\system32\drivers\swmidi.sys
2010/09/20 21:23:00.0843 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) G:\WINDOWS\system32\drivers\sysaudio.sys
2010/09/20 21:23:00.0937 Tcpip (cc30ddbbe74dea76c8ad855da1778c63) G:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/09/20 21:23:00.0953 Suspicious file (Forged): G:\WINDOWS\system32\DRIVERS\tcpip.sys. Real md5: cc30ddbbe74dea76c8ad855da1778c63, Fake md5: 880d347a8930db231414ed9b986ae3fb
2010/09/20 21:23:00.0968 Tcpip - detected Forged file (1)
2010/09/20 21:23:01.0015 TDPIPE (6471a66807f5e104e4885f5b67349397) G:\WINDOWS\system32\drivers\TDPIPE.sys
2010/09/20 21:23:01.0062 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) G:\WINDOWS\system32\drivers\TDTCP.sys
2010/09/20 21:23:01.0109 TermDD (88155247177638048422893737429d9e) G:\WINDOWS\system32\DRIVERS\termdd.sys
2010/09/20 21:23:01.0203 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) G:\WINDOWS\system32\drivers\Udfs.sys
2010/09/20 21:23:01.0312 Update (402ddc88356b1bac0ee3dd1580c76a31) G:\WINDOWS\system32\DRIVERS\update.sys
2010/09/20 21:23:01.0390 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) G:\WINDOWS\system32\Drivers\usbaapl.sys
2010/09/20 21:23:01.0453 usbccgp (173f317ce0db8e21322e71b7e60a27e8) G:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/09/20 21:23:01.0500 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) G:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/09/20 21:23:01.0562 usbhub (1ab3cdde553b6e064d2e754efe20285c) G:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/09/20 21:23:01.0609 usbprint (a717c8721046828520c9edf31288fc00) G:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/09/20 21:23:01.0656 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) G:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/09/20 21:23:01.0703 usbstor (a32426d9b14a089eaa1d922e0c5801a9) G:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/09/20 21:23:01.0750 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) G:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/09/20 21:23:01.0781 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) G:\WINDOWS\System32\drivers\vga.sys
2010/09/20 21:23:01.0859 VolSnap (4c8fcb5cc53aab716d810740fe59d025) G:\WINDOWS\system32\drivers\VolSnap.sys
2010/09/20 21:23:01.0921 Wanarp (e20b95baedb550f32dd489265c1da1f6) G:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/09/20 21:23:01.0984 Wdf01000 (fd47474bd21794508af449d9d91af6e6) G:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2010/09/20 21:23:02.0093 wdmaud (6768acf64b18196494413695f0c3a00f) G:\WINDOWS\system32\drivers\wdmaud.sys
2010/09/20 21:23:02.0250 WSTCODEC (c98b39829c2bbd34e454150633c62c78) G:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/09/20 21:23:02.0343 WudfPf (f15feafffbb3644ccc80c5da584e6311) G:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/09/20 21:23:02.0375 WudfRd (28b524262bce6de1f7ef9f510ba3985b) G:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/09/20 21:23:02.0531 ================================================================================
2010/09/20 21:23:02.0531 Scan finished
2010/09/20 21:23:02.0531 ================================================================================
2010/09/20 21:23:02.0546 Detected object count: 3
2010/09/20 21:24:24.0765 HKLM\SYSTEM\ControlSet001\services\AFD - will be deleted after reboot
2010/09/20 21:24:24.0765 HKLM\SYSTEM\ControlSet001\control\safeboot\Network\AFD - will be deleted after reboot
2010/09/20 21:24:24.0765 HKLM\SYSTEM\ControlSet002\services\AFD - will be deleted after reboot
2010/09/20 21:24:24.0781 HKLM\SYSTEM\ControlSet002\control\safeboot\Network\AFD - will be deleted after reboot
2010/09/20 21:24:24.0781 G:\WINDOWS\System32\drivers\afd.sys - will be deleted after reboot
2010/09/20 21:24:24.0781 Forged file(AFD) - User select action: Delete
2010/09/20 21:24:24.0796 HKLM\SYSTEM\ControlSet001\services\NetBT - will be deleted after reboot
2010/09/20 21:24:24.0796 HKLM\SYSTEM\ControlSet001\control\safeboot\Network\NetBT - will be deleted after reboot
2010/09/20 21:24:24.0796 HKLM\SYSTEM\ControlSet002\services\NetBT - will be deleted after reboot
2010/09/20 21:24:24.0796 HKLM\SYSTEM\ControlSet002\control\safeboot\Network\NetBT - will be deleted after reboot
2010/09/20 21:24:24.0796 G:\WINDOWS\system32\DRIVERS\netbt.sys - will be deleted after reboot
2010/09/20 21:24:24.0796 Forged file(NetBT) - User select action: Delete
2010/09/20 21:24:24.0812 HKLM\SYSTEM\ControlSet001\services\Tcpip - will be deleted after reboot
2010/09/20 21:24:24.0812 HKLM\SYSTEM\ControlSet001\control\safeboot\Network\Tcpip - will be deleted after reboot
2010/09/20 21:24:24.0812 HKLM\SYSTEM\ControlSet002\services\Tcpip - will be deleted after reboot
2010/09/20 21:24:24.0812 HKLM\SYSTEM\ControlSet002\control\safeboot\Network\Tcpip - will be deleted after reboot
2010/09/20 21:24:24.0812 G:\WINDOWS\system32\DRIVERS\tcpip.sys - will be deleted after reboot
2010/09/20 21:24:24.0812 Forged file(Tcpip) - User select action: Delete
2010/09/20 21:27:32.0156 Deinitialize success
  • 0

#6
Salagubang
Posted 21 September 2010 - 04:27 PM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
Hi johonn,

Download the tools needed to a flash drive or other removable media, and transfer them to the infected computer.

***************************************************

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

With malware infections being as they are today, it's strongly recommended to have the Windows Recovery Console pre-installed on your machine before doing any malware removal.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.


Go to Microsoft's website => http://support.microsoft.com/kb/310994

Scroll down to Step 1, and select the download that's appropriate for your Operating System. Download the file & save it as it's originally named.

Note: If you have SP3, use the SP2 package.


---------------------------------------------------------------------

Transfer all files you just downloaded, to the desktop of the infected computer.

--------------------------------------------------------------------


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

Posted Image


  • Drag the setup package onto ComboFix.exe and drop it.

  • Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.


    Posted Image


  • At the next prompt, click 'Yes' to run the full ComboFix scan.

  • When the tool is finished, it will produce a report for you.
Please post the C:\ComboFix.txt in your next reply.
  • 0

#7
johonn
Posted 21 September 2010 - 08:37 PM

johonn

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 120 posts
My dad reminds me that he is not able to copy and paste programs onto his desktop - that seems to be disabled somehow, so we don't know how to follow those instructions. Is it ok to run the installer from a thumb drive?
  • 0

#8
Salagubang
Posted 21 September 2010 - 08:39 PM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
:D

Yup you can go ahead and run it directly from USB.
  • 0

#9
Essexboy
Posted 26 September 2010 - 05:18 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#10
Salagubang
Posted 10 October 2010 - 06:01 AM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
Hi johonn,

Since its been a while since your last post, can you please update me on the problems you are encountering now. :D

If you we're you able to run Combofix, please post the combofix.txt (it can be found at C:\Combofix.txt).

Regards.
  • 0

Advertisements

#11
johonn
Posted 13 October 2010 - 07:00 PM

johonn

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 120 posts
Hello again,

sorry for all the delays...

here's the combofix log (still no copy and paste on my dad's computer, and I think the other problems are still there as well):


ComboFix 10-10-05.01 - Donovan Gerrans 10/06/2010 20:11:03.2.1 - x86
Running from: J:\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2010-09-07 to 2010-10-07 )))))))))))))))))))))))))))))))
.

2010-09-15 04:01 . 2010-09-07 14:52 165584 -c--a-w- g:\windows\system32\drivers\aswSP.sys
2010-09-15 04:01 . 2010-09-07 14:47 17744 -c--a-w- g:\windows\system32\drivers\aswFsBlk.sys
2010-09-15 04:01 . 2010-09-07 14:47 23376 -c--a-w- g:\windows\system32\drivers\aswRdr.sys
2010-09-15 04:01 . 2010-09-07 14:52 46672 -c--a-w- g:\windows\system32\drivers\aswTdi.sys
2010-09-15 04:01 . 2010-09-07 14:47 100176 -c--a-w- g:\windows\system32\drivers\aswmon2.sys
2010-09-15 04:01 . 2010-09-07 14:47 94544 -c--a-w- g:\windows\system32\drivers\aswmon.sys
2010-09-15 04:01 . 2010-09-07 14:46 28880 -c--a-w- g:\windows\system32\drivers\aavmker4.sys
2010-09-15 04:01 . 2010-09-07 15:12 38848 -c--a-w- g:\windows\avastSS.scr
2010-09-15 04:01 . 2010-09-07 15:11 167592 -c--a-w- g:\windows\system32\aswBoot.exe
2010-09-15 03:35 . 2010-09-15 03:35 -------- dcsh--w- g:\documents and settings\Donovan Gerrans\IECompatCache
2010-09-12 15:40 . 2010-04-29 22:39 38224 -c--a-w- g:\windows\system32\drivers\mbamswissarmy.sys
2010-09-12 15:40 . 2010-04-29 22:39 20952 -c--a-w- g:\windows\system32\drivers\mbam.sys
2010-09-12 05:34 . 2010-09-12 05:35 -------- dc----w- g:\program files\ERUNT
2010-09-12 05:15 . 2010-09-12 05:15 -------- dc----w- g:\documents and settings\Administrator.DEEPWOOD\Application Data\Search Settings
2010-09-12 05:15 . 2010-09-12 05:15 -------- dc----w- g:\documents and settings\Administrator.DEEPWOOD\Application Data\pdfforge
2010-09-12 05:14 . 2010-09-12 05:14 -------- dc----w- g:\documents and settings\Administrator.DEEPWOOD\Local Settings\Application Data\Mozilla
2010-09-11 05:12 . 2010-09-11 05:12 -------- dc----w- g:\documents and settings\Donovan Gerrans\Local Settings\Application Data\PCHealth
2010-09-11 05:12 . 2010-09-11 05:12 -------- dc----w- g:\documents and settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\PCHealth
2010-09-10 10:11 . 2010-09-10 10:11 -------- dc----w- g:\documents and settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Google

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-06 04:38 . 2010-07-06 21:20 -------- dc----w- g:\program files\pdfforge Toolbar
2010-09-15 03:51 . 2010-06-14 08:15 -------- dc----w- g:\program files\Google
2010-09-15 03:37 . 2009-07-28 02:57 -------- dc----w- g:\program files\Malwarebytes' Anti-Malware
2010-09-10 10:15 . 2008-08-15 01:46 -------- dc----w- g:\program files\Zoom Player
2010-09-08 21:55 . 2004-09-27 15:13 188152 -c--a-w- g:\documents and settings\Donovan Gerrans\Application Data\Mozilla\Firefox\Profiles\e7oi83pg.default\FlashGot.exe
2010-09-08 04:29 . 2010-06-20 03:57 -------- dc----w- g:\program files\Microsoft Silverlight
2010-09-08 01:32 . 2010-07-31 01:21 -------- dc----w- g:\documents and settings\Donovan Gerrans\Application Data\HpUpdate
2010-09-03 11:20 . 2010-07-20 05:07 664 -c--a-w- g:\windows\system32\d3d9caps.dat
2010-09-03 05:55 . 2010-09-03 05:55 -------- dc----w- g:\documents and settings\Donovan Gerrans\Application Data\ArcSoft
2010-09-03 04:03 . 2010-09-03 04:03 -------- dc----w- g:\documents and settings\Donovan Gerrans\Application Data\Thinstall
2010-08-20 03:07 . 2010-08-20 03:07 61440 -c--a-w- g:\documents and settings\Donovan Gerrans\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-730ed47c-n\decora-sse.dll
2010-08-20 03:07 . 2010-08-20 03:07 503808 -c--a-w- g:\documents and settings\Donovan Gerrans\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-52f24769-n\msvcp71.dll
2010-08-20 03:07 . 2010-08-20 03:07 499712 -c--a-w- g:\documents and settings\Donovan Gerrans\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-52f24769-n\jmc.dll
2010-08-20 03:07 . 2010-08-20 03:07 348160 -c--a-w- g:\documents and settings\Donovan Gerrans\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-52f24769-n\msvcr71.dll
2010-08-20 03:07 . 2010-08-20 03:07 12800 -c--a-w- g:\documents and settings\Donovan Gerrans\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-730ed47c-n\decora-d3d.dll
2010-08-17 05:28 . 2010-06-15 06:15 -------- dc----w- g:\documents and settings\All Users\Application Data\Microsoft Help
2010-08-17 05:07 . 2010-08-17 05:07 -------- dc----w- g:\documents and settings\All Users\Application Data\SlySoft
2010-08-17 05:05 . 2010-08-17 05:05 -------- dc----w- g:\program files\SlySoft
2010-07-26 23:39 . 2010-07-26 23:39 45056 -c--a-w- g:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-07-26 23:39 . 2010-07-26 23:39 45056 -c--a-w- g:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-07-26 23:39 . 2010-07-26 23:39 45056 -c--a-w- g:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-07-26 23:39 . 2010-07-26 23:39 45056 -c--a-w- g:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-07-26 23:39 . 2010-07-26 23:39 49152 -c--a-w- g:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-07-26 23:39 . 2010-07-26 23:39 40960 -c--a-w- g:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
2010-07-26 23:39 . 2010-07-26 23:39 308808 -c--a-w- g:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-07-26 23:39 . 2010-07-26 23:39 14848 -c--a-w- g:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
2010-07-26 23:39 . 2010-07-26 23:39 341600 -c--a-w- g:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
2010-07-26 23:38 . 2010-07-26 23:38 348160 -c--a-w- g:\windows\system32\msvcr71.dll
2010-07-26 23:38 . 2007-03-12 04:24 499712 -c--a-w- g:\windows\system32\msvcp71.dll
2010-07-26 23:28 . 2010-07-26 23:28 73000 -c--a-w- g:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
2010-07-17 12:00 . 2010-07-17 01:06 423656 -c--a-w- g:\windows\system32\deployJava1.dll
2010-07-17 01:06 . 2010-07-17 01:06 503808 -c--a-w- g:\documents and settings\Donovan Gerrans\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-192a6c7a-n\msvcp71.dll
2010-07-17 01:06 . 2010-07-17 01:06 499712 -c--a-w- g:\documents and settings\Donovan Gerrans\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-192a6c7a-n\jmc.dll
2010-07-17 01:06 . 2010-07-17 01:06 348160 -c--a-w- g:\documents and settings\Donovan Gerrans\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-192a6c7a-n\msvcr71.dll
2010-07-17 01:06 . 2010-07-17 01:06 61440 -c--a-w- g:\documents and settings\Donovan Gerrans\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-5eaccb53-n\decora-sse.dll
2010-07-17 01:06 . 2010-07-17 01:06 12800 -c--a-w- g:\documents and settings\Donovan Gerrans\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-5eaccb53-n\decora-d3d.dll
2010-03-31 14:09 . 2010-03-31 14:09 10437264 -c--a-w- g:\program files\mozilla firefox\plugins\PDFNetC.dll
2010-04-08 16:36 . 2010-04-08 16:36 107760 -c--a-w- g:\program files\mozilla firefox\plugins\ScorchPDFWrapper.dll
.

------- Sigcheck -------

[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . g:\windows\ServicePackFiles\i386\atapi.sys
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . g:\windows\system32\dllcache\atapi.sys
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . g:\windows\system32\drivers\atapi.sys
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . g:\windows\system32\ReinstallBackups\0001\DriverFiles\i386\atapi.sys
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . g:\windows\system32\ReinstallBackups\0012\DriverFiles\i386\atapi.sys
[-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . g:\windows\$NtServicePackUninstall$\atapi.sys

[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . g:\windows\ServicePackFiles\i386\asyncmac.sys
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . g:\windows\system32\drivers\asyncmac.sys
[-] 2004-08-04 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . g:\windows\$NtServicePackUninstall$\asyncmac.sys

[-] 2002-09-03 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . g:\windows\system32\dllcache\beep.sys
[-] 2002-09-03 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . g:\windows\system32\drivers\beep.sys

[-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . g:\windows\system32\drivers\kbdclass.sys
[-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . g:\windows\ServicePackFiles\i386\kbdclass.sys
[-] 2004-08-04 . EBDEE8A2EE5393890A1ACEE971C4C246 . 24576 . . [5.1.2600.2180] . . g:\windows\$NtServicePackUninstall$\kbdclass.sys

[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . g:\windows\ServicePackFiles\i386\ndis.sys
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . g:\windows\system32\drivers\ndis.sys
[-] 2004-08-04 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . g:\windows\$NtServicePackUninstall$\ndis.sys

[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . g:\windows\ServicePackFiles\i386\ntfs.sys
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . g:\windows\system32\drivers\ntfs.sys
[-] 2004-08-04 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . g:\windows\$NtServicePackUninstall$\ntfs.sys

[-] 2002-09-03 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . g:\windows\system32\dllcache\null.sys
[-] 2002-09-03 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . g:\windows\system32\drivers\null.sys

[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . g:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . g:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . g:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . g:\windows\$NtServicePackUninstall$\tcpip.sys
[-] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . g:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . g:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . g:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . g:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . g:\windows\$NtUninstallKB951748_0$\tcpip.sys
[-] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . g:\windows\$NtUninstallKB917953$\tcpip.sys

[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . g:\windows\ServicePackFiles\i386\browser.dll
[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . g:\windows\system32\browser.dll
[-] 2004-08-04 . E3CFCCDDA4EDD1D0DC9168B2E18F27B8 . 77312 . . [5.1.2600.2180] . . g:\windows\$NtServicePackUninstall$\browser.dll

[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . g:\windows\ServicePackFiles\i386\lsass.exe
[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . g:\windows\system32\lsass.exe
[-] 2004-08-04 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . g:\windows\$NtServicePackUninstall$\lsass.exe

[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . g:\windows\ServicePackFiles\i386\netman.dll
[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . g:\windows\system32\netman.dll
[-] 2005-08-22 . 36739B39267914BA69AD0610A0299732 . 197632 . . [5.1.2600.2743] . . g:\windows\$NtServicePackUninstall$\netman.dll
[-] 2005-08-22 . 3516D8A18B36784B1005B950B84232E1 . 197632 . . [5.1.2600.2743] . . g:\windows\$hf_mig$\KB905414\SP2QFE\netman.dll
[-] 2004-08-04 . DAB9E6C7105D2EF49876FE92C524F565 . 198144 . . [5.1.2600.2180] . . g:\windows\$NtUninstallKB905414$\netman.dll

[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . g:\windows\ServicePackFiles\i386\qmgr.dll
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . g:\windows\system32\qmgr.dll
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . g:\windows\system32\bits\qmgr.dll
[-] 2004-08-04 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180] . . g:\windows\$NtServicePackUninstall$\qmgr.dll
[-] 2002-09-03 . 6A1CF14D0E7D0B2241F552223769C8A7 . 221696 . . [6.2.2600.1106] . . g:\windows\$NtUninstallKB842773$\qmgr.dll

[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . g:\windows\$hf_mig$\KB956572\SP3GDR\rpcss.dll
[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . g:\windows\system32\rpcss.dll
[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . g:\windows\system32\dllcache\rpcss.dll
[-] 2009-02-09 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . [5.1.2600.5755] . . g:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[-] 2009-02-09 . 01095FEBF33BEEA00C2A0730B9B3EC28 . 399360 . . [5.1.2600.3520] . . g:\windows\$NtServicePackUninstall$\rpcss.dll
[-] 2009-02-09 . 24B5D53B9ACCC1E2EDCF0A878D6659D4 . 401408 . . [5.1.2600.3520] . . g:\windows\$hf_mig$\KB956572\SP2QFE\rpcss.dll
[-] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . g:\windows\$NtUninstallKB956572$\rpcss.dll
[-] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . g:\windows\ServicePackFiles\i386\rpcss.dll
[-] 2005-07-26 . CE94A2BD25E3E9F4D46A7373FF455C6D . 397824 . . [5.1.2600.2726] . . g:\windows\SoftwareDistribution\Download\b93f60ba19e546073f72c1a6c59659c8\sp2gdr\rpcss.dll
[-] 2005-07-26 . 0D903904A1CDDAA2AE29F48176C683D4 . 276992 . . [5.1.2600.1720] . . g:\windows\SoftwareDistribution\Download\b93f60ba19e546073f72c1a6c59659c8\sp1qfe\rpcss.dll
[-] 2005-07-26 . C369DF215D352B6F3A0B8C3469AA34F8 . 398336 . . [5.1.2600.2726] . . g:\windows\SoftwareDistribution\Download\b93f60ba19e546073f72c1a6c59659c8\sp2qfe\rpcss.dll
[-] 2005-01-14 . 419899803CA479B73B02390318C787C0 . 395776 . . [5.1.2600.2595] . . g:\windows\$NtUninstallKB956572_0$\rpcss.dll
[-] 2005-01-14 . 94456045BEB4545B5EBE1DCC85951AFA . 395776 . . [5.1.2600.2595] . . g:\windows\$hf_mig$\KB873333\SP2QFE\rpcss.dll
[-] 2004-08-04 . 5C83A4408604F737717AB96371201680 . 395776 . . [5.1.2600.2180] . . g:\windows\$NtUninstallKB873333$\rpcss.dll

[-] 2009-02-06 . 37561F8D4160D62DA86D24AE41FAE8DE . 110592 . . [5.1.2600.3520] . . g:\windows\$NtServicePackUninstall$\services.exe
[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . g:\windows\$hf_mig$\KB956572\SP3GDR\services.exe
[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . g:\windows\system32\services.exe
[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . g:\windows\system32\dllcache\services.exe
[-] 2009-02-06 . 020CEAAEDC8EB655B6506B8C70D53BB6 . 110592 . . [5.1.2600.5755] . . g:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[-] 2009-02-06 . 4712531AB7A01B7EE059853CA17D39BD . 110592 . . [5.1.2600.3520] . . g:\windows\$hf_mig$\KB956572\SP2QFE\services.exe
[-] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . g:\windows\$NtUninstallKB956572$\services.exe
[-] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . g:\windows\ServicePackFiles\i386\services.exe
[-] 2004-08-04 . C6CE6EEC82F187615D1002BB3BB50ED4 . 108032 . . [5.1.2600.2180] . . g:\windows\$NtUninstallKB956572_0$\services.exe

[-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . g:\windows\ServicePackFiles\i386\spoolsv.exe
[-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . g:\windows\system32\spoolsv.exe
[-] 2005-06-11 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . g:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . g:\windows\$NtServicePackUninstall$\spoolsv.exe
[-] 2004-08-04 . 7435B108B935E42EA92CA94F59C8E717 . 57856 . . [5.1.2600.2180] . . g:\windows\$NtUninstallKB896423$\spoolsv.exe

[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . g:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . g:\windows\system32\winlogon.exe
[-] 2004-08-04 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . g:\windows\$NtServicePackUninstall$\winlogon.exe

[-] 2008-04-14 . BD38D1EBE24A46BD3EDA059560AFBA12 . 1054208 . . [6.0] . . g:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
[-] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . g:\windows\ServicePackFiles\i386\comctl32.dll
[-] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . g:\windows\system32\comctl32.dll
[-] 2006-08-25 . B0124CB21D28B1C9F678B566B6B57D92 . 617472 . . [5.82] . . g:\windows\$NtServicePackUninstall$\comctl32.dll
[-] 2006-08-25 . C4E80875C1CF1222FC5EFD0314AE5C01 . 1054208 . . [6.0] . . g:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
[-] 2004-08-04 . 5AF68A5E44734A082442668E9C787743 . 1050624 . . [6.0] . . g:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
[-] 2004-08-04 . A77DFB85FAEE49D66C74DA6024EBC69B . 611328 . . [5.82] . . g:\windows\$NtUninstallKB923191$\comctl32.dll
[-] 2002-09-03 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . g:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[-] 2002-09-03 . 76B90BD220F1B1CC9E183C6B1AE9FBB4 . 921600 . . [6.0] . . g:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll

[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . g:\windows\ServicePackFiles\i386\cryptsvc.dll
[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . g:\windows\system32\cryptsvc.dll
[-] 2004-08-04 . 10654F9DDCEA9C46CFB77554231BE73B . 60416 . . [5.1.2600.2180] . . g:\windows\$NtServicePackUninstall$\cryptsvc.dll

[-] 2008-07-07 20:32 . 60D1A6342238378BFB7545C81EE3606C . 253952 . . [2001.12.4414.320] . . g:\windows\$NtServicePackUninstall$\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . g:\windows\$hf_mig$\KB950974\SP3GDR\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . g:\windows\system32\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . g:\windows\system32\dllcache\es.dll
[-] 2008-07-07 20:23 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . g:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
[-] 2008-07-07 20:06 . A4AB3DCA4A383F0DF4988ABDEB84F9A4 . 253952 . . [2001.12.4414.320] . . g:\windows\$hf_mig$\KB950974\SP2QFE\es.dll
[-] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . g:\windows\$NtUninstallKB950974$\es.dll
[-] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . g:\windows\ServicePackFiles\i386\es.dll
[-] 2005-07-26 04:39 . 34BBD9ACC1538818F2C878898C64E793 . 243200 . . [2001.12.4414.308] . . g:\windows\SoftwareDistribution\Download\b93f60ba19e546073f72c1a6c59659c8\sp2gdr\es.dll
[-] 2005-07-26 04:31 . 01B2EF40AAAF29786B0F906C487DD56A . 227328 . . [2001.12.4414.62] . . g:\windows\SoftwareDistribution\Download\b93f60ba19e546073f72c1a6c59659c8\sp1qfe\es.dll
[-] 2005-07-26 04:20 . 95F5FEA4C6DE2C3F28784D0DCC8F0DD3 . 243200 . . [2001.12.4414.308] . . g:\windows\SoftwareDistribution\Download\b93f60ba19e546073f72c1a6c59659c8\sp2qfe\es.dll
[-] 2004-08-04 07:56 . ACD36A2DD7D1E9D8A060AA651DC07E63 . 243200 . . [2001.12.4414.258] . . g:\windows\$NtUninstallKB950974_0$\es.dll

[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . g:\windows\ServicePackFiles\i386\imm32.dll
[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . g:\windows\system32\imm32.dll
[-] 2004-08-04 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . g:\windows\$NtServicePackUninstall$\imm32.dll

[-] 2009-03-21 . B6ACAED7588295129791E0E6A2B0FADE . 986112 . . [5.1.2600.3541] . . g:\windows\$NtServicePackUninstall$\kernel32.dll
[-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . g:\windows\$hf_mig$\KB959426\SP3GDR\kernel32.dll
[-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . g:\windows\system32\kernel32.dll
[-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . g:\windows\system32\dllcache\kernel32.dll
[-] 2009-03-21 . DA11D9D6ECBDF0F93436A4B7C13F7BEC . 991744 . . [5.1.2600.5781] . . g:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[-] 2009-03-21 . 80202858D245FF07DAA1739C57A3E19B . 989184 . . [5.1.2600.3541] . . g:\windows\$hf_mig$\KB959426\SP2QFE\kernel32.dll
[-] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . g:\windows\$NtUninstallKB959426$\kernel32.dll
[-] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . g:\windows\ServicePackFiles\i386\kernel32.dll
[-] 2006-07-05 . 0FDD84928A5DDE2510761B7EC76CCEC9 . 985088 . . [5.1.2600.2945] . . g:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll
[-] 2006-07-05 . D8DB5397DE07577C1CB50BA6D23B3AD4 . 984064 . . [5.1.2600.2945] . . g:\windows\$NtUninstallKB959426_0$\kernel32.dll
[-] 2004-08-04 . 888190E31455FAD793312F8D087146EB . 983552 . . [5.1.2600.2180] . . g:\windows\$NtUninstallKB917422$\kernel32.dll

[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . g:\windows\ServicePackFiles\i386\linkinfo.dll
[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . g:\windows\system32\linkinfo.dll
[-] 2005-09-01 . 648BF0B4DDE4F7A1156DAE7174D36EFA . 19968 . . [5.1.2600.2751] . . g:\windows\$hf_mig$\KB900725\SP2QFE\linkinfo.dll
[-] 2005-09-01 . A1A688EE56CF3BBD24EDEB815D48E9BA . 19968 . . [5.1.2600.2751] . . g:\windows\$NtServicePackUninstall$\linkinfo.dll
[-] 2004-08-04 . C2BBD044C741EA4292016C36F718D2E4 . 18944 . . [5.1.2600.2180] . . g:\windows\$NtUninstallKB900725$\linkinfo.dll

[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . g:\windows\ServicePackFiles\i386\lpk.dll
[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . g:\windows\system32\lpk.dll
[-] 2004-08-04 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . g:\windows\$NtServicePackUninstall$\lpk.dll

[-] 2010-06-24 . 94DC7E938C57F3C3D1BC4A0F68FC5830 . 5954560 . . [8.00.6001.23037] . . g:\windows\$hf_mig$\KB2183461-IE8\SP3QFE\mshtml.dll
[-] 2010-06-24 . 4D7EF94795384CD2BBAAB078B7929FEA . 5951488 . . [8.00.6001.18939] . . g:\windows\system32\mshtml.dll
[-] 2010-06-24 . 4D7EF94795384CD2BBAAB078B7929FEA . 5951488 . . [8.00.6001.18939] . . g:\windows\system32\dllcache\mshtml.dll
[-] 2010-05-06 . C7B7A88CC7D7ABA5C395145BF92F46F7 . 5950976 . . [8.00.6001.18928] . . g:\windows\ie8updates\KB2183461-IE8\mshtml.dll
[-] 2010-05-06 . C7B7A88CC7D7ABA5C395145BF92F46F7 . 5950976 . . [8.00.6001.18928] . . g:\windows\SoftwareDistribution\Download\e9e3bc7b49018c1f53cc0d1bd73cad37\SP3GDR\mshtml.dll
[-] 2010-05-06 . 9BE28F749A7FE7F8F177C6AA2E9DA609 . 5953024 . . [8.00.6001.23019] . . g:\windows\$hf_mig$\KB982381-IE8\SP3QFE\mshtml.dll
[-] 2010-05-06 . 9BE28F749A7FE7F8F177C6AA2E9DA609 . 5953024 . . [8.00.6001.23019] . . g:\windows\SoftwareDistribution\Download\e9e3bc7b49018c1f53cc0d1bd73cad37\SP3QFE\mshtml.dll
[-] 2010-04-16 . 6B930309A4A246D133A49EADE11E5773 . 3073024 . . [6.00.2900.5969] . . g:\windows\$hf_mig$\KB982381\SP3GDR\mshtml.dll
[-] 2010-04-16 . 9574D5B0C784DA0FD8F6A9BB37936A52 . 3073536 . . [6.00.2900.5969] . . g:\windows\$hf_mig$\KB982381\SP3QFE\mshtml.dll
[-] 2010-04-16 . 44A6BB3DE8FF814209A1CDFEC4BB51BD . 3065344 . . [6.00.2900.3698] . . g:\windows\ie8\mshtml.dll
[-] 2010-04-16 . 149F37C9702F24A50741E56FBC7AE56B . 3073024 . . [6.00.2900.3698] . . g:\windows\$hf_mig$\KB982381\SP2QFE\mshtml.dll
[-] 2009-03-08 . D469A0EBA2EF5C6BEE8065B7E3196E5E . 5937152 . . [8.00.6001.18702] . . g:\windows\ie8updates\KB982381-IE8\mshtml.dll
[-] 2008-04-14 . A706E122B398FE1AB85CB9B75D044223 . 3066880 . . [6.00.2900.5512] . . g:\windows\ServicePackFiles\i386\mshtml.dll
[-] 2006-06-30 17:28 . DCB29B03B80C5F26BB3F3A3DDA42281D . 2703872 . . [6.00.2800.1561] . . g:\windows\SoftwareDistribution\Download\a6392ee21d2c4ac260d9625143b6b111\rtmgdr\mshtml.dll
[-] 2006-06-30 17:16 . B3E7100B7091D958AEC345DF099B0A94 . 2710528 . . [6.00.2800.1562] . . g:\windows\SoftwareDistribution\Download\a6392ee21d2c4ac260d9625143b6b111\RTMQFE\mshtml.dll
[-] 2004-08-04 . 376E0843B2356CA91CEC8D9837A56FF7 . 3003392 . . [6.00.2900.2180] . . g:\windows\$NtServicePackUninstall$\mshtml.dll
[-] 2004-08-04 . 376E0843B2356CA91CEC8D9837A56FF7 . 3003392 . . [6.00.2900.2180] . . g:\windows\$NtUninstallKB982381$\mshtml.dll

[-] 2008-04-14 . D7075E95AA599EE77B7A89D39296BD3D . 343040 . . [7.0.2600.5512] . . g:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll
[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . g:\windows\ServicePackFiles\i386\msvcrt.dll
[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . g:\windows\system32\msvcrt.dll
[-] 2004-08-04 . 98EC447E00229AFD88D5161A25D065DA . 343040 . . [7.0.2600.2180] . . g:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcrt.dll
[-] 2004-08-04 . B0FEFA816D61EC66AA765DDF534EAB5E . 343040 . . [7.0.2600.2180] . . g:\windows\$NtServicePackUninstall$\msvcrt.dll
[-] 2002-09-03 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . g:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll
[-] 2002-09-03 . 70630CAD245477F8DB02B79D9A92834C . 323072 . . [7.0.2600.1106] . . g:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.10.0_x-ww_d8862ba3\msvcrt.dll

[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . g:\windows\$hf_mig$\KB951748\SP3GDR\mswsock.dll
[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . g:\windows\system32\mswsock.dll
[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . g:\windows\system32\dllcache\mswsock.dll
[-] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . g:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll
[-] 2008-06-20 . 097722F235A1FB698BF9234E01B52637 . 245248 . . [5.1.2600.3394] . . g:\windows\$NtServicePackUninstall$\mswsock.dll
[-] 2008-06-20 . 1DFCA7713EA5A70D5D93B436AEA0317A . 245248 . . [5.1.2600.3394] . . g:\windows\$hf_mig$\KB951748\SP2QFE\mswsock.dll
[-] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . g:\windows\$NtUninstallKB951748$\mswsock.dll
[-] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . g:\windows\ServicePackFiles\i386\mswsock.dll
[-] 2004-08-04 . 4E74AF063C3271FBEA20DD940CFD1184 . 245248 . . [5.1.2600.2180] . . g:\windows\$NtUninstallKB951748_0$\mswsock.dll

[-] 2009-02-06 . 6C476D33D82F1054849790181E8F7772 . 408064 . . [5.1.2600.3520] . . g:\windows\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[-] 2009-02-06 . 6C476D33D82F1054849790181E8F7772 . 408064 . . [5.1.2600.3520] . . g:\windows\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . g:\windows\ServicePackFiles\i386\netlogon.dll
[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . g:\windows\system32\netlogon.dll
[-] 2004-08-04 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180] . . g:\windows\$NtServicePackUninstall$\netlogon.dll

[-] 2010-04-28 . 472059774023F80EB7227EAF9A7ACDA1 . 2189952 . . [5.1.2600.5973] . . g:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2010-04-28 . 472059774023F80EB7227EAF9A7ACDA1 . 2189952 . . [5.1.2600.5973] . . g:\windows\system32\dllcache\ntoskrnl.exe
[-] 2010-04-27 . 466A3E1239F4A9428797730E81A7A865 . 2146304 . . [5.1.2600.5973] . . g:\windows\system32\ntoskrnl.exe
[-] 2010-04-27 . A2ABBEC40CDB57454645D06B7EBD22F5 . 2190080 . . [5.1.2600.5973] . . g:\windows\$hf_mig$\KB981852\SP3QFE\ntoskrnl.exe
[-] 2010-02-17 . D41C3CBAD0E1C0728D1CDFD541F60CFA . 2189952 . . [5.1.2600.5938] . . g:\windows\$hf_mig$\KB979683\SP3GDR\ntoskrnl.exe
[-] 2010-02-16 . 97E2BF68857818A4D142B872404DC41B . 2186880 . . [5.1.2600.3670] . . g:\windows\$hf_mig$\KB979683\SP2QFE\ntoskrnl.exe
[-] 2010-02-16 . 048DB3459FAB4CA741DCC84E1F374D65 . 2146304 . . [5.1.2600.5938] . . g:\windows\$NtUninstallKB981852$\ntoskrnl.exe
[-] 2010-02-16 . A63052FA8FB8685382E10EE83C326864 . 2137088 . . [5.1.2600.3670] . . g:\windows\$NtServicePackUninstall$\ntoskrnl.exe
[-] 2010-02-16 . E1F653A542449D54FA2D27463D99B6B6 . 2190080 . . [5.1.2600.5938] . . g:\windows\$hf_mig$\KB979683\SP3QFE\ntoskrnl.exe
[-] 2009-02-08 . EFE8EACE83EAAD5849A7A548FB75B584 . 2189184 . . [5.1.2600.5755] . . g:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[-] 2009-02-06 . 16B5EBE97F243441264A8F8694C2F2AA . 2136064 . . [5.1.2600.3520] . . g:\windows\$NtUninstallKB979683_0$\ntoskrnl.exe
[-] 2009-02-06 . 7A95B10A73737EBF24139AAA63F5212B . 2189056 . . [5.1.2600.5755] . . g:\windows\$hf_mig$\KB956572\SP3GDR\ntoskrnl.exe
[-] 2009-02-06 . 0CBA44D0938D57F334C0862424148B70 . 2145280 . . [5.1.2600.5755] . . g:\windows\$NtUninstallKB979683$\ntoskrnl.exe
[-] 2009-02-06 . 6A936E9D7BADAF3CAAEED1E1966EC1B0 . 2186112 . . [5.1.2600.3520] . . g:\windows\$hf_mig$\KB956572\SP2QFE\ntoskrnl.exe
[-] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . g:\windows\ServicePackFiles\i386\ntoskrnl.exe
[-] 2008-04-13 . 40F8880122A030A7E9E1FEDEA833B33D . 2145280 . . [5.1.2600.5512] . . g:\windows\$NtUninstallKB956572$\ntoskrnl.exe
[-] 2005-03-02 . 28187802B7C368C0D3AEF7D4C382AABB . 2179456 . . [5.1.2600.2622] . . g:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[-] 2005-03-02 . 48B3E89AF7074CEE0314A3E0C7FAFFDB . 2135552 . . [5.1.2600.2622] . . g:\windows\$NtUninstallKB956572_0$\ntoskrnl.exe
[-] 2004-08-04 . 626309040459C3915997EF98EC1C8D40 . 2148352 . . [5.1.2600.2180] . . g:\windows\$NtUninstallKB890859$\ntoskrnl.exe

[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . g:\windows\ServicePackFiles\i386\powrprof.dll
[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . g:\windows\system32\powrprof.dll
[-] 2004-08-04 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . . g:\windows\$NtServicePackUninstall$\powrprof.dll

[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . g:\windows\ServicePackFiles\i386\scecli.dll
[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . g:\windows\system32\scecli.dll
[-] 2004-08-04 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . . g:\windows\$NtServicePackUninstall$\scecli.dll

[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . g:\windows\ServicePackFiles\i386\sfc.dll
[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . g:\windows\system32\sfc.dll
[-] 2004-08-04 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . g:\windows\$NtServicePackUninstall$\sfc.dll

[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . g:\windows\ServicePackFiles\i386\svchost.exe
[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . g:\windows\system32\svchost.exe
[-] 2004-08-04 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . g:\windows\$NtServicePackUninstall$\svchost.exe

[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . g:\windows\ServicePackFiles\i386\tapisrv.dll
[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . g:\windows\system32\tapisrv.dll
[-] 2005-07-08 . 1418A3A6E76E5A2E3F5E43866E793A8B . 249344 . . [5.1.2600.2716] . . g:\windows\$hf_mig$\KB893756\SP2QFE\tapisrv.dll
[-] 2005-07-08 . FB78839B36025AA286A51289ED28B73E . 249344 . . [5.1.2600.2716] . . g:\windows\$NtServicePackUninstall$\tapisrv.dll
[-] 2004-08-04 . EB4A4187D74A8EFDCBEA3EA2CB1BDFBD . 246272 . . [5.1.2600.2180] . . g:\windows\$NtUninstallKB893756$\tapisrv.dll

[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . g:\windows\ServicePackFiles\i386\user32.dll
[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . g:\windows\system32\user32.dll
[-] 2005-03-02 . 1800F293BCCC8EDE8A70E12B88D80036 . 577024 . . [5.1.2600.2622] . . g:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[-] 2005-03-02 . DE2DB164BBB35DB061AF0997E4499054 . 577024 . . [5.1.2600.2622] . . g:\windows\$NtServicePackUninstall$\user32.dll
[-] 2004-08-04 . C72661F8552ACE7C5C85E16A3CF505C4 . 577024 . . [5.1.2600.2180] . . g:\windows\$NtUninstallKB890859$\user32.dll

[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . g:\windows\ServicePackFiles\i386\userinit.exe
[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . g:\windows\system32\userinit.exe
[-] 2004-08-04 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . g:\windows\$NtServicePackUninstall$\userinit.exe

[-] 2010-06-24 . 60237E50D575FBA9BEC9BC043F157149 . 919040 . . [8.00.6001.23037] . . g:\windows\$hf_mig$\KB2183461-IE8\SP3QFE\wininet.dll
[-] 2010-06-24 . D3DEB6B2B424AC93DE3801EAEB21A9A5 . 916480 . . [8.00.6001.18939] . . g:\windows\system32\wininet.dll
[-] 2010-06-24 . D3DEB6B2B424AC93DE3801EAEB21A9A5 . 916480 . . [8.00.6001.18939] . . g:\windows\system32\dllcache\wininet.dll
[-] 2010-05-06 . 2D9C7B010409372C34F725DA5CCED083 . 916480 . . [8.00.6001.18923] . . g:\windows\ie8updates\KB2183461-IE8\wininet.dll
[-] 2010-05-06 . 2D9C7B010409372C34F725DA5CCED083 . 916480 . . [8.00.6001.18923] . . g:\windows\SoftwareDistribution\Download\e9e3bc7b49018c1f53cc0d1bd73cad37\SP3GDR\wininet.dll
[-] 2010-05-06 . C1490F68B44AF8B781F52F12F564625D . 919040 . . [8.00.6001.23014] . . g:\windows\$hf_mig$\KB982381-IE8\SP3QFE\wininet.dll
[-] 2010-05-06 . C1490F68B44AF8B781F52F12F564625D . 919040 . . [8.00.6001.23014] . . g:\windows\SoftwareDistribution\Download\e9e3bc7b49018c1f53cc0d1bd73cad37\SP3QFE\wininet.dll
[-] 2010-04-16 . B43B18FB0EB577856883E5A0708AB9EF . 667136 . . [6.00.2900.5969] . . g:\windows\$hf_mig$\KB982381\SP3GDR\wininet.dll
[-] 2010-04-16 . C3052A99A24F462B418632A05328BB38 . 668672 . . [6.00.2900.5969] . . g:\windows\$hf_mig$\KB982381\SP3QFE\wininet.dll
[-] 2010-04-16 . 602BB82E56758BC6E50B17741CD5F081 . 662016 . . [6.00.2900.3698] . . g:\windows\ie8\wininet.dll
[-] 2010-04-16 . 9CE5DEF97E55E52C23201098DB755280 . 668672 . . [6.00.2900.3698] . . g:\windows\$hf_mig$\KB982381\SP2QFE\wininet.dll
[-] 2009-03-08 . 6CE32F7778061CCC5814D5E0F282D369 . 914944 . . [8.00.6001.18702] . . g:\windows\ie8updates\KB982381-IE8\wininet.dll
[-] 2008-04-14 . 7A4F775ABB2F1C97DEF3E73AFA2FAEDD . 666112 . . [6.00.2900.5512] . . g:\windows\ServicePackFiles\i386\wininet.dll
[-] 2006-06-23 18:33 . 7E7760C7F263EC7A740EE265B263F770 . 575488 . . [6.00.2800.1559] . . g:\windows\SoftwareDistribution\Download\a6392ee21d2c4ac260d9625143b6b111\rtmgdr\wininet.dll
[-] 2006-06-23 18:29 . 40F777875DFA05CD61FD1E8A593BE8E9 . 587776 . . [6.00.2800.1560] . . g:\windows\SoftwareDistribution\Download\a6392ee21d2c4ac260d9625143b6b111\RTMQFE\wininet.dll
[-] 2004-08-04 . C0823FC5469663BA63E7DB88F9919D70 . 656384 . . [6.00.2900.2180] . . g:\windows\$NtServicePackUninstall$\wininet.dll
[-] 2004-08-04 . C0823FC5469663BA63E7DB88F9919D70 . 656384 . . [6.00.2900.2180] . . g:\windows\$NtUninstallKB982381$\wininet.dll

[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . g:\windows\ServicePackFiles\i386\ws2_32.dll
[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . g:\windows\system32\ws2_32.dll
[-] 2004-08-04 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180] . . g:\windows\$NtServicePackUninstall$\ws2_32.dll

[-] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . g:\windows\ServicePackFiles\i386\ws2help.dll
[-] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . g:\windows\system32\ws2help.dll
[-] 2004-08-04 . 9BEACB911CA61E5881102188AB7FB431 . 19968 . . [5.1.2600.2180] . . g:\windows\$NtServicePackUninstall$\ws2help.dll

[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . g:\windows\explorer.exe
[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . g:\windows\ServicePackFiles\i386\explorer.exe
[-] 2004-08-04 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . g:\windows\$NtServicePackUninstall$\explorer.exe

[-] 2008-04-14 . ECCE74BC6168375016450A86A164D976 . 1287168 . . [5.1.2600.5512] . . g:\windows\ServicePackFiles\i386\ole32.dll
[-] 2008-04-14 . ECCE74BC6168375016450A86A164D976 . 1287168 . . [5.1.2600.5512] . . g:\windows\system32\ole32.dll
[-] 2005-07-26 . AB8231D13692AC5088EB9C226B0C0576 . 1285120 . . [5.1.2600.2726] . . g:\windows\SoftwareDistribution\Download\b93f60ba19e546073f72c1a6c59659c8\sp2gdr\ole32.dll
[-] 2005-07-26 . F07397DBDBD249D379CFDEEE6D9BF545 . 1190400 . . [5.1.2600.1720] . . g:\windows\SoftwareDistribution\Download\b93f60ba19e546073f72c1a6c59659c8\sp1qfe\ole32.dll
[-] 2005-07-26 . A2F755E237FA2CDD748A80BFBE6657F3 . 1285632 . . [5.1.2600.2726] . . g:\windows\SoftwareDistribution\Download\b93f60ba19e546073f72c1a6c59659c8\sp2qfe\ole32.dll
[-] 2005-01-14 . ABDEF60CED7C04AB35A415EFB6B96D81 . 1285120 . . [5.1.2600.2595] . . g:\windows\$NtServicePackUninstall$\ole32.dll
[-] 2005-01-14 . 2E752611C9A9AE1B6BFD0DA03CF7F17E . 1284608 . . [5.1.2600.2595] . . g:\windows\$hf_mig$\KB873333\SP2QFE\ole32.dll
[-] 2004-08-04 . 4FE9D9FA62D020E35E0AC6D1AEEB96F0 . 1281536 . . [5.1.2600.2180] . . g:\windows\$NtUninstallKB873333$\ole32.dll

[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . g:\windows\ServicePackFiles\i386\srsvc.dll
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . g:\windows\system32\srsvc.dll
[-] 2004-08-04 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . g:\windows\$NtServicePackUninstall$\srsvc.dll

[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . g:\windows\ServicePackFiles\i386\wscntfy.exe
[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . g:\windows\system32\wscntfy.exe
[-] 2004-08-04 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . g:\windows\$NtServicePackUninstall$\wscntfy.exe

[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . g:\windows\ServicePackFiles\i386\xmlprov.dll
[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . g:\windows\system32\xmlprov.dll
[-] 2004-08-04 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . g:\windows\$NtServicePackUninstall$\xmlprov.dll

[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . g:\windows\ServicePackFiles\i386\eventlog.dll
[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . g:\windows\system32\eventlog.dll
[-] 2004-08-04 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . g:\windows\$NtServicePackUninstall$\eventlog.dll

[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . g:\windows\ServicePackFiles\i386\sfcfiles.dll
[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . g:\windows\system32\sfcfiles.dll
[-] 2004-08-04 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180] . . g:\windows\$NtServicePackUninstall$\sfcfiles.dll

[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . g:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . g:\windows\system32\ctfmon.exe
[-] 2004-08-04 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . g:\windows\$NtServicePackUninstall$\ctfmon.exe

[-] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . g:\windows\ServicePackFiles\i386\shsvcs.dll
[-] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . g:\windows\system32\shsvcs.dll
[-] 2004-08-04 . E7518DC542D3EBDCB80EDD98462C7821 . 134656 . . [6.00.2900.2180] . . g:\windows\$NtServicePackUninstall$\shsvcs.dll

[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . g:\windows\ServicePackFiles\i386\regsvc.dll
[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . g:\windows\system32\regsvc.dll
[-] 2004-08-04 . 3151427DB7D87107D1C5BE58FAC53960 . 59904 . . [5.1.2600.2180] . . g:\windows\$NtServicePackUninstall$\regsvc.dll

[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . g:\windows\ServicePackFiles\i386\schedsvc.dll
[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . g:\windows\system32\schedsvc.dll
[-] 2004-08-04 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180] . . g:\windows\$NtServicePackUninstall$\schedsvc.dll

[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . g:\windows\ServicePackFiles\i386\ssdpsrv.dll
[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . g:\windows\system32\ssdpsrv.dll
[-] 2004-08-04 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180] . . g:\windows\$NtServicePackUninstall$\ssdpsrv.dll

[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . g:\windows\ServicePackFiles\i386\termsrv.dll
[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . g:\windows\system32\termsrv.dll
[-] 2004-08-04 . B60C877D16D9C880B952FDA04ADF16E6 . 295424 . . [5.1.2600.2180] . . g:\windows\$NtServicePackUninstall$\termsrv.dll

[-] 2002-09-03 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . g:\windows\system32\drivers\acpiec.sys

[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . g:\windows\system32\dllcache\aec.sys
[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . g:\windows\system32\drivers\aec.sys
[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . g:\windows\ServicePackFiles\i386\aec.sys
[-] 2004-08-04 05:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . g:\windows\$NtServicePackUninstall$\aec.sys

[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . g:\windows\ServicePackFiles\i386\agp440.sys
[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . g:\windows\system32\dllcache\agp440.sys
[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . g:\windows\system32\drivers\AGP440.SYS
[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . g:\windows\system32\ReinstallBackups\0008\DriverFiles\i386\AGP440.SYS
[-] 2004-08-04 . 2C428FA0C3E3A01ED93C9B2A27D8D4BB . 42368 . . [5.1.2600.2180] . . g:\windows\$NtServicePackUninstall$\agp440.sys

[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . g:\windows\ServicePackFiles\i386\ip6fw.sys
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . g:\windows\system32\drivers\ip6fw.sys
[-] 2004-08-04 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . g:\windows\$NtServicePackUninstall$\ip6fw.sys

[-] 2008-04-14 00:11 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . g:\windows\ServicePackFiles\i386\mfc40u.dll
[-] 2008-04-14 00:11 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . g:\windows\system32\mfc40u.dll
[-] 2002-09-03 16:41 . DDF8D47ACF8FC3FE5F7F2B95C4D4D136 . 924432 . . [4.1.6140] . . g:\windows\$NtServicePackUninstall$\mfc40u.dll

[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . g:\windows\ServicePackFiles\i386\msgsvc.dll
[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . g:\windows\system32\msgsvc.dll
[-] 2004-08-04 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180] . . g:\windows\$NtServicePackUninstall$\msgsvc.dll

[-] 2008-04-14 00:12 . C7E39EA41233E9F5B86C8DA3A9F1E4A8 . 52224 . . [9.0.1.56] . . g:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll
[-] 2006-10-19 04:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . g:\windows\system32\mspmsnsv.dll
[-] 2006-10-19 04:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . g:\windows\system32\dllcache\mspmsnsv.dll
[-] 2004-08-04 07:56 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . g:\windows\$NtServicePackUninstall$\mspmsnsv.dll
[-] 2004-08-04 07:56 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . g:\windows\ServicePackFiles\i386\mspmsnsv.dll

[-] 2010-04-28 . 756362706DE8BC92F11E197C98A73844 . 2066944 . . [5.1.2600.5973] . . g:\windows\$hf_mig$\KB981852\SP3QFE\ntkrnlpa.exe
[-] 2010-04-27 . DC57ABED7BDE1487E658968B4423BED7 . 2066816 . . [5.1.2600.5973] . . g:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2010-04-27 . 49E936E1398D1A536E84CD5D068F0F09 . 2024448 . . [5.1.2600.5973] . . g:\windows\system32\ntkrnlpa.exe
[-] 2010-04-27 . DC57ABED7BDE1487E658968B4423BED7 . 2066816 . . [5.1.2600.5973] . . g:\windows\system32\dllcache\ntkrnlpa.exe
[-] 2010-02-17 . 1811AFC2FADB60B88947E3D08E250860 . 2063744 . . [5.1.2600.3670] . . g:\windows\$hf_mig$\KB979683\SP2QFE\ntkrnlpa.exe
[-] 2010-02-16 . A046C627EC20456E2959B7BD628E1FD0 . 2066816 . . [5.1.2600.5938] . . g:\windows\$hf_mig$\KB979683\SP3GDR\ntkrnlpa.exe
[-] 2010-02-16 . E8B8801DE921912EBDEEFC76662F7EAD . 2024448 . . [5.1.2600.5938] . . g:\windows\$NtUninstallKB981852$\ntkrnlpa.exe
[-] 2010-02-16 . 26A901A1840E9E46FFFC6D09B9618CDF . 2016768 . . [5.1.2600.3670] . . g:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
[-] 2010-02-16 . DED8B5A89B085284634502E9D75AC78C . 2066944 . . [5.1.2600.5938] . . g:\windows\$hf_mig$\KB979683\SP3QFE\ntkrnlpa.exe
[-] 2009-02-08 . 5BA7F2141BC6DB06100D0E5A732C617A . 2066048 . . [5.1.2600.5755] . . g:\windows\$hf_mig$\KB956572\SP3GDR\ntkrnlpa.exe
[-] 2009-02-06 . B238AB60093BABFE76AEC8F34B4D399D . 2015744 . . [5.1.2600.3520] . . g:\windows\$NtUninstallKB979683_0$\ntkrnlpa.exe
[-] 2009-02-06 . 65D4220799E6FC2CB079070A6393CC0E . 2023936 . . [5.1.2600.5755] . . g:\windows\$NtUninstallKB979683$\ntkrnlpa.exe
[-] 2009-02-06 . 607352B9CB3D708C67F6039097801B5A . 2066176 . . [5.1.2600.5755] . . g:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[-] 2009-02-06 . 9D832AF3FD1917DB0E1E8B2F000A2E3A . 2062976 . . [5.1.2600.3520] . . g:\windows\$hf_mig$\KB956572\SP2QFE\ntkrnlpa.exe
[-] 2008-04-13 . 7F653A89F6E89E3AE0D49830EECE35D4 . 2023936 . . [5.1.2600.5512] . . g:\windows\$NtUninstallKB956572$\ntkrnlpa.exe
[-] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . g:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[-] 2005-03-02 . D8ABA3EAB509627E707A3B14F00FBB6B . 2056832 . . [5.1.2600.2622] . . g:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
[-] 2005-03-02 . 3CD941E472DDF3534E53038535719771 . 2015232 . . [5.1.2600.2622] . . g:\windows\$NtUninstallKB956572_0$\ntkrnlpa.exe
[-] 2004-08-04 . FB142B7007CA2EEA76966C6C5CC12150 . 2015232 . . [5.1.2600.2180] . . g:\windows\$NtUninstallKB890859$\ntkrnlpa.exe

[-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . g:\windows\ServicePackFiles\i386\ntmssvc.dll
[-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . g:\windows\system32\ntmssvc.dll
[-] 2004-08-04 07:56 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . . g:\windows\$NtServicePackUninstall$\ntmssvc.dll

[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . g:\windows\ServicePackFiles\i386\upnphost.dll
[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . g:\windows\system32\upnphost.dll
[-] 2004-08-04 . 0546477BDE979E33294FE97F6B3DE84A . 185344 . . [5.1.2600.2180] . . g:\windows\$NtServicePackUninstall$\upnphost.dll

[-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . g:\windows\ServicePackFiles\i386\dsound.dll
[-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . g:\windows\system32\dsound.dll
[-] 2004-08-04 . 55E148C01296696588EAFA425782C3E8 . 367616 . . [5.3.2600.2180] . . g:\windows\$NtServicePackUninstall$\dsound.dll

[-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . g:\windows\ServicePackFiles\i386\d3d9.dll
[-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . g:\windows\system32\d3d9.dll
[-] 2004-08-04 . D67BDBBDA86CC9AEEBBAF3217C1717D8 . 1689088 . . [5.03.2600.2180] . . g:\windows\$NtServicePackUninstall$\d3d9.dll

[-] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . g:\windows\ServicePackFiles\i386\ddraw.dll
[-] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . g:\windows\system32\ddraw.dll
[-] 2004-08-04 . 7ED462F353B3D915A418A689FA881F96 . 266240 . . [5.03.2600.2180] . . g:\windows\$NtServicePackUninstall$\ddraw.dll

[-] 2008-04-14 00:12 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . g:\windows\ServicePackFiles\i386\olepro32.dll
[-] 2008-04-14 00:12 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . g:\windows\system32\olepro32.dll
[-] 2004-08-04 07:56 . B48D3193DD1474DCBCC32BF4779AC698 . 83456 . . [5.1.2600.2180] . . g:\windows\$NtServicePackUninstall$\olepro32.dll

[-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . g:\windows\ServicePackFiles\i386\perfctrs.dll
[-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . g:\windows\system32\perfctrs.dll
[-] 2004-08-04 . 96492C721C6EA517E2BFD5381FEF55E3 . 39936 . . [5.1.2600.2180] . . g:\windows\$NtServicePackUninstall$\perfctrs.dll

[-] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . g:\windows\ServicePackFiles\i386\version.dll
[-] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . g:\windows\system32\version.dll
[-] 2004-08-04 . D38408967BE738D0C1B47005BCE8CEEB . 18944 . . [5.1.2600.2180] . . g:\windows\$NtServicePackUninstall$\version.dll

g:\windows\System32\drivers\tcpip.sys ... is missing !!
.
((((((((((((((((((((((((((((( SnapShot@2010-10-06_04.39.25 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-10-07 03:03 . 2010-10-07 03:03 16384 g:\windows\Temp\Perflib_Perfdata_3dc.dat
- 2010-09-21 04:28 . 2010-09-21 04:28 16384 g:\windows\Temp\Perflib_Perfdata_3dc.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="g:\windows\System32\NvCpl.dll" [2003-04-24 4616192]
"Adobe Reader Speed Launcher"="g:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="g:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 122880]
"QuickTime Task"="g:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"LogonStudio"="g:\program files\WinCustomize\LogonStudio\logonstudio.exe" [2005-09-07 987187]
"SearchSettings"="g:\program files\pdfforge Toolbar\SearchSettings.exe" [2010-01-08 974848]
"HP Software Update"="g:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]
"iTunesHelper"="g:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"SunJavaUpdateSched"="g:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"MSSE"="g:\program files\Microsoft Security Essentials\msseces.exe" [2010-06-01 1093208]
"Malwarebytes Anti-Malware (reboot)"="g:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
"avast5"="g:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="g:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "g:\program files\Stardock\Fences\FencesMenu.dll" [2009-10-02 128360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "g:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\klmdb.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"g:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"g:\\Program Files\\Vuze\\Azureus.exe"=
"g:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"g:\\Program Files\\iTunes\\iTunes.exe"=
"g:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=

R2 gupdate;Google Update Service (gupdate);g:\program files\Google\Update\GoogleUpdate.exe [2010-06-14 136176]
S1 aswSP;aswSP; [x]
S2 Application Updater;Application Updater;g:\program files\Application Updater\ApplicationUpdater.exe [2010-01-08 380928]
S2 aswFsBlk;aswFsBlk; [x]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08
.
Contents of the 'Scheduled Tasks' folder

2010-07-26 g:\windows\Tasks\AppleSoftwareUpdate.job
- g:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 18:50]

2010-09-12 g:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- g:\program files\Google\Update\GoogleUpdate.exe [2010-06-14 08:15]

2010-09-12 g:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- g:\program files\Google\Update\GoogleUpdate.exe [2010-06-14 08:15]

2010-09-12 g:\windows\Tasks\MP Scheduled Scan.job
- g:\program files\Microsoft Security Essentials\MpCmdRun.exe [2010-03-26 04:40]

2010-09-12 g:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-507921405-362288127-682003330-1004.job
- g:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 10:02]

2010-09-10 g:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-507921405-362288127-682003330-1004.job
- g:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 10:02]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - g:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: En&queue current page with Bulk Image Downloader - file://g:\program files\Bulk Image Downloader\iemenu\iebidqueue.htm
IE: Enqueue link target with Bulk Ima&ge Downloader - file://g:\program files\Bulk Image Downloader\iemenu\iebidlinkqueue.htm
IE: Open &link target with Bulk Image Downloader - file://g:\program files\Bulk Image Downloader\iemenu\iebidlink.htm
IE: Open current page with Bulk I&mage Downloader - file://g:\program files\Bulk Image Downloader\iemenu\iebid.htm
DPF: DirectAnimation Java Classes - file://g:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://g:\windows\Java\classes\xmldso.cab
FF - ProfilePath - g:\documents and settings\Donovan Gerrans\Application Data\Mozilla\Firefox\Profiles\e7oi83pg.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - component: g:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: g:\program files\pdfforge Toolbar\FF\components\pdfforgeToolbarFF.dll
FF - component: g:\program files\pdfforge Toolbar\SSFF\components\SearchSettingsFF.dll
FF - plugin: g:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: g:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: g:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: g:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - g:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
g:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
g:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
g:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1104)
g:\windows\system32\WININET.dll
.
Completion time: 2010-10-06 20:26:33
ComboFix-quarantined-files.txt 2010-10-07 03:26
ComboFix2.txt 2010-10-06 04:47

Pre-Run: 130,405,228,544 bytes free
Post-Run: 130,394,017,792 bytes free

- - End Of File - - A0930A4CB9C6E5CBFC33B8D0D6827AE7
  • 0

#12
Salagubang
Posted 13 October 2010 - 11:35 PM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
Hi johonn,

Can you please confirm if "Recovery Console" was successfully installed on the infected machine.
  • 0

#13
johonn
Posted 14 October 2010 - 04:38 PM

johonn

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 120 posts
It is, to the best of my knowledge.
  • 0

#14
Salagubang
Posted 14 October 2010 - 06:47 PM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
Hi johonn,

Do you have the original XP installation CD handy?

Step One

It is advisable to protect your USB sticks and other removable drives from infections spreading between them and the PC's which they are plugged into. Please go onto your other PC and run the following program which will protect your USB drives. Note - it cannot be run on this PC as it is not compatible with Windows 7.

Flash Drive Disinfector

  • Download Flash_Disinfector.exe by sUBs from here and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.

Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you run it. Don't delete this folder...it will help protect your drives from future infection.



StepTwo

We need to find what application that's having a lock over the Windows
Clipboard. David Candy's application should determine the Process that's
causing the problem.
  • Download GetOpenClipboardWindow.zip from here
  • Unzip and run the tool. Post back what it reports.


Step Three

  • Download Dial-a-fix from this location.
  • When you download it, double-click on it to extract all of its files. Then open the folder it creates. Double-click on the file called Dial-a-fix.
  • Click on the box called Fix SSL/HTTPS/Cryptography and make sure all of its sub-boxes are checked too.
  • Now, at the bottom-left corner, click on GO.


Posted Image
Restart your computer.

This procedure doesn't always work, but it performs almost all the same complicated procedures that you would have to do manually.



Step Four

On the clean computer.

3. Open notepad and copy/paste the text in the quotebox below into it:

Killall::

SRPeek::
G:\WINDOWS\system32\DRIVERS\netbt.sys
G:\WINDOWS\system32\DRIVERS\tcpip.sys
G:\WINDOWS\System32\drivers\afd.sys

Mia::
G:\WINDOWS\system32\DRIVERS\tcpip.sys

File::

Folder::

Registry::

Driver::


Save this as CFScript.txt, in the same location as ComboFix.exe i.e., USB stick.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
  • 0

#15
johonn
Posted 18 October 2010 - 07:20 PM

johonn

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 120 posts
My dad is trying to run that USB protection program, but he thinks that it may have locked up his computer - not the one that is having trouble. What did you mean by saying "it" is not compatible with Windows 7? The program, or his computer? None of our computers are running windows 7, so I'm not sure what you mean by that.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP