Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help

User Tag List

Browser redirection

This is a discussion on Browser redirection within the Virus/Trojan/Spyware Help forums, part of the Tech Support Forum category. Hello all, every time i click a link through a web browser it mainly takes me to florida-traffic.com or whatever,


Closed Thread
 
Thread Tools Search this Thread
Old 07-09-2010, 06:24 PM   #1
Registered Member
 
Join Date: Apr 2009
Posts: 26
OS: XP



Hello all, every time i click a link through a web browser it mainly takes me to florida-traffic.com or whatever, sometimes different. But if i type an actual website into the address bar it will goto that site, so its a browser related issue. I couldn't get gmer.exe to work, every time I click on it it restarts my computer, so im going to give you the dds, attach, and hijack this log. Thanks for your help.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:23:21 PM, on 07/09/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Access Remote PC 4\rpcsetup.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymSCUI.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HijackThis.exe

R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
O1 - Hosts: 84.16.244.15 www.google.com
O1 - Hosts: 84.16.244.15 us.search.yahoo.com
O1 - Hosts: 84.16.244.15 uk.search.yahoo.com
O1 - Hosts: 84.16.244.15 search.yahoo.com
O1 - Hosts: 84.16.244.15 www.google.com.br
O1 - Hosts: 84.16.244.15 www.google.it
O1 - Hosts: 84.16.244.15 www.google.es
O1 - Hosts: 84.16.244.15 www.google.co.jp
O1 - Hosts: 84.16.244.15 www.google.com.mx
O1 - Hosts: 84.16.244.15 www.google.ca
O1 - Hosts: 84.16.244.15 www.google.com.au
O1 - Hosts: 84.16.244.15 www.google.nl
O1 - Hosts: 84.16.244.15 www.google.co.za
O1 - Hosts: 84.16.244.15 www.google.be
O1 - Hosts: 84.16.244.15 www.google.gr
O1 - Hosts: 84.16.244.15 www.google.at
O1 - Hosts: 84.16.244.15 www.google.se
O1 - Hosts: 84.16.244.15 www.google.ch
O1 - Hosts: 84.16.244.15 www.google.pt
O1 - Hosts: 84.16.244.15 www.google.dk
O1 - Hosts: 84.16.244.15 www.google.fi
O1 - Hosts: 84.16.244.15 www.google.ie
O1 - Hosts: 84.16.244.15 www.google.no
O1 - Hosts: 84.16.244.15 www.google.de
O1 - Hosts: 84.16.244.15 www.google.fr
O1 - Hosts: 84.16.244.15 www.google.co.uk
O1 - Hosts: 84.16.244.15 www.bing.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [SWHelper] "C:\WINDOWS\system32\Macromed\Shockwave 10\PostUpdate.exe" 1013018 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SWHelper] "C:\WINDOWS\system32\Macromed\Shockwave 10\PostUpdate.exe" 1013018 (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - ESC Trusted Zone: https://*.update.microsoft.com
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - https://upload.facebook.com/controls/...oUploader5.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - https://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - https://upload.facebook.com/controls/...Uploader55.cab
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - https://lads.myspace.com/upload/MySpaceUploader2.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Access Remote PC Service 4.5 (RpcSvr4x) - Access Remote PC (www.access-remote-pc.com) - C:\Program Files\Access Remote PC 4\rpcsetup.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 7455 bytes


DDS (Ver_10-03-17.01) - NTFSx86
Run by Owner at 17:57:41.79 on 07/09/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.2.936.86.1033.18.2046.1409 [GMT -7:00]

AV: Windows Live OneCare *On-access scanning enabled* (Updated) {427ADFC3-B354-4A51-BE34-A9D4218E45C4}
FW: Windows Live OneCare Firewall *disabled* {A3899D22-27E6-4A7E-AE4E-2C106646DAAB}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
svchost.exe
C:\Program Files\Access Remote PC 4\rpcsetup.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Symantec Shared\Security Center\SymSCUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Owner\Desktop\dds.scr
C:\WINDOWS\system32\conime.exe

============== Pseudo HJT Report ===============

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyServer = http=127.0.0.1:5577
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: AOLSearchHook Class: {54eb34ea-e6be-4cfd-9f4f-c4a0c2eafa22} - c:\program files\aim search\AOLSearch.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AOLSearchHook Class: {54eb34ea-e6be-4cfd-9f4f-c4a0c2eafa22} - c:\program files\aim search\AOLSearch.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [AutoStartNPSAgent] c:\program files\samsung\samsung new pc studio\NPSAgent.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SunKistEM] c:\program files\digital media reader\shwiconem.exe
mRun: [OneCareUI] "c:\program files\microsoft windows onecare live\winssnotify.exe"
mRun: [NPSStartup]
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
dRunOnce: [SWHelper] "c:\windows\system32\macromed\shockwave 10\PostUpdate.exe" 1013018
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\limewi~1.lnk - c:\program files\limewire\LimeWire.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

Note: multiple HOSTS entries found. Please refer to Attach.txt

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\ai471edq.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - plugin: c:\documents and settings\owner\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npracplug.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\real\realarcade\plugins\mozilla\npracplug.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

============= SERVICES / DRIVERS ===============

R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2009-9-24 36608]
R3 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-4-8 53168]
S1 MpKsl60e8f4a4;MpKsl60e8f4a4;\??\c:\documents and settings\all users\application data\microsoft\onecare protection\definition updates\{95e113f0-fadd-4241-ab55-77a7e5a8ad62}\mpksl60e8f4a4.sys --> c:\documents and settings\all users\application data\microsoft\onecare protection\definition updates\{95e113f0-fadd-4241-ab55-77a7e5a8ad62}\MpKsl60e8f4a4.sys [?]
S1 MpKsl9b2d8487;MpKsl9b2d8487;\??\c:\documents and settings\all users\application data\microsoft\onecare protection\definition updates\{523999be-f1dd-468d-adac-6e585b4b4b00}\mpksl9b2d8487.sys --> c:\documents and settings\all users\application data\microsoft\onecare protection\definition updates\{523999be-f1dd-468d-adac-6e585b4b4b00}\MpKsl9b2d8487.sys [?]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-9-24 233472]
S2 OcHealthMon;Windows Live OneCare Health Monitor;c:\program files\microsoft windows onecare live\OcHealthMon.exe [2010-2-5 26120]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-5-6 24652]
S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter;\??\c:\windows\system32\drivers\nsdriver.sys --> c:\windows\system32\drivers\NSDriver.sys [?]
S3 Ad-Watch Real-Time Scanner;AW Real-Time Scanner;\??\c:\windows\system32\drivers\awrtpd.sys --> c:\windows\system32\drivers\AWRTPD.sys [?]
S3 Ad-Watch Registry Filter;Ad-Watch Registry Kernel Filter;\??\c:\windows\system32\drivers\awrtrd.sys --> c:\windows\system32\drivers\AWRTRD.sys [?]

=============== Created Last 30 ================

2010-07-10 00:52:23 388608 ----a-w- C:\HijackThis.exe
2010-07-10 00:44:27 0 d-----w- c:\program files\ASIO4ALL v2
2010-07-10 00:44:26 0 d-----w- c:\docume~1\owner\applic~1\Facebook
2010-07-10 00:44:08 0 d-----w- c:\program files\SystemRequirementsLab
2010-07-10 00:07:10 0 d-----w- c:\windows\system32\wbem\Repository
2010-07-10 00:05:56 0 d-----w- c:\program files\Viewpoint
2010-07-07 22:52:38 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-07 20:08:32 0 d-----w- c:\docume~1\alluse~1\applic~1\DivX
2010-07-02 05:16:50 43077 ----a-w- C:\tzH0aB1278049233.jpg
2010-07-02 05:15:19 12530 ----a-w- C:\18079_105567949460574_100000221079148_144600_901469_n.jpg
2010-07-02 00:25:13 856 ----a-w- c:\windows\system32\drivers\kgpfr2.cfg
2010-07-02 00:24:48 3088 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2010-07-02 00:15:33 0 d-----w- c:\docume~1\alluse~1\applic~1\SITEguard
2010-07-02 00:15:21 675840 ---ha-w- C:\SZKGFS.dat
2010-07-02 00:14:29 0 d-----w- c:\program files\common files\iS3
2010-07-02 00:14:28 0 d-----w- c:\docume~1\alluse~1\applic~1\STOPzilla!
2010-07-01 23:43:35 6153352 ----a-w- C:\mbam-setup.exe
2010-07-01 22:53:06 6153352 ----a-w- C:\mbam-setup-1.46.exe
2010-07-01 06:14:03 55168 ----a-w- c:\windows\system32\drivers\quhijjwk.sys
2010-07-01 05:30:23 905616 ----a-w- C:\Funny Voice.mp3
2010-06-30 06:16:10 55168 ----a-w- c:\windows\system32\drivers\dlzufxgb.sys
2010-06-29 16:35:46 55168 ----a-w- c:\windows\system32\drivers\ctgapenb.sys
2010-06-28 06:48:32 55168 ----a-w- c:\windows\system32\drivers\cinjmwma.sys
2010-06-27 06:30:23 55168 ----a-w- c:\windows\system32\drivers\vytqohjf.sys
2010-06-26 16:43:47 55168 ----a-w- c:\windows\system32\drivers\orhntmbd.sys
2010-06-25 19:38:29 55168 ----a-w- c:\windows\system32\drivers\dedstcsr.sys
2010-06-24 21:11:52 55168 ----a-w- c:\windows\system32\drivers\gkoceznv.sys
2010-06-23 22:53:48 55168 ----a-w- c:\windows\system32\drivers\fpgjtcvm.sys
2010-06-23 18:47:01 55168 ----a-w- c:\windows\system32\drivers\qjmfdqhm.sys
2010-06-20 03:09:19 0 d-----w- C:\SWGEmu
2010-06-20 02:38:38 0 d-sh--w- c:\documents and settings\owner\IETldCache
2010-06-20 02:13:10 0 dc-h--w- c:\windows\ie8
2010-06-20 00:17:04 0 d-----w- c:\program files\DAEMON Tools Lite
2010-06-20 00:16:51 0 d-----w- c:\docume~1\owner\applic~1\DAEMON Tools Lite
2010-06-20 00:16:47 0 d-----w- c:\docume~1\alluse~1\applic~1\DAEMON Tools Lite
2010-06-20 00:15:14 9591104 ----a-w- C:\DTLite4356-0091.exe
2010-06-19 22:17:18 3067400 ----a-w- C:\Setup_MagicISO.exe
2010-06-18 04:50:26 251 ----a-w- C:\filezilla.doc
2010-06-17 18:54:50 2839304 ----a-w- c:\program files\Springmeier_Wheeler_-_Illuminati_Formula_Mind_Control_Slave.zip
2010-06-11 02:51:46 794408 ----a-w- c:\program files\pbsvc.exe
2010-06-11 01:22:38 735889 ----a-w- c:\program files\pbsetup.zip
2010-06-10 17:58:30 556774795 ----a-w- c:\program files\BF2_Patch_1.4.zip
2010-06-10 17:56:26 2067515943 ----a-w- c:\program files\BF2_Patch_1.50.exe
2010-06-10 03:39:44 0 d-----w- c:\program files\EA GAMES

==================== Find3M ====================

2010-07-10 00:45:22 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-07-10 00:45:18 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2010-06-24 22:44:44 34692 ----a-w- c:\docume~1\owner\applic~1\wklnhst.dat
2010-06-20 00:17:11 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-06-12 01:47:21 215128 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-06-12 00:01:58 138384 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-06-11 02:58:30 139152 ----a-w- c:\docume~1\owner\applic~1\PnkBstrK.sys
2010-05-28 00:09:00 41872 ----a-w- c:\windows\system32\xfcodec.dll
2010-04-16 15:33:36 3003680 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-04-11 22:10:08 39252 ---ha-w- c:\windows\system32\mlfcache.dat
1998-08-24 19:09:10 10000 ----a-w- c:\windows\inf\unregpn.exe

============= FINISH: 17:59:17.92 ===============
Attached Files
File Type: zip Attach.zip (5.0 KB, 26 views)
ATTOJ1 is offline  
Sponsored Links
Advertisement
 
Old 07-10-2010, 07:21 PM   #2
Security Team
Analyst
 
Join Date: Sep 2007
Location: West Coast of Florida
Posts: 1,383
OS: Windows 7 Ultimate 64bit



Welcome to TSF :)

Please download Malwarebytes' Anti-Malware from Here.



Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:



If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.


=======================================

  • Download OTL.exe to your desktop.
  • Double-Click on OTL to run it.
  • When the window appears, underneath Output at the top change it to Standard Output.
  • Under the Standard Registry box change it to All.
  • Under Custom scan's and fixes section paste in the below in bold


netsvcs
%SYSTEMDRIVE%\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\drivers\*.sys /90

  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
  • When the scan completes, it will open two notepad windows. OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
sjpritch25 is offline  
Old 07-11-2010, 03:41 PM   #3
Registered Member
 
Join Date: Apr 2009
Posts: 26
OS: XP



OTL logfile created on: 07/11/2010 11:53:24 AM - Run 1
OTL by OldTimer - Version 3.2.9.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 63.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 2 2047 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.29 Gb Total Space | 36.00 Gb Free Space | 24.78% Space Free | Partition Type: NTFS
Drive D: | 3.75 Gb Total Space | 1.68 Gb Free Space | 44.86% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-7648F3E7A0
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/07/11 11:52:02 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2010/04/28 1524 | 010,358,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe
PRC - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/03/30 14:44:52 | 000,307,672 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/02/05 17:19:46 | 000,065,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
PRC - [2010/02/05 17:19:44 | 001,141,112 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Windows OneCare Live\winss.exe
PRC - [2010/02/05 17:19:42 | 000,026,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe
PRC - [2008/07/09 17:05:22 | 000,018,704 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
PRC - [2007/11/27 22:56:32 | 000,755,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
PRC - [2007/06/13 03:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/06/21 13:21:52 | 001,277,952 | ---- | M] (Access Remote PC (www.access-remote-pc.com)) -- C:\Program Files\Access Remote PC 4\rpcsetup.exe
PRC - [2004/08/05 18:23:08 | 000,382,080 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\Security Center\SymSCUI.exe


========== Modules (SafeList) ==========

MOD - [2010/07/11 11:52:02 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
MOD - [2006/08/25 08:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2004/08/04 12:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/02/05 17:19:44 | 001,141,112 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Windows OneCare Live\winss.exe -- (winss)
SRV - [2010/02/05 17:19:42 | 000,026,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe -- (OcHealthMon)
SRV - [2009/04/30 17:01:10 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2009/02/19 09:34:32 | 000,233,472 | ---- | M] (Teruten) [Auto | Stopped] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2008/07/09 17:05:22 | 000,018,704 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe -- (OneCareMP)
SRV - [2008/04/07 09:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2007/11/27 22:56:32 | 000,755,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe -- (msfwsvc)
SRV - [2007/01/04 14:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Stopped] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2005/06/21 13:21:52 | 001,277,952 | ---- | M] (Access Remote PC (www.access-remote-pc.com)) [Auto | Running] -- C:\Program Files\Access Remote PC 4\rpcsetup.exe -- (RpcSvr4x)
SRV - [2005/01/28 02:07:47 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
SRV - [2004/11/02 16:59:50 | 000,316,544 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe -- (SymWSC)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\XTrapD12.sys -- (XTrapD12)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | System | Stopped] -- C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Definition Updates\{523999BE-F1DD-468D-ADAC-6E585B4B4B00}\MpKsl9b2d8487.sys -- (MpKsl9b2d8487)
DRV - File not found [Kernel | System | Stopped] -- C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Definition Updates\{95E113F0-FADD-4241-AB55-77A7E5A8AD62}\MpKsl60e8f4a4.sys -- (MpKsl60e8f4a4)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\KMW_KBD.sys -- (KMW_KBD)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\AWRTRD.sys -- (Ad-Watch Registry Filter)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\AWRTPD.sys -- (Ad-Watch Real-Time Scanner)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\NSDriver.sys -- (Ad-Watch Connect Filter)
DRV - [2010/06/19 17:17:11 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/06/11 17:01:58 | 000,138,384 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PnkBstrK.sys -- (PnkBstrK)
DRV - [2010/02/11 05:01:43 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009/09/27 17:12:22 | 007,655,872 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2009/06/07 16:29:18 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/04/30 17:00:12 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/04/30 16:03:30 | 000,023,832 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2009/04/30 16:03:08 | 006,754,712 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam 300(UVC)
DRV - [2009/04/30 16:01:36 | 000,265,496 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2009/04/30 16:00:00 | 000,114,712 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2009/02/19 09:34:30 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2008/05/15 16:15:16 | 000,053,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MpFilter.sys -- (MpFilter)
DRV - [2007/11/27 22:56:30 | 000,116,416 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\msfwhlpr.sys -- (MSFWHLPR)
DRV - [2007/11/27 22:56:28 | 000,091,328 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\msfwdrv.sys -- (MSFWDrv)
DRV - [2007/09/17 15:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/07/03 16:58:20 | 000,106,792 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2007/07/03 16:57:24 | 000,011,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2007/07/03 16:54:24 | 000,080,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2006/06/27 17:42:14 | 003,972,672 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/05/11 01:33:12 | 000,032,256 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdrbsdrv.sys -- (cdrbsdrv)
DRV - [2004/11/15 18:41:54 | 000,036,804 | ---- | M] (Alcor Micro Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Sunkfilt.sys -- (SunkFilt)
DRV - [2004/08/04 12:00:00 | 000,088,448 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2004/08/04 12:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004/08/04 12:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2004/08/04 12:00:00 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2004/08/04 12:00:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fsvga.sys -- (FsVga)
DRV - [2004/08/04 06:07:44 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2004/08/04 06:07:44 | 000,041,088 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2004/08/04 00:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2004/08/03 23:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/06/17 15:56:22 | 000,220,032 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2004/06/17 15:55:38 | 000,685,056 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/06/17 15:55:04 | 001,041,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/12/01 17:53:06 | 000,009,984 | ---- | M] (Kensington Technology Group) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\KMW_USB.sys -- (KMW_USB)
DRV - [2001/08/17 21:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 21:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 21:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 21:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 21:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 20:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 20:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 20:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 20:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 20:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 20:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 20:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 20:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 20:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 20:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 13:49:32 | 000,019,968 | ---- | M] (Macronix International Co., Ltd. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxnic.sys -- (mxnic)
DRV - [1999/09/20 0100 | 000,218,944 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\EMU10K1.SYS -- (EMU10K1)
DRV - [1999/06/16 01:00:00 | 000,160,832 | ---- | M] (Creative Technology Ltd.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\CTSYN.SYS -- (CTSYN)
DRV - [1999/02/09 01:00:00 | 000,027,264 | ---- | M] (Creative Technology Ltd.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\SFMAN.SYS -- (SFMAN)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = https://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = https://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = https://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = https://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = https://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = https://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = https://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = https://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://go.microsoft.com/fwlink/?LinkId=69157
IE - HKCU\..\URLSearchHook: {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll (America Online, Inc.)
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.19
FF - prefs.js..keyword.URL: "https://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/03/30 21:29:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/08 22:29:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6E19037A-12E3-4295-8915-ED48BC341614}: C:\Program Files\RelevantKnowledge
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/05 14:32:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/09 17:36:40 | 000,000,000 | ---D | M]

[2009/05/22 19:51:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2009/04/07 16:14:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/05/22 19:51:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\[email protected]
[2010/07/10 15:19:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ai471edq.default\extensions
[2009/07/09 08:51:17 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ai471edq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/05/06 20:37:01 | 000,000,000 | ---D | M] (AIM Toolbar) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ai471edq.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
[2009/12/28 19:19:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ai471edq.default\extensions\[email protected]
[2009/05/06 20:36:37 | 000,002,038 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ai471edq.default\searchplugins\AIM Search.xml
[2009/04/20 20:42:31 | 000,001,739 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ai471edq.default\searchplugins\aim-search.xml
[2010/01/18 18:29:23 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/03/30 14:44:58 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/03/30 14:44:52 | 000,023,000 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2010/03/30 14:44:52 | 000,134,616 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2009/05/13 14:55:22 | 001,044,480 | ---- | M] (The OpenSSL Project, https://www.openssl.org/) -- C:\Program Files\Mozilla Firefox\plugins\libdivx.dll
[2006/07/28 08:32:54 | 000,049,152 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
[2009/03/30 21:28:34 | 000,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2009/05/13 14:54:50 | 001,650,992 | ---- | M] (DivX,Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
[2009/05/26 19:18:22 | 000,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
[2006/08/07 11:32:12 | 001,376,560 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
[2010/03/30 14:44:55 | 000,065,496 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2009/02/27 12:13:42 | 000,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2010/06/03 17:33:30 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2010/06/03 17:33:30 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2010/06/03 17:33:30 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2010/06/03 17:33:30 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2010/06/03 17:33:30 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2010/06/03 17:33:30 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2010/06/03 17:33:30 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2005/04/27 13:10:49 | 000,102,400 | ---- | M] (RealNetworks) -- C:\Program Files\Mozilla Firefox\plugins\npracplug.dll
[2005/08/09 11:42:53 | 000,057,344 | ---- | M] (America Online, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npunagi2.dll
[2007/04/16 10:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
[2009/05/13 14:55:22 | 000,200,704 | ---- | M] (The OpenSSL Project, https://www.openssl.org/) -- C:\Program Files\Mozilla Firefox\plugins\ssldivx.dll
[2009/03/26 11:56:22 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2009/03/26 11:56:22 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2009/03/26 11:56:22 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/03/26 11:56:22 | 000,002,343 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2009/03/26 11:56:22 | 000,001,706 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009/03/26 11:56:22 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2009/03/26 11:56:22 | 000,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2010/07/09 17:52:50 | 000,000,794 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 84.16.244.15 www.google.com
O1 - Hosts: 84.16.244.15 us.search.yahoo.com
O1 - Hosts: 84.16.244.15 uk.search.yahoo.com
O1 - Hosts: 84.16.244.15 search.yahoo.com
O1 - Hosts: 84.16.244.15 www.google.com.br
O1 - Hosts: 84.16.244.15 www.google.it
O1 - Hosts: 84.16.244.15 www.google.es
O1 - Hosts: 84.16.244.15 www.google.co.jp
O1 - Hosts: 84.16.244.15 www.google.com.mx
O1 - Hosts: 84.16.244.15 www.google.ca
O1 - Hosts: 84.16.244.15 www.google.com.au
O1 - Hosts: 84.16.244.15 www.google.nl
O1 - Hosts: 84.16.244.15 www.google.co.za
O1 - Hosts: 84.16.244.15 www.google.be
O1 - Hosts: 84.16.244.15 www.google.gr
O1 - Hosts: 84.16.244.15 www.google.at
O1 - Hosts: 84.16.244.15 www.google.se
O1 - Hosts: 84.16.244.15 www.google.ch
O1 - Hosts: 84.16.244.15 www.google.pt
O1 - Hosts: 84.16.244.15 www.google.dk
O1 - Hosts: 84.16.244.15 www.google.fi
O1 - Hosts: 84.16.244.15 www.google.ie
O1 - Hosts: 84.16.244.15 www.google.no
O1 - Hosts: 84.16.244.15 www.google.de
O1 - Hosts: 84.16.244.15 www.google.fr
O1 - Hosts: 3 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AOLSearchHook Class) - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll (America Online, Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [NPSStartup] File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [OneCareUI] C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconEM.exe (Alcor Micro, Corp.)
O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} https://upload.facebook.com/controls/...oUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} https://download.macromedia.com/pub/s...irector/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} https://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} https://upload.facebook.com/controls/...Uploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} https://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} https://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} https://lads.myspace.com/upload/MySpaceUploader2.cab (MySpace Uploader Control)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} https://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} https://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get...nt/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.76.182 68.87.78.134
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/26 11:04:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2003/08/08 17:24:26 | 000,000,045 | -HS- | M] () - D:\autorun.inf.aug.8 -- [ FAT32 ]
O33 - MountPoints2\{4f63278d-8557-11d9-be24-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{4f63278d-8557-11d9-be24-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4f63278d-8557-11d9-be24-806d6172696f}\Shell\AutoRun\command - "" = C:\WINDOWS\System32\shell32.dll -- [2008/07/03 06:03:29 | 008,460,800 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{e1ec6b61-710a-11d9-b301-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{e1ec6b61-710a-11d9-b301-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e1ec6b61-710a-11d9-b301-806d6172696f}\Shell\AutoRun\command - "" = C:\WINDOWS\System32\shell32.dll -- [2008/07/03 06:03:29 | 008,460,800 | ---- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (71508254835867648)

========== Files/Folders - Created Within 30 Days ==========

[2010/07/11 11:52:06 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/07/11 11:39:53 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/07/11 11:39:50 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/07/10 23:17:22 | 000,055,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\uotzqyte.sys
[2010/07/09 23:10:50 | 000,055,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\cxqtaavb.sys
[2010/07/09 17:52:23 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\HijackThis.exe
[2010/07/09 17:44:27 | 000,000,000 | ---D | C] -- C:\Program Files\ASIO4ALL v2
[2010/07/09 17:44:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Facebook
[2010/07/09 17:44:08 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2010/07/09 17:44:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\SystemRequirementsLab
[2010/07/09 17:44:05 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2010/07/09 17:44:00 | 000,000,000 | ---D | C] -- C:\Program Files\Electronic Arts
[2010/07/09 17:05:56 | 000,000,000 | ---D | C] -- C:\Program Files\Viewpoint
[2010/07/07 15:52:38 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/07 13:08:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DivX
[2010/07/01 17:15:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SITEguard
[2010/07/01 17:14:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
[2010/07/01 17:14:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2010/07/01 16:58:49 | 000,390,656 | ---- | C] (iS3, Inc.) -- C:\Documents and Settings\Owner\Desktop\STOPzilla_Setup.exe
[2010/07/01 16:43:35 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\mbam-setup.exe
[2010/07/01 15:53:06 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\mbam-setup-1.46.exe
[2010/07/01 13:50:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/06/30 23:14:03 | 000,055,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\quhijjwk.sys
[2010/06/30 00:11:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple Computer
[2010/06/30 00:11:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Apple Computer
[2010/06/29 23:16:10 | 000,055,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dlzufxgb.sys
[2010/06/29 09:35:46 | 000,055,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ctgapenb.sys
[2010/06/27 23:48:32 | 000,055,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\cinjmwma.sys
[2010/06/26 23:30:23 | 000,055,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\vytqohjf.sys
[2010/06/26 09:43:47 | 000,055,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\orhntmbd.sys
[2010/06/25 12:38:29 | 000,055,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dedstcsr.sys
[2010/06/24 14:11:52 | 000,055,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\gkoceznv.sys
[2010/06/23 15:53:48 | 000,055,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fpgjtcvm.sys
[2010/06/23 11:47:01 | 000,055,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\qjmfdqhm.sys
[2010/06/22 11:16:54 | 001,990,728 | ---- | C] (Facebook, Inc.) -- C:\Documents and Settings\Owner\Desktop\Install_Facebook_Plug-In_1.0.3.exe
[2010/06/19 20:09:19 | 000,000,000 | ---D | C] -- C:\SWGEmu
[2010/06/19 19:38:38 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Owner\IETldCache
[2010/06/19 19:13:10 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/06/19 17:17:04 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2010/06/19 17:16:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\DAEMON Tools Lite
[2010/06/19 17:16:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010/06/19 17:15:14 | 009,591,104 | ---- | C] (DT Soft Ltd.) -- C:\DTLite4356-0091.exe
[2010/06/18 15:51:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\New Folder
[2010/06/18 15:43:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\nikon
[2010/06/15 21:56:02 | 013,004,984 | ---- | C] (TeamSpeak Systems GmbH) -- C:\Documents and Settings\Owner\Desktop\TeamSpeak3-Client-win32-3.0.0-beta22.exe
[2010/06/11 23:04:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2005/10/12 13:57:08 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\Implode.dll
[7 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]
[248 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[22 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[218 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/07/11 11:52:02 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/07/11 11:39:06 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\mbam-setup-1.46.exe
[2010/07/11 11:10:39 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/11 11:05:15 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/11 11:05:07 | 000,251,181 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010/07/11 11:03:18 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/11 11:03:16 | 2145,964,032 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/11 11:03:10 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2010/07/11 11:03:07 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2010/07/10 23:44:16 | 013,066,240 | ---- | M] () -- C:\Documents and Settings\Owner\NTUSER.DAT
[2010/07/10 23:17:22 | 000,055,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\uotzqyte.sys
[2010/07/09 23:10:50 | 000,055,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\cxqtaavb.sys
[2010/07/09 18:22:47 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\HijackThis.exe
[2010/07/09 18:17:32 | 000,005,079 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Attach.zip
[2010/07/09 18:00:01 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\gmer.zip
[2010/07/09 17:57:20 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2010/07/09 17:52:50 | 000,000,794 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/07/09 13:40:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/07/04 20:48:52 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/01 22:16:45 | 000,043,077 | ---- | M] () -- C:\tzH0aB1278049233.jpg
[2010/07/01 22:15:20 | 000,012,530 | ---- | M] () -- C:\18079_105567949460574_100000221079148_144600_901469_n.jpg
[2010/07/01 18:16:41 | 000,003,088 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2010/07/01 17:57:35 | 000,000,856 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpfr2.cfg
[2010/07/01 17:15:21 | 000,675,840 | -H-- | M] () -- C:\SZKGFS.dat
[2010/07/01 17:01:54 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2010/07/01 16:58:46 | 000,390,656 | ---- | M] (iS3, Inc.) -- C:\Documents and Settings\Owner\Desktop\STOPzilla_Setup.exe
[2010/07/01 16:43:51 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\mbam-setup.exe
[2010/07/01 16:21:50 | 004,275,706 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2010/07/01 15:15:16 | 034,595,056 | ---- | M] (PC Tools ) -- C:\Documents and Settings\Owner\Desktop\spyware-doctor.exe
[2010/06/30 23:14:03 | 000,055,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\quhijjwk.sys
[2010/06/30 22:30:11 | 000,905,616 | ---- | M] () -- C:\Funny Voice.mp3
[2010/06/29 23:16:10 | 000,055,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dlzufxgb.sys
[2010/06/29 09:35:46 | 000,055,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ctgapenb.sys
[2010/06/28 15:13:30 | 000,050,851 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\men ashh.jpg
[2010/06/27 23:48:32 | 000,055,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\cinjmwma.sys
[2010/06/26 23:30:23 | 000,055,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\vytqohjf.sys
[2010/06/26 09:43:47 | 000,055,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\orhntmbd.sys
[2010/06/25 12:38:29 | 000,055,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dedstcsr.sys
[2010/06/24 15:44:44 | 000,034,692 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat
[2010/06/24 15:44:44 | 000,010,240 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\2010 workout.wps
[2010/06/24 14:11:52 | 000,055,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\gkoceznv.sys
[2010/06/23 15:53:48 | 000,055,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fpgjtcvm.sys
[2010/06/23 11:47:01 | 000,055,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\qjmfdqhm.sys
[2010/06/22 11:16:50 | 001,990,728 | ---- | M] (Facebook, Inc.) -- C:\Documents and Settings\Owner\Desktop\Install_Facebook_Plug-In_1.0.3.exe
[2010/06/21 19:02:20 | 000,000,994 | ---- | M] () -- C:\WINDOWS\System32\ealregsnapshot1.reg
[2010/06/21 15:40:32 | 000,000,837 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Warhammer Online - Age of Reckoning.lnk
[2010/06/19 19:38:36 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/06/19 17:17:11 | 000,691,696 | ---- | M] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010/06/19 17:17:11 | 000,001,613 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DAEMON Tools Lite.lnk
[2010/06/19 17:15:45 | 009,591,104 | ---- | M] (DT Soft Ltd.) -- C:\DTLite4356-0091.exe
[2010/06/19 15:17:28 | 003,067,400 | ---- | M] () -- C:\Setup_MagicISO.exe
[2010/06/18 11:11:16 | 000,014,336 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\laurens resume.wps
[2010/06/17 22:01:34 | 000,000,251 | ---- | M] () -- C:\filezilla.doc
[2010/06/17 11:54:48 | 002,839,304 | ---- | M] () -- C:\Program Files\Springmeier_Wheeler_-_Illuminati_Formula_Mind_Control_Slave.zip
[2010/06/17 11:27:17 | 000,033,577 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Raze is a Hardcore PVP Sith Faction guild that was formed by three people who have been best friends since the sandboxe and have been gaming together for many years.rtf
[2010/06/15 21:57:15 | 013,004,984 | ---- | M] (TeamSpeak Systems GmbH) -- C:\Documents and Settings\Owner\Desktop\TeamSpeak3-Client-win32-3.0.0-beta22.exe
[2010/06/11 18:47:21 | 000,215,128 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr
[2010/06/11 17:01:58 | 000,138,384 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010/06/11 13:00:57 | 000,472,267 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\xlsviewer.zip
[2010/06/11 12:25:14 | 000,034,742 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\me and bri.jpg
[248 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[22 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[218 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/09 19:14:47 | 000,010,122 | ---- | C] () -- C:\Documents and Settings\Owner\hs_err_pid3760.log
[2010/07/09 18:17:32 | 000,005,079 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Attach.zip
[2010/07/09 18:00:05 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\gmer.zip
[2010/07/09 17:57:24 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2010/07/09 09:37:54 | 000,010,300 | ---- | C] () -- C:\Documents and Settings\Owner\hs_err_pid1444.log
[2010/07/01 22:16:50 | 000,043,077 | ---- | C] () -- C:\tzH0aB1278049233.jpg
[2010/07/01 22:15:19 | 000,012,530 | ---- | C] () -- C:\18079_105567949460574_100000221079148_144600_901469_n.jpg
[2010/07/01 17:25:13 | 000,000,856 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpfr2.cfg
[2010/07/01 17:24:48 | 000,003,088 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2010/07/01 17:15:21 | 000,675,840 | -H-- | C] () -- C:\SZKGFS.dat
[2010/07/01 16:29:38 | 2145,964,032 | -HS- | C] () -- C:\hiberfil.sys
[2010/06/30 22:30:23 | 000,905,616 | ---- | C] () -- C:\Funny Voice.mp3
[2010/06/28 15:13:28 | 000,050,851 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\men ashh.jpg
[2010/06/27 20:19:14 | 000,010,660 | ---- | C] () -- C:\Documents and Settings\Owner\hs_err_pid1784.log
[2010/06/21 15:40:32 | 000,000,837 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Warhammer Online - Age of Reckoning.lnk
[2010/06/20 21:31:51 | 000,010,240 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\2010 workout.wps
[2010/06/19 21:10:50 | 000,010,978 | ---- | C] () -- C:\Documents and Settings\Owner\hs_err_pid3196.log
[2010/06/19 17:17:11 | 000,001,613 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DAEMON Tools Lite.lnk
[2010/06/19 15:17:18 | 003,067,400 | ---- | C] () -- C:\Setup_MagicISO.exe
[2010/06/17 21:50:26 | 000,000,251 | ---- | C] () -- C:\filezilla.doc
[2010/06/17 11:54:50 | 002,839,304 | ---- | C] () -- C:\Program Files\Springmeier_Wheeler_-_Illuminati_Formula_Mind_Control_Slave.zip
[2010/06/17 11:27:16 | 000,033,577 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Raze is a Hardcore PVP Sith Faction guild that was formed by three people who have been best friends since the sandboxe and have been gaming together for many years.rtf
[2010/06/11 13:01:00 | 000,472,267 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\xlsviewer.zip
[2010/06/11 12:25:10 | 000,034,742 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\me and bri.jpg
[2010/05/27 17:09:00 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2010/01/18 01:03:22 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/12/28 19:32:22 | 000,082,289 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/11/03 20:45:06 | 000,138,384 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009/09/24 11:43:25 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2009/09/24 11:43:25 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2009/06/30 14:29:28 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009/05/08 11:13:04 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2009/04/30 17:00:12 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2009/04/27 20:36:23 | 000,000,088 | ---- | C] () -- C:\WINDOWS\DETEST32.INI
[2008/12/06 10:40:48 | 000,000,538 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2008/05/17 03:01:35 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2007/10/25 17:26:10 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2007/10/13 18:47:51 | 000,000,319 | ---- | C] () -- C:\WINDOWS\game.ini
[2007/09/13 20:10:02 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2007/07/30 19:55:28 | 000,000,037 | ---- | C] () -- C:\WINDOWS\System32\sysmwwod.dll
[2007/07/30 19:53:23 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2007/07/22 18:39:26 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2007/07/22 18:39:26 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2007/07/22 18:39:26 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2007/07/22 18:39:26 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2007/07/22 18:39:26 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2007/07/22 18:39:26 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2007/07/22 18:39:26 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2007/07/22 18:39:26 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2007/07/22 18:39:26 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2007/06/25 21:34:26 | 000,070,400 | ---- | C] () -- C:\WINDOWS\System32\PhysXLoader.dll
[2007/04/29 11:38:16 | 000,000,283 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2007/04/29 11:35:33 | 000,017,408 | ---- | C] () -- C:\WINDOWS\UnInstall.dll
[2007/04/29 11:35:33 | 000,000,028 | ---- | C] () -- C:\WINDOWS\CTDelLau.INI
[2006/12/15 17:32:02 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/11/30 20:38:46 | 000,000,068 | ---- | C] () -- C:\WINDOWS\IDMan.INI
[2006/06/04 19:54:22 | 000,364,544 | ---- | C] () -- C:\WINDOWS\js32.dll
[2006/06/02 08:43:35 | 000,364,544 | ---- | C] () -- C:\WINDOWS\System32\js32.dll
[2006/05/07 22:14:59 | 000,000,032 | ---- | C] () -- C:\WINDOWS\GunzLauncher.INI
[2005/10/12 13:57:09 | 000,748,167 | ---- | C] () -- C:\WINDOWS\System32\Co2c40en.dll
[2005/10/12 13:57:09 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\P2sodbc.dll
[2005/10/12 13:57:09 | 000,054,272 | ---- | C] () -- C:\WINDOWS\System32\P2irdao.dll
[2005/10/12 13:57:09 | 000,050,176 | ---- | C] () -- C:\WINDOWS\System32\P2ctdao.dll
[2005/10/12 13:57:09 | 000,039,936 | ---- | C] () -- C:\WINDOWS\System32\Crxlat32.dll
[2005/10/12 13:57:09 | 000,036,352 | ---- | C] () -- C:\WINDOWS\System32\P2bbnd.dll
[2005/10/12 13:57:00 | 000,000,167 | ---- | C] () -- C:\WINDOWS\teensmrt.ini
[2005/09/06 16:54:56 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2005/07/17 06:56:06 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\frapsvid.dll
[2005/06/01 10:02:10 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2005/06/01 10:02:10 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2005/06/01 10:02:10 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2005/05/10 21:10:27 | 000,000,520 | ---- | C] () -- C:\WINDOWS\netdet.ini
[2005/04/10 12:33:10 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/04/09 19:59:43 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2005/02/24 07:32:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2005/02/24 07:32:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2005/01/28 02:15:08 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2005/01/28 02:09:49 | 000,532,544 | ---- | C] () -- C:\WINDOWS\PIC.dll
[2005/01/28 02:09:49 | 000,024,576 | ---- | C] () -- C:\WINDOWS\HKNTDLL.dll
[2004/08/27 03:50:59 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/26 09:12:43 | 000,001,314 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/08/26 09:12:43 | 000,000,487 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[1997/09/12 01:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1997/09/12 01:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

========== LOP Check ==========

[2009/04/20 20:40:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2007/08/25 12:01:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2010/06/19 17:16:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2009/07/01 13:15:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FlashFXP
[2008/06/15 17:56:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2005/04/20 22:22:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OLYMPUS
[2009/09/24 11:47:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2010/07/01 17:15:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SITEguard
[2010/07/09 17:37:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2010/07/09 16:50:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/07/12 18:19:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tiger Install
[2010/07/09 17:44:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2006/12/16 23:17:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/06/03 17:36:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/04/14 14:51:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2006/12/15 17:34:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\acccore
[2009/04/05 15:46:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Aim
[2008/03/07 17:01:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Azureus
[2009/01/26 21:31:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\CasinoOnNet
[2007/07/09 18:30:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Costco Photo Viewer US
[2008/03/01 14:05:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DAEMON Tools
[2010/06/19 17:26:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DAEMON Tools Lite
[2009/03/26 18:01:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DAEMON Tools Pro
[2006/12/17 16:56:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DMCache
[2008/05/22 21:45:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Dreamlords
[2006/08/08 15:38:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\EBookSys
[2007/07/10 12:31:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Electronic Arts
[2010/07/09 17:44:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Facebook
[2010/06/17 22:50:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FileZilla
[2009/11/29 15:03:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GetRightToGo
[2006/12/17 18:54:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\IDM
[2006/05/06 18:02:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Kensington
[2007/04/29 15:30:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2009/07/13 20:02:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\LPECommon
[2006/07/22 21:50:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MSNInstaller
[2008/06/15 17:56:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\NCH Swift Sound
[2006/12/25 11:23:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OLYMPUS
[2007/08/23 21:34:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Orbit
[2009/09/24 11:47:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PC Suite
[2005/01/28 02:22:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SampleView
[2009/09/24 11:43:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Samsung
[2009/07/22 22:50:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Simple Star
[2009/09/27 12:27:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\StreamTorrent
[2010/07/09 17:44:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SystemRequirementsLab
[2005/04/11 15:05:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Template
[2007/09/11 18:23:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Turbine
[2010/07/09 17:39:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\uTorrent
[2010/07/09 16:50:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Viewpoint
[2007/05/08 18:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Walgreens
[2007/07/12 17:21:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\WinPatrol

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2008/10/11 17:26:22 | 000,023,184 | ---- | M] () -- C:\1037484_356x237.jpg
[2010/07/01 22:15:20 | 000,012,530 | ---- | M] () -- C:\18079_105567949460574_100000221079148_144600_901469_n.jpg
[2008/11/26 10:34:36 | 000,009,853 | ---- | M] () -- C:\500x100_original.jpg
[2009/03/29 09:16:19 | 000,012,764 | ---- | M] () -- C:\aaw7boot.log
[2004/08/26 11:04:39 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2007/11/15 16:00:07 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2009/04/21 19:54:40 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2008/10/12 16:10:08 | 000,002,806 | ---- | M] () -- C:\brand.gif
[2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2009/04/06 19:51:09 | 000,018,783 | ---- | M] () -- C:\ComboFix.txt
[2010/06/29 20:25:19 | 000,000,759 | ---- | M] () -- C:\comp.txt
[2004/08/26 11:04:39 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009/04/11 23:56:10 | 004,095,282 | ---- | M] () -- C:\DSCN0431.jpg
[2010/06/19 17:15:45 | 009,591,104 | ---- | M] (DT Soft Ltd.) -- C:\DTLite4356-0091.exe
[2010/06/17 22:01:34 | 000,000,251 | ---- | M] () -- C:\filezilla.doc
[2010/06/30 22:30:11 | 000,905,616 | ---- | M] () -- C:\Funny Voice.mp3
[2010/06/19 23:33:26 | 000,000,040 | ---- | M] () -- C:\gameservers.txt
[2010/07/11 11:03:16 | 2145,964,032 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/09 18:22:47 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\HijackThis.exe
[2010/07/09 18:23:21 | 000,007,456 | ---- | M] () -- C:\hijackthis.log
[2004/08/26 11:04:39 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/05/06 20:36:50 | 000,003,103 | -H-- | M] () -- C:\IPH.PH
[2006/10/31 16:23:41 | 036,808,256 | ---- | M] (Apple Computer, Inc.) -- C:\iTunesSetup.exe
[2010/07/11 11:39:06 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\mbam-setup-1.46.exe
[2010/07/01 16:43:51 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\mbam-setup.exe
[2004/08/26 11:04:39 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/03/24 20:25:18 | 000,000,250 | ---- | M] () -- C:\New Text Document (2).txt
[2008/04/27 20:18:36 | 000,000,056 | ---- | M] () -- C:\New Text Document (3).txt
[2008/10/28 15:52:12 | 000,000,024 | ---- | M] () -- C:\New Text Document (4).txt
[2009/06/03 19:13:13 | 000,000,026 | ---- | M] () -- C:\New Text Document (5).txt
[2009/06/10 12:52:45 | 000,000,043 | ---- | M] () -- C:\New Text Document (6).txt
[2009/06/24 16:28:00 | 000,000,032 | ---- | M] () -- C:\New Text Document (7).txt
[2008/03/20 10:34:13 | 000,000,029 | ---- | M] () -- C:\New Text Document.txt
[2004/08/04 12:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/04/05 14:08:40 | 000,250,032 | RHS- | M] () -- C:\ntldr
[2010/07/11 11:03:09 | 2145,894,400 | -HS- | M] () -- C:\pagefile.sys
[2007/12/26 15:08:24 | 002,104,101 | ---- | M] () -- C:\patch_d2_backup.mpq
[2008/12/13 20:26:53 | 017,389,993 | ---- | M] () -- C:\Penetration - Ingo Swann.rar
[2010/06/19 15:17:28 | 003,067,400 | ---- | M] () -- C:\Setup_MagicISO.exe
[2009/04/05 15:31:29 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2009/04/05 21:52:22 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2009/04/06 19:49:17 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2007/06/28 00:29:16 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
[2007/06/28 13:02:03 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
[2009/03/17 00:41:28 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2009/04/06 08:41:50 | 000,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
[2007/06/27 19:17:51 | 000,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
[2007/06/29 01:36:38 | 000,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
[2007/06/30 10:09:00 | 000,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2007/06/30 18:04:39 | 000,000,268 | -H-- | M] () -- C:\sqmdata10.sqm
[2007/06/30 19:12:31 | 000,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
[2007/06/30 21:34:02 | 000,000,268 | -H-- | M] () -- C:\sqmdata12.sqm
[2007/07/01 16:29:06 | 000,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
[2009/03/15 09:58:26 | 000,000,268 | -H-- | M] () -- C:\sqmdata14.sqm
[2009/03/15 21:58:17 | 000,000,268 | -H-- | M] () -- C:\sqmdata15.sqm
[2009/03/16 12:11:31 | 000,000,268 | -H-- | M] () -- C:\sqmdata16.sqm
[2009/03/16 15:25:30 | 000,000,268 | -H-- | M] () -- C:\sqmdata17.sqm
[2009/03/31 15:12:35 | 000,000,268 | -H-- | M] () -- C:\sqmdata18.sqm
[2009/03/31 15:12:45 | 000,000,208 | -H-- | M] () -- C:\sqmdata19.sqm
[2009/03/31 15:12:45 | 000,000,172 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2009/04/05 15:31:29 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2009/04/05 21:52:22 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2009/04/06 19:49:17 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2007/06/28 00:29:16 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2007/06/28 13:02:03 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2009/03/17 00:41:28 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2009/04/06 08:41:50 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2007/06/27 19:17:51 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2007/06/29 01:36:38 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2007/06/30 10:09:00 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2007/06/30 18:04:39 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2007/06/30 19:12:31 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2007/06/30 21:34:02 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2007/07/01 16:29:06 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2009/03/15 09:58:25 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2009/03/15 21:58:17 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2009/03/16 12:11:31 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2009/03/16 15:25:30 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2009/03/31 15:12:35 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2005/09/15 10:54:11 | 000,696,320 | ---- | M] (LimeWire) -- C:\StubInstaller.exe
[2010/07/01 17:15:21 | 000,675,840 | -H-- | M] () -- C:\SZKGFS.dat
[2009/01/11 20:20:34 | 000,046,928 | ---- | M] () -- C:\Target_01_Templates.pdf
[2009/01/11 20:20:47 | 000,049,762 | ---- | M] () -- C:\Target_02_Templates.pdf
[2008/07/20 20:21:22 | 000,002,294 | ---- | M] () -- C:\test.prx
[2010/07/01 22:16:45 | 000,043,077 | ---- | M] () -- C:\tzH0aB1278049233.jpg
[2007/07/12 16:51:15 | 000,003,717 | ---- | M] () -- C:\VundoFix.txt
[2006/10/29 22:34:51 | 000,855,856 | ---- | M] (Microsoft Corporation) -- C:\WGAPluginInstall.exe
[2010/01/20 22:35:50 | 000,000,036 | ---- | M] () -- C:\wow.txt
[2009/03/29 15:51:11 | 000,000,150 | ---- | M] () -- C:\YServer.txt

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[248 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2004/08/26 03:53:19 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/08/26 03:53:18 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/08/26 03:53:18 | 000,864,256 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2010/06/27 23:48:32 | 000,055,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\cinjmwma.sys
[2010/06/29 09:35:46 | 000,055,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ctgapenb.sys
[2010/07/09 23:10:50 | 000,055,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\cxqtaavb.sys
[2010/06/25 12:38:29 | 000,055,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\dedstcsr.sys
[2010/06/29 23:16:10 | 000,055,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\dlzufxgb.sys
[2010/06/23 15:53:48 | 000,055,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\fpgjtcvm.sys
[2010/06/24 14:11:52 | 000,055,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\gkoceznv.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
[2010/06/26 09:43:47 | 000,055,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\orhntmbd.sys
[2010/06/11 17:01:58 | 000,138,384 | ---- | M] () -- C:\WINDOWS\system32\drivers\PnkBstrK.sys
[2010/06/23 11:47:01 | 000,055,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\qjmfdqhm.sys
[2010/06/30 23:14:03 | 000,055,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\quhijjwk.sys
[2010/06/19 17:17:11 | 000,691,696 | ---- | M] () -- C:\WINDOWS\system32\drivers\sptd.sys
[2010/07/10 23:17:22 | 000,055,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\uotzqyte.sys
[2010/04/16 08:33:36 | 000,041,472 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\system32\drivers\usbaapl.sys
[2010/06/26 23:30:23 | 000,055,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\vytqohjf.sys

========== Files - Unicode (All) ==========
[2007/01/24 22:34:57 | 000,001,375 | ---- | M] ()(C:\Documents and Settings\Owner\My Documents\fasa_com??Helping you receive the Financial Aid YOU deserve.htm) -- C:\Documents and Settings\Owner\My Documents\fasa_com**Helping you receive the Financial Aid YOU deserve.htm
[2007/01/24 22:34:57 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\My Documents\fasa_com??Helping you receive the Financial Aid YOU deserve_files) -- C:\Documents and Settings\Owner\My Documents\fasa_com**Helping you receive the Financial Aid YOU deserve_files
[2007/01/24 22:34:56 | 000,000,000 | ---D | C](C:\Documents and Settings\Owner\My Documents\fasa_com??Helping you receive the Financial Aid YOU deserve_files) -- C:\Documents and Settings\Owner\My Documents\fasa_com**Helping you receive the Financial Aid YOU deserve_files
[2007/01/24 22:34:55 | 000,001,375 | ---- | C] ()(C:\Documents and Settings\Owner\My Documents\fasa_com??Helping you receive the Financial Aid YOU deserve.htm) -- C:\Documents and Settings\Owner\My Documents\fasa_com**Helping you receive the Financial Aid YOU deserve.htm

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0F8F5844
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8FB6501C
< End of report >
ATTOJ1 is offline  
Sponsored Links
Advertisement
 
Old 07-11-2010, 03:47 PM   #4
Registered Member
 
Join Date: Apr 2009
Posts: 26
OS: XP



Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4303

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

07/11/2010 11:51:26 AM
mbam-log-2010-07-11 (11-51-26).txt

Scan type: Quick scan
Objects scanned: 152290
Time elapsed: 10 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
ATTOJ1 is offline  
Old 07-11-2010, 07:24 PM   #5
Registered Member
 
Join Date: Apr 2009
Posts: 26
OS: XP



OTL Extras logfile created on: 07/11/2010 11:53:24 AM - Run 1
OTL by OldTimer - Version 3.2.9.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 63.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 2 2047 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.29 Gb Total Space | 36.00 Gb Free Space | 24.78% Space Free | Partition Type: NTFS
Drive D: | 3.75 Gb Total Space | 1.68 Gb Free Space | 44.86% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-7648F3E7A0
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Mon
ATTOJ1 is offline  
Old 07-12-2010, 04:38 PM   #6
Security Team
Analyst
 
Join Date: Sep 2007
Location: West Coast of Florida
Posts: 1,383
OS: Windows 7 Ultimate 64bit



Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code:
    :otl
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577
    :Commands
    [RESETHOSTS]
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done



=======================================
  • Double-Click on OTL to run it.
  • When the window appears, underneath Output at the top change it to Standard Output.
  • Under the Standard Registry box change it to All.
  • Under Custom scan's and fixes section paste in the below in bold


netsvcs
%SYSTEMDRIVE%\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\drivers\*.sys /90
/md5start
uotzqyte.sys
cxqtaavb.sys
quhijjwk.sys
dlzufxgb.sys
ctgapenb.sys
cinjmwma.sys
vytqohjf.sys
orhntmbd.sys
dedstcsr.sys
gkoceznv.sys
fpgjtcvm.sys
qjmfdqhm.sys
/md5stop

  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
  • When the scan completes, it will open two notepad windows. OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
sjpritch25 is offline  
Old 07-12-2010, 05:47 PM   #7
Registered Member
 
Join Date: Apr 2009
Posts: 26
OS: XP



I couldn't find the extras file, I even did a search for it and all that came up was the one from last time.


OTL logfile created on: 07/12/2010 5:32:18 PM - Run 2
OTL by OldTimer - Version 3.2.9.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 69.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 2 2047 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.29 Gb Total Space | 36.49 Gb Free Space | 25.11% Space Free | Partition Type: NTFS
Drive D: | 3.75 Gb Total Space | 1.68 Gb Free Space | 44.86% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-7648F3E7A0
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/07/11 11:52:02 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/03/30 14:44:52 | 000,307,672 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/02/05 17:19:46 | 000,065,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
PRC - [2010/02/05 17:19:44 | 001,141,112 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Windows OneCare Live\winss.exe
PRC - [2010/02/05 17:19:42 | 000,026,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe
PRC - [2009/04/30 17:01:10 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2009/03/05 19:41:02 | 000,098,304 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
PRC - [2009/02/19 09:34:32 | 000,233,472 | ---- | M] (Teruten) -- C:\WINDOWS\system32\FsUsbExService.Exe
PRC - [2008/07/09 17:05:22 | 000,018,704 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
PRC - [2007/11/27 22:56:32 | 000,755,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
PRC - [2007/06/13 03:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/04 14:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/11/13 13:39:52 | 001,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
PRC - [2006/11/13 13:39:34 | 000,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe
PRC - [2005/06/21 13:21:52 | 001,277,952 | ---- | M] (Access Remote PC (www.access-remote-pc.com)) -- C:\Program Files\Access Remote PC 4\rpcsetup.exe
PRC - [2004/11/15 16:04:32 | 000,135,168 | ---- | M] (Alcor Micro, Corp.) -- C:\Program Files\Digital Media Reader\shwiconEM.exe
PRC - [2004/11/02 16:59:50 | 000,316,544 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\Security Center\symwsc.exe
PRC - [2004/08/05 18:23:08 | 000,382,080 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\Security Center\SymSCUI.exe


========== Modules (SafeList) ==========

MOD - [2010/07/11 11:52:02 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
MOD - [2006/08/25 08:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2004/08/04 12:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/02/05 17:19:44 | 001,141,112 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Windows OneCare Live\winss.exe -- (winss)
SRV - [2010/02/05 17:19:42 | 000,026,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe -- (OcHealthMon)
SRV - [2009/04/30 17:01:10 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2009/02/19 09:34:32 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2008/07/09 17:05:22 | 000,018,704 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe -- (OneCareMP)
SRV - [2008/04/07 09:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2007/11/27 22:56:32 | 000,755,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe -- (msfwsvc)
SRV - [2007/01/04 14:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2005/06/21 13:21:52 | 001,277,952 | ---- | M] (Access Remote PC (www.access-remote-pc.com)) [Auto | Running] -- C:\Program Files\Access Remote PC 4\rpcsetup.exe -- (RpcSvr4x)
SRV - [2005/01/28 02:07:47 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
SRV - [2004/11/02 16:59:50 | 000,316,544 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe -- (SymWSC)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\XTrapD12.sys -- (XTrapD12)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | System | Stopped] -- C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Definition Updates\{523999BE-F1DD-468D-ADAC-6E585B4B4B00}\MpKsl9b2d8487.sys -- (MpKsl9b2d8487)
DRV - File not found [Kernel | System | Stopped] -- C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Definition Updates\{95E113F0-FADD-4241-AB55-77A7E5A8AD62}\MpKsl60e8f4a4.sys -- (MpKsl60e8f4a4)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\KMW_KBD.sys -- (KMW_KBD)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\AWRTRD.sys -- (Ad-Watch Registry Filter)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\AWRTPD.sys -- (Ad-Watch Real-Time Scanner)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\NSDriver.sys -- (Ad-Watch Connect Filter)
DRV - [2010/06/19 17:17:11 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/06/11 17:01:58 | 000,138,384 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PnkBstrK.sys -- (PnkBstrK)
DRV - [2010/02/11 05:01:43 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009/09/27 17:12:22 | 007,655,872 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2009/06/07 16:29:18 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/04/30 17:00:12 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/04/30 16:03:30 | 000,023,832 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2009/04/30 16:03:08 | 006,754,712 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam 300(UVC)
DRV - [2009/04/30 16:01:36 | 000,265,496 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2009/04/30 16:00:00 | 000,114,712 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2009/02/19 09:34:30 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2008/05/15 16:15:16 | 000,053,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MpFilter.sys -- (MpFilter)
DRV - [2007/11/27 22:56:30 | 000,116,416 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\msfwhlpr.sys -- (MSFWHLPR)
DRV - [2007/11/27 22:56:28 | 000,091,328 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\msfwdrv.sys -- (MSFWDrv)
DRV - [2007/09/17 15:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/07/03 16:58:20 | 000,106,792 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2007/07/03 16:57:24 | 000,011,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2007/07/03 16:54:24 | 000,080,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2006/06/27 17:42:14 | 003,972,672 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/05/11 01:33:12 | 000,032,256 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdrbsdrv.sys -- (cdrbsdrv)
DRV - [2004/11/15 18:41:54 | 000,036,804 | ---- | M] (Alcor Micro Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Sunkfilt.sys -- (SunkFilt)
DRV - [2004/08/04 12:00:00 | 000,088,448 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2004/08/04 12:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004/08/04 12:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2004/08/04 12:00:00 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2004/08/04 12:00:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fsvga.sys -- (FsVga)
DRV - [2004/08/04 06:07:44 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2004/08/04 06:07:44 | 000,041,088 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2004/08/04 00:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2004/08/03 23:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/06/17 15:56:22 | 000,220,032 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2004/06/17 15:55:38 | 000,685,056 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/06/17 15:55:04 | 001,041,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/12/01 17:53:06 | 000,009,984 | ---- | M] (Kensington Technology Group) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\KMW_USB.sys -- (KMW_USB)
DRV - [2001/08/17 21:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 21:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 21:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 21:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 21:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 20:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 20:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 20:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 20:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 20:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 20:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 20:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 20:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 20:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 20:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 13:49:32 | 000,019,968 | ---- | M] (Macronix International Co., Ltd. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxnic.sys -- (mxnic)
DRV - [1999/09/20 0100 | 000,218,944 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\EMU10K1.SYS -- (EMU10K1)
DRV - [1999/06/16 01:00:00 | 000,160,832 | ---- | M] (Creative Technology Ltd.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\CTSYN.SYS -- (CTSYN)
DRV - [1999/02/09 01:00:00 | 000,027,264 | ---- | M] (Creative Technology Ltd.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\SFMAN.SYS -- (SFMAN)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = https://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = https://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = https://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = https://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = https://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = https://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = https://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = https://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://go.microsoft.com/fwlink/?LinkId=69157
IE - HKCU\..\URLSearchHook: {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll (America Online, Inc.)
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.2.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.19
FF - prefs.js..keyword.URL: "https://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q="
FF - prefs.js..network.proxy.type: 4

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/03/30 21:29:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/08 22:29:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6E19037A-12E3-4295-8915-ED48BC341614}: C:\Program Files\RelevantKnowledge
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/05 14:32:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/11 19:36:09 | 000,000,000 | ---D | M]

[2009/05/22 19:51:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2009/04/07 16:14:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/05/22 19:51:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\[email protected]
[2010/07/12 16:54:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ai471edq.default\extensions
[2010/07/11 13:17:05 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ai471edq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/12/28 19:19:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ai471edq.default\extensions\[email protected]
[2009/05/06 20:36:37 | 000,002,038 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ai471edq.default\searchplugins\AIM Search.xml
[2009/04/20 20:42:31 | 000,001,739 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ai471edq.default\searchplugins\aim-search.xml
[2010/01/18 18:29:23 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/03/30 14:44:58 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/03/30 14:44:52 | 000,023,000 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2010/03/30 14:44:52 | 000,134,616 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2006/07/28 08:32:54 | 000,049,152 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
[2009/03/30 21:28:34 | 000,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2006/08/07 11:32:12 | 001,376,560 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
[2010/03/30 14:44:55 | 000,065,496 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2009/02/27 12:13:42 | 000,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2010/06/03 17:33:30 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2010/06/03 17:33:30 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2010/06/03 17:33:30 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2010/06/03 17:33:30 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2010/06/03 17:33:30 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2010/06/03 17:33:30 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2010/06/03 17:33:30 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2005/04/27 13:10:49 | 000,102,400 | ---- | M] (RealNetworks) -- C:\Program Files\Mozilla Firefox\plugins\npracplug.dll
[2005/08/09 11:42:53 | 000,057,344 | ---- | M] (America Online, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npunagi2.dll
[2007/04/16 10:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
[2009/03/26 11:56:22 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2009/03/26 11:56:22 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2009/03/26 11:56:22 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/03/26 11:56:22 | 000,002,343 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2009/03/26 11:56:22 | 000,001,706 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009/03/26 11:56:22 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2009/03/26 11:56:22 | 000,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2010/07/12 17:24:03 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AOLSearchHook Class) - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll (America Online, Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [NPSStartup] File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [OneCareUI] C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconEM.exe (Alcor Micro, Corp.)
O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} https://upload.facebook.com/controls/...oUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} https://download.macromedia.com/pub/s...irector/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} https://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} https://upload.facebook.com/controls/...Uploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} https://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} https://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} https://lads.myspace.com/upload/MySpaceUploader2.cab (MySpace Uploader Control)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} https://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} https://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get...nt/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.76.182 68.87.78.134
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/26 11:04:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2003/08/08 17:24:26 | 000,000,045 | -HS- | M] () - D:\autorun.inf.aug.8 -- [ FAT32 ]
O33 - MountPoints2\{4f63278d-8557-11d9-be24-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{4f63278d-8557-11d9-be24-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4f63278d-8557-11d9-be24-806d6172696f}\Shell\AutoRun\command - "" = C:\WINDOWS\System32\shell32.dll -- [2008/07/03 06:03:29 | 008,460,800 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{e1ec6b61-710a-11d9-b301-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{e1ec6b61-710a-11d9-b301-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e1ec6b61-710a-11d9-b301-806d6172696f}\Shell\AutoRun\command - "" = C:\WINDOWS\System32\shell32.dll -- [2008/07/03 06:03:29 | 008,460,800 | ---- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (71508254835867648)

========== Files/Folders - Created Within 30 Days ==========

[2010/07/12 17:23:57 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/07/11 23:19:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\stardevelop.com
[2010/07/11 23:16:41 | 000,055,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bfakztjr.sys
[2010/07/11 23:08:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\stardevelop.com
[2010/07/11 18:41:01 | 000,000,000 | ---D | C] -- C:\Program Files\Stardevelop Pty Ltd
[2010/07/11 18:40:18 | 009,663,824 | ---- | C] (DevAge, Vestris Inc. & Contributors) -- C:\Setup.exe
[2010/07/11 13:17:05 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2010/07/11 13:16:33 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2010/07/11 13:16:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\SystemRequirementsLab
[2010/07/11 13:16:25 | 000,000,000 | ---D | C] -- C:\Program Files\Electronic Arts
[2010/07/11 12:47:10 | 000,000,000 | ---D | C] -- C:\Program Files\Viewpoint
[2010/07/11 12:29:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\RegCure
[2010/07/11 12:29:35 | 000,000,000 | ---D | C] -- C:\Program Files\RegCure
[2010/07/11 12:29:29 | 001,940,640 | ---- | C] (ParetoLogic Inc.) -- C:\Documents and Settings\Owner\Desktop\RegCureSetup_CB.exe
[2010/07/11 11:52:06 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/07/11 11:39:53 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/07/11 11:39:50 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/07/10 23:17:22 | 000,055,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\uotzqyte.sys
[2010/07/09 23:10:50 | 000,055,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\cxqtaavb.sys
[2010/07/09 17:52:23 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\HijackThis.exe
[2010/07/07 15:52:38 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/07 13:08:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DivX
[2010/07/01 17:15:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SITEguard
[2010/07/01 17:14:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
[2010/07/01 17:14:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2010/07/01 16:58:49 | 000,390,656 | ---- | C] (iS3, Inc.) -- C:\Documents and Settings\Owner\Desktop\STOPzilla_Setup.exe
[2010/07/01 16:43:35 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\mbam-setup.exe
[2010/07/01 15:53:06 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\mbam-setup-1.46.exe
[2010/07/01 13:50:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/06/30 23:14:03 | 000,055,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\quhijjwk.sys
[2010/06/30 00:11:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple Computer
[2010/06/30 00:11:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Apple Computer
[2010/06/29 23:16:10 | 000,055,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dlzufxgb.sys
[2010/06/29 09:35:46 | 000,055,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ctgapenb.sys
[2010/06/27 23:48:32 | 000,055,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\cinjmwma.sys
[2010/06/26 23:30:23 | 000,055,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\vytqohjf.sys
[2010/06/26 09:43:47 | 000,055,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\orhntmbd.sys
[2010/06/25 12:38:29 | 000,055,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dedstcsr.sys
[2010/06/24 14:11:52 | 000,055,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\gkoceznv.sys
[2010/06/23 15:53:48 | 000,055,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fpgjtcvm.sys
[2010/06/23 11:47:01 | 000,055,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\qjmfdqhm.sys
[2010/06/22 11:16:54 | 001,990,728 | ---- | C] (Facebook, Inc.) -- C:\Documents and Settings\Owner\Desktop\Install_Facebook_Plug-In_1.0.3.exe
[2010/06/19 20:09:19 | 000,000,000 | ---D | C] -- C:\SWGEmu
[2010/06/19 19:38:38 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Owner\IETldCache
[2010/06/19 19:13:10 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/06/19 17:17:04 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2010/06/19 17:16:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\DAEMON Tools Lite
[2010/06/19 17:16:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010/06/19 17:15:14 | 009,591,104 | ---- | C] (DT Soft Ltd.) -- C:\DTLite4356-0091.exe
[2010/06/18 15:51:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\New Folder
[2010/06/18 15:43:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\nikon
[2010/06/15 21:56:02 | 013,004,984 | ---- | C] (TeamSpeak Systems GmbH) -- C:\Documents and Settings\Owner\Desktop\TeamSpeak3-Client-win32-3.0.0-beta22.exe
[2005/10/12 13:57:08 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\Implode.dll
[7 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/07/12 17:29:52 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/12 17:27:54 | 000,251,181 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010/07/12 17:27:32 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/12 17:27:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/12 17:27:25 | 2145,964,032 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/12 17:27:24 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2010/07/12 17:27:19 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2010/07/12 17:26:26 | 012,582,912 | ---- | M] () -- C:\Documents and Settings\Owner\NTUSER.DAT
[2010/07/12 17:24:03 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/07/11 23:16:41 | 000,055,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bfakztjr.sys
[2010/07/11 2346 | 000,002,561 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Live Help Messenger.lnk
[2010/07/11 23:02:57 | 009,663,824 | ---- | M] (DevAge, Vestris Inc. & Contributors) -- C:\Setup.exe
[2010/07/11 19:03:27 | 003,932,214 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\untitled.bmp
[2010/07/11 17:00:00 | 000,000,390 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2010/07/11 16:35:01 | 000,174,037 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\meandbriiii222.jpg
[2010/07/11 12:48:46 | 000,000,372 | ---- | M] () -- C:\WINDOWS\tasks\RegCure.job
[2010/07/11 12:29:36 | 000,000,738 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RegCure.lnk
[2010/07/11 12:29:27 | 001,940,640 | ---- | M] (ParetoLogic Inc.) -- C:\Documents and Settings\Owner\Desktop\RegCureSetup_CB.exe
[2010/07/11 11:52:02 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/07/11 11:39:06 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\mbam-setup-1.46.exe
[2010/07/10 23:17:22 | 000,055,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\uotzqyte.sys
[2010/07/09 23:10:50 | 000,055,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\cxqtaavb.sys
[2010/07/09 18:22:47 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\HijackThis.exe
[2010/07/09 18:17:32 | 000,005,079 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Attach.zip
[2010/07/09 18:00:01 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\gmer.zip
[2010/07/09 17:57:20 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2010/07/09 13:40:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/07/04 20:48:52 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/01 22:16:45 | 000,043,077 | ---- | M] () -- C:\tzH0aB1278049233.jpg
[2010/07/01 22:15:20 | 000,012,530 | ---- | M] () -- C:\18079_105567949460574_100000221079148_144600_901469_n.jpg
[2010/07/01 18:16:41 | 000,003,088 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2010/07/01 17:57:35 | 000,000,856 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpfr2.cfg
[2010/07/01 17:15:21 | 000,675,840 | -H-- | M] () -- C:\SZKGFS.dat
[2010/07/01 17:01:54 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2010/07/01 16:58:46 | 000,390,656 | ---- | M] (iS3, Inc.) -- C:\Documents and Settings\Owner\Desktop\STOPzilla_Setup.exe
[2010/07/01 16:43:51 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\mbam-setup.exe
[2010/07/01 16:21:50 | 004,275,706 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2010/07/01 15:15:16 | 034,595,056 | ---- | M] (PC Tools ) -- C:\Documents and Settings\Owner\Desktop\spyware-doctor.exe
[2010/06/30 23:14:03 | 000,055,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\quhijjwk.sys
[2010/06/30 22:30:11 | 000,905,616 | ---- | M] () -- C:\Funny Voice.mp3
[2010/06/29 23:16:10 | 000,055,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dlzufxgb.sys
[2010/06/29 09:35:46 | 000,055,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ctgapenb.sys
[2010/06/28 15:13:30 | 000,050,851 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\men ashh.jpg
[2010/06/27 23:48:32 | 000,055,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\cinjmwma.sys
[2010/06/26 23:30:23 | 000,055,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\vytqohjf.sys
[2010/06/26 09:43:47 | 000,055,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\orhntmbd.sys
[2010/06/25 12:38:29 | 000,055,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dedstcsr.sys
[2010/06/24 15:44:44 | 000,034,692 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat
[2010/06/24 15:44:44 | 000,010,240 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\2010 workout.wps
[2010/06/24 14:11:52 | 000,055,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\gkoceznv.sys
[2010/06/23 15:53:48 | 000,055,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fpgjtcvm.sys
[2010/06/23 11:47:01 | 000,055,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\qjmfdqhm.sys
[2010/06/22 11:16:50 | 001,990,728 | ---- | M] (Facebook, Inc.) -- C:\Documents and Settings\Owner\Desktop\Install_Facebook_Plug-In_1.0.3.exe
[2010/06/21 19:02:20 | 000,000,994 | ---- | M] () -- C:\WINDOWS\System32\ealregsnapshot1.reg
[2010/06/21 15:40:32 | 000,000,837 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Warhammer Online - Age of Reckoning.lnk
[2010/06/19 19:38:36 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/06/19 17:17:11 | 000,691,696 | ---- | M] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010/06/19 17:17:11 | 000,001,613 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DAEMON Tools Lite.lnk
[2010/06/19 17:15:45 | 009,591,104 | ---- | M] (DT Soft Ltd.) -- C:\DTLite4356-0091.exe
[2010/06/19 15:17:28 | 003,067,400 | ---- | M] () -- C:\Setup_MagicISO.exe
[2010/06/18 11:11:16 | 000,014,336 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\laurens resume.wps
[2010/06/17 22:01:34 | 000,000,251 | ---- | M] () -- C:\filezilla.doc
[2010/06/17 11:54:48 | 002,839,304 | ---- | M] () -- C:\Program Files\Springmeier_Wheeler_-_Illuminati_Formula_Mind_Control_Slave.zip
[2010/06/17 11:27:17 | 000,033,577 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Raze is a Hardcore PVP Sith Faction guild that was formed by three people who have been best friends since the sandboxe and have been gaming together for many years.rtf
[2010/06/15 21:57:15 | 013,004,984 | ---- | M] (TeamSpeak Systems GmbH) -- C:\Documents and Settings\Owner\Desktop\TeamSpeak3-Client-win32-3.0.0-beta22.exe

========== Files Created - No Company Name ==========

[2010/07/11 23:21:07 | 000,549,112 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/07/11 23:05:04 | 000,002,561 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Live Help Messenger.lnk
[2010/07/11 19:03:26 | 003,932,214 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\untitled.bmp
[2010/07/11 16:35:01 | 000,174,037 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\meandbriiii222.jpg
[2010/07/11 12:29:39 | 000,000,390 | ---- | C] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2010/07/11 12:29:39 | 000,000,372 | ---- | C] () -- C:\WINDOWS\tasks\RegCure.job
[2010/07/11 12:29:36 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RegCure.lnk
[2010/07/09 19:14:47 | 000,010,122 | ---- | C] () -- C:\Documents and Settings\Owner\hs_err_pid3760.log
[2010/07/09 18:17:32 | 000,005,079 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Attach.zip
[2010/07/09 18:00:05 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\gmer.zip
[2010/07/09 17:57:24 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2010/07/09 09:37:54 | 000,010,300 | ---- | C] () -- C:\Documents and Settings\Owner\hs_err_pid1444.log
[2010/07/01 22:16:50 | 000,043,077 | ---- | C] () -- C:\tzH0aB1278049233.jpg
[2010/07/01 22:15:19 | 000,012,530 | ---- | C] () -- C:\18079_105567949460574_100000221079148_144600_901469_n.jpg
[2010/07/01 17:25:13 | 000,000,856 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpfr2.cfg
[2010/07/01 17:24:48 | 000,003,088 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2010/07/01 17:15:21 | 000,675,840 | -H-- | C] () -- C:\SZKGFS.dat
[2010/07/01 16:29:38 | 2145,964,032 | -HS- | C] () -- C:\hiberfil.sys
[2010/06/30 22:30:23 | 000,905,616 | ---- | C] () -- C:\Funny Voice.mp3
[2010/06/28 15:13:28 | 000,050,851 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\men ashh.jpg
[2010/06/27 20:19:14 | 000,010,660 | ---- | C] () -- C:\Documents and Settings\Owner\hs_err_pid1784.log
[2010/06/21 15:40:32 | 000,000,837 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Warhammer Online - Age of Reckoning.lnk
[2010/06/20 21:31:51 | 000,010,240 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\2010 workout.wps
[2010/06/19 21:10:50 | 000,010,978 | ---- | C] () -- C:\Documents and Settings\Owner\hs_err_pid3196.log
[2010/06/19 17:17:11 | 000,001,613 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DAEMON Tools Lite.lnk
[2010/06/19 15:17:18 | 003,067,400 | ---- | C] () -- C:\Setup_MagicISO.exe
[2010/06/17 21:50:26 | 000,000,251 | ---- | C] () -- C:\filezilla.doc
[2010/06/17 11:54:50 | 002,839,304 | ---- | C] () -- C:\Program Files\Springmeier_Wheeler_-_Illuminati_Formula_Mind_Control_Slave.zip
[2010/06/17 11:27:16 | 000,033,577 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Raze is a Hardcore PVP Sith Faction guild that was formed by three people who have been best friends since the sandboxe and have been gaming together for many years.rtf
[2010/05/27 17:09:00 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2010/01/18 01:03:22 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/12/28 19:32:22 | 000,082,289 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/11/03 20:45:06 | 000,138,384 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009/09/24 11:43:25 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2009/09/24 11:43:25 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2009/06/30 14:29:28 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009/05/08 11:13:04 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2009/04/30 17:00:12 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2009/04/27 20:36:23 | 000,000,088 | ---- | C] () -- C:\WINDOWS\DETEST32.INI
[2008/12/06 10:40:48 | 000,000,538 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2008/05/17 03:01:35 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2007/10/25 17:26:10 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2007/10/13 18:47:51 | 000,000,319 | ---- | C] () -- C:\WINDOWS\game.ini
[2007/09/13 20:10:02 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2007/07/30 19:55:28 | 000,000,037 | ---- | C] () -- C:\WINDOWS\System32\sysmwwod.dll
[2007/07/30 19:53:23 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2007/07/22 18:39:26 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2007/07/22 18:39:26 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2007/07/22 18:39:26 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2007/07/22 18:39:26 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2007/07/22 18:39:26 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2007/07/22 18:39:26 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2007/07/22 18:39:26 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2007/07/22 18:39:26 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2007/07/22 18:39:26 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2007/06/25 21:34:26 | 000,070,400 | ---- | C] () -- C:\WINDOWS\System32\PhysXLoader.dll
[2007/04/29 11:38:16 | 000,000,283 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2007/04/29 11:35:33 | 000,017,408 | ---- | C] () -- C:\WINDOWS\UnInstall.dll
[2007/04/29 11:35:33 | 000,000,028 | ---- | C] () -- C:\WINDOWS\CTDelLau.INI
[2006/12/15 17:32:02 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/11/30 20:38:46 | 000,000,068 | ---- | C] () -- C:\WINDOWS\IDMan.INI
[2006/06/04 19:54:22 | 000,364,544 | ---- | C] () -- C:\WINDOWS\js32.dll
[2006/06/02 08:43:35 | 000,364,544 | ---- | C] () -- C:\WINDOWS\System32\js32.dll
[2006/05/07 22:14:59 | 000,000,032 | ---- | C] () -- C:\WINDOWS\GunzLauncher.INI
[2005/10/12 13:57:09 | 000,748,167 | ---- | C] () -- C:\WINDOWS\System32\Co2c40en.dll
[2005/10/12 13:57:09 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\P2sodbc.dll
[2005/10/12 13:57:09 | 000,054,272 | ---- | C] () -- C:\WINDOWS\System32\P2irdao.dll
[2005/10/12 13:57:09 | 000,050,176 | ---- | C] () -- C:\WINDOWS\System32\P2ctdao.dll
[2005/10/12 13:57:09 | 000,039,936 | ---- | C] () -- C:\WINDOWS\System32\Crxlat32.dll
[2005/10/12 13:57:09 | 000,036,352 | ---- | C] () -- C:\WINDOWS\System32\P2bbnd.dll
[2005/10/12 13:57:00 | 000,000,167 | ---- | C] () -- C:\WINDOWS\teensmrt.ini
[2005/09/06 16:54:56 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2005/07/17 06:56:06 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\frapsvid.dll
[2005/06/01 10:02:10 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2005/06/01 10:02:10 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2005/06/01 10:02:10 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2005/05/10 21:10:27 | 000,000,520 | ---- | C] () -- C:\WINDOWS\netdet.ini
[2005/04/10 12:33:10 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/04/09 19:59:43 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2005/02/24 07:32:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2005/02/24 07:32:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2005/01/28 02:15:08 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2005/01/28 02:09:49 | 000,532,544 | ---- | C] () -- C:\WINDOWS\PIC.dll
[2005/01/28 02:09:49 | 000,024,576 | ---- | C] () -- C:\WINDOWS\HKNTDLL.dll
[2004/08/27 03:50:59 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/26 09:12:43 | 000,001,314 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/08/26 09:12:43 | 000,000,487 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[1997/09/12 01:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1997/09/12 01:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

========== LOP Check ==========

[2009/04/20 20:40:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2007/08/25 12:01:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2010/06/19 17:16:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2009/07/01 13:15:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FlashFXP
[2008/06/15 17:56:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2005/04/20 22:22:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OLYMPUS
[2009/09/24 11:47:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2010/07/11 12:29:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RegCure
[2010/07/01 17:15:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SITEguard
[2010/07/11 13:10:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2010/07/09 16:50:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/07/12 18:19:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tiger Install
[2010/07/11 13:16:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2006/12/16 23:17:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/06/03 17:36:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/04/14 14:51:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2006/12/15 17:34:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\acccore
[2009/04/05 15:46:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Aim
[2008/03/07 17:01:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Azureus
[2009/01/26 21:31:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\CasinoOnNet
[2007/07/09 18:30:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Costco Photo Viewer US
[2008/03/01 14:05:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DAEMON Tools
[2010/06/19 17:26:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DAEMON Tools Lite
[2009/03/26 18:01:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DAEMON Tools Pro
[2006/12/17 16:56:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DMCache
[2008/05/22 21:45:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Dreamlords
[2006/08/08 15:38:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\EBookSys
[2007/07/10 12:31:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Electronic Arts
[2010/06/17 22:50:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FileZilla
[2009/11/29 15:03:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GetRightToGo
[2006/12/17 18:54:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\IDM
[2006/05/06 18:02:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Kensington
[2007/04/29 15:30:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2009/07/13 20:02:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\LPECommon
[2006/07/22 21:50:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MSNInstaller
[2008/06/15 17:56:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\NCH Swift Sound
[2006/12/25 11:23:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OLYMPUS
[2007/08/23 21:34:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Orbit
[2009/09/24 11:47:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PC Suite
[2005/01/28 02:22:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SampleView
[2009/09/24 11:43:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Samsung
[2009/07/22 22:50:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Simple Star
[2010/07/11 23:08:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\stardevelop.com
[2009/09/27 12:27:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\StreamTorrent
[2010/07/11 13:16:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SystemRequirementsLab
[2005/04/11 15:05:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Template
[2007/09/11 18:23:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Turbine
[2010/07/11 13:12:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\uTorrent
[2010/07/09 16:50:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Viewpoint
[2007/05/08 18:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Walgreens
[2007/07/12 17:21:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\WinPatrol
[2010/07/11 17:00:00 | 000,000,390 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure Program Check.job
[2010/07/11 12:48:46 | 000,000,372 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2008/10/11 17:26:22 | 000,023,184 | ---- | M] () -- C:\1037484_356x237.jpg
[2010/07/01 22:15:20 | 000,012,530 | ---- | M] () -- C:\18079_105567949460574_100000221079148_144600_901469_n.jpg
[2008/11/26 10:34:36 | 000,009,853 | ---- | M] () -- C:\500x100_original.jpg
[2009/03/29 09:16:19 | 000,012,764 | ---- | M] () -- C:\aaw7boot.log
[2004/08/26 11:04:39 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2007/11/15 16:00:07 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2009/04/21 19:54:40 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2008/10/12 16:10:08 | 000,002,806 | ---- | M] () -- C:\brand.gif
[2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2009/04/06 19:51:09 | 000,018,783 | ---- | M] () -- C:\ComboFix.txt
[2010/06/29 20:25:19 | 000,000,759 | ---- | M] () -- C:\comp.txt
[2004/08/26 11:04:39 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009/04/11 23:56:10 | 004,095,282 | ---- | M] () -- C:\DSCN0431.jpg
[2010/06/19 17:15:45 | 009,591,104 | ---- | M] (DT Soft Ltd.) -- C:\DTLite4356-0091.exe
[2010/06/17 22:01:34 | 000,000,251 | ---- | M] () -- C:\filezilla.doc
[2010/06/30 22:30:11 | 000,905,616 | ---- | M] () -- C:\Funny Voice.mp3
[2010/06/19 23:33:26 | 000,000,040 | ---- | M] () -- C:\gameservers.txt
[2010/07/12 17:27:25 | 2145,964,032 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/09 18:22:47 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\HijackThis.exe
[2010/07/09 18:23:21 | 000,007,456 | ---- | M] () -- C:\hijackthis.log
[2004/08/26 11:04:39 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/05/06 20:36:50 | 000,003,103 | -H-- | M] () -- C:\IPH.PH
[2006/10/31 16:23:41 | 036,808,256 | ---- | M] (Apple Computer, Inc.) -- C:\iTunesSetup.exe
[2010/07/11 11:39:06 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\mbam-setup-1.46.exe
[2010/07/01 16:43:51 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\mbam-setup.exe
[2004/08/26 11:04:39 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/03/24 20:25:18 | 000,000,250 | ---- | M] () -- C:\New Text Document (2).txt
[2008/04/27 20:18:36 | 000,000,056 | ---- | M] () -- C:\New Text Document (3).txt
[2008/10/28 15:52:12 | 000,000,024 | ---- | M] () -- C:\New Text Document (4).txt
[2009/06/03 19:13:13 | 000,000,026 | ---- | M] () -- C:\New Text Document (5).txt
[2009/06/10 12:52:45 | 000,000,043 | ---- | M] () -- C:\New Text Document (6).txt
[2009/06/24 16:28:00 | 000,000,032 | ---- | M] () -- C:\New Text Document (7).txt
[2008/03/20 10:34:13 | 000,000,029 | ---- | M] () -- C:\New Text Document.txt
[2004/08/04 12:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/04/05 14:08:40 | 000,250,032 | RHS- | M] () -- C:\ntldr
[2010/07/12 17:27:23 | 2145,894,400 | -HS- | M] () -- C:\pagefile.sys
[2007/12/26 15:08:24 | 002,104,101 | ---- | M] () -- C:\patch_d2_backup.mpq
[2008/12/13 20:26:53 | 017,389,993 | ---- | M] () -- C:\Penetration - Ingo Swann.rar
[2010/07/11 23:02:57 | 009,663,824 | ---- | M] (DevAge, Vestris Inc. & Contributors) -- C:\Setup.exe
[2010/06/19 15:17:28 | 003,067,400 | ---- | M] () -- C:\Setup_MagicISO.exe
[2009/04/05 15:31:29 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2009/04/05 21:52:22 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2009/04/06 19:49:17 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2007/06/28 00:29:16 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
[2007/06/28 13:02:03 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
[2009/03/17 00:41:28 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2009/04/06 08:41:50 | 000,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
[2007/06/27 19:17:51 | 000,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
[2007/06/29 01:36:38 | 000,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
[2007/06/30 10:09:00 | 000,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2007/06/30 18:04:39 | 000,000,268 | -H-- | M] () -- C:\sqmdata10.sqm
[2007/06/30 19:12:31 | 000,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
[2007/06/30 21:34:02 | 000,000,268 | -H-- | M] () -- C:\sqmdata12.sqm
[2007/07/01 16:29:06 | 000,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
[2009/03/15 09:58:26 | 000,000,268 | -H-- | M] () -- C:\sqmdata14.sqm
[2009/03/15 21:58:17 | 000,000,268 | -H-- | M] () -- C:\sqmdata15.sqm
[2009/03/16 12:11:31 | 000,000,268 | -H-- | M] () -- C:\sqmdata16.sqm
[2009/03/16 15:25:30 | 000,000,268 | -H-- | M] () -- C:\sqmdata17.sqm
[2009/03/31 15:12:35 | 000,000,268 | -H-- | M] () -- C:\sqmdata18.sqm
[2009/03/31 15:12:45 | 000,000,208 | -H-- | M] () -- C:\sqmdata19.sqm
[2009/03/31 15:12:45 | 000,000,172 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2009/04/05 15:31:29 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2009/04/05 21:52:22 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2009/04/06 19:49:17 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2007/06/28 00:29:16 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2007/06/28 13:02:03 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2009/03/17 00:41:28 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2009/04/06 08:41:50 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2007/06/27 19:17:51 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2007/06/29 01:36:38 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2007/06/30 10:09:00 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2007/06/30 18:04:39 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2007/06/30 19:12:31 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2007/06/30 21:34:02 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2007/07/01 16:29:06 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2009/03/15 09:58:25 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2009/03/15 21:58:17 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2009/03/16 12:11:31 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2009/03/16 15:25:30 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2009/03/31 15:12:35 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2005/09/15 10:54:11 | 000,696,320 | ---- | M] (LimeWire) -- C:\StubInstaller.exe
[2010/07/01 17:15:21 | 000,675,840 | -H-- | M] () -- C:\SZKGFS.dat
[2009/01/11 20:20:34 | 000,046,928 | ---- | M] () -- C:\Target_01_Templates.pdf
[2009/01/11 20:20:47 | 000,049,762 | ---- | M] () -- C:\Target_02_Templates.pdf
[2008/07/20 20:21:22 | 000,002,294 | ---- | M] () -- C:\test.prx
[2010/07/01 22:16:45 | 000,043,077 | ---- | M] () -- C:\tzH0aB1278049233.jpg
[2007/07/12 16:51:15 | 000,003,717 | ---- | M] () -- C:\VundoFix.txt
[2006/10/29 22:34:51 | 000,855,856 | ---- | M] (Microsoft Corporation) -- C:\WGAPluginInstall.exe
[2010/01/20 22:35:50 | 000,000,036 | ---- | M] () -- C:\wow.txt
[2009/03/29 15:51:11 | 000,000,150 | ---- | M] () -- C:\YServer.txt

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2004/08/26 03:53:19 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/08/26 03:53:18 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/08/26 03:53:18 | 000,864,256 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2010/07/11 23:16:41 | 000,055,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bfakztjr.sys
[2010/06/27 23:48:32 | 000,055,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\cinjmwma.sys
[2010/06/29 09:35:46 | 000,055,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ctgapenb.sys
[2010/07/09 23:10:50 | 000,055,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\cxqtaavb.sys
[2010/06/25 12:38:29 | 000,055,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\dedstcsr.sys
[2010/06/29 23:16:10 | 000,055,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\dlzufxgb.sys
[2010/06/23 15:53:48 | 000,055,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\fpgjtcvm.sys
[2010/06/24 14:11:52 | 000,055,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\gkoceznv.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
[2010/06/26 09:43:47 | 000,055,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\orhntmbd.sys
[2010/06/11 17:01:58 | 000,138,384 | ---- | M] () -- C:\WINDOWS\system32\drivers\PnkBstrK.sys
[2010/06/23 11:47:01 | 000,055,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\qjmfdqhm.sys
[2010/06/30 23:14:03 | 000,055,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\quhijjwk.sys
[2010/06/19 17:17:11 | 000,691,696 | ---- | M] () -- C:\WINDOWS\system32\drivers\sptd.sys
[2010/07/10 23:17:22 | 000,055,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\uotzqyte.sys
[2010/04/16 08:33:36 | 000,041,472 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\system32\drivers\usbaapl.sys
[2010/06/26 23:30:23 | 000,055,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\vytqohjf.sys


< MD5 for: CINJMWMA.SYS >
[2010/06/27 23:48:32 | 000,055,168 | ---- | M] (Microsoft Corporation) MD5=19DD0FB48B0C18892F70E2E7D61A1529 -- C:\WINDOWS\system32\drivers\cinjmwma.sys

< MD5 for: CTGAPENB.SYS >
[2010/06/29 09:35:46 | 000,055,168 | ---- | M] (Microsoft Corporation) MD5=19DD0FB48B0C18892F70E2E7D61A1529 -- C:\WINDOWS\system32\drivers\ctgapenb.sys

< MD5 for: CXQTAAVB.SYS >
[2010/07/09 23:10:50 | 000,055,168 | ---- | M] (Microsoft Corporation) MD5=19DD0FB48B0C18892F70E2E7D61A1529 -- C:\WINDOWS\system32\drivers\cxqtaavb.sys

< MD5 for: DEDSTCSR.SYS >
[2010/06/25 12:38:29 | 000,055,168 | ---- | M] (Microsoft Corporation) MD5=19DD0FB48B0C18892F70E2E7D61A1529 -- C:\WINDOWS\system32\drivers\dedstcsr.sys

< MD5 for: DLZUFXGB.SYS >
[2010/06/29 23:16:10 | 000,055,168 | ---- | M] (Microsoft Corporation) MD5=19DD0FB48B0C18892F70E2E7D61A1529 -- C:\WINDOWS\system32\drivers\dlzufxgb.sys

< MD5 for: FPGJTCVM.SYS >
[2010/06/23 15:53:48 | 000,055,168 | ---- | M] (Microsoft Corporation) MD5=19DD0FB48B0C18892F70E2E7D61A1529 -- C:\WINDOWS\system32\drivers\fpgjtcvm.sys

< MD5 for: GKOCEZNV.SYS >
[2010/06/24 14:11:52 | 000,055,168 | ---- | M] (Microsoft Corporation) MD5=19DD0FB48B0C18892F70E2E7D61A1529 -- C:\WINDOWS\system32\drivers\gkoceznv.sys

< MD5 for: ORHNTMBD.SYS >
[2010/06/26 09:43:47 | 000,055,168 | ---- | M] (Microsoft Corporation) MD5=19DD0FB48B0C18892F70E2E7D61A1529 -- C:\WINDOWS\system32\drivers\orhntmbd.sys

< MD5 for: QJMFDQHM.SYS >
[2010/06/23 11:47:01 | 000,055,168 | ---- | M] (Microsoft Corporation) MD5=19DD0FB48B0C18892F70E2E7D61A1529 -- C:\WINDOWS\system32\drivers\qjmfdqhm.sys

< MD5 for: QUHIJJWK.SYS >
[2010/06/30 23:14:03 | 000,055,168 | ---- | M] (Microsoft Corporation) MD5=19DD0FB48B0C18892F70E2E7D61A1529 -- C:\WINDOWS\system32\drivers\quhijjwk.sys

< MD5 for: UOTZQYTE.SYS >
[2010/07/10 23:17:22 | 000,055,168 | ---- | M] (Microsoft Corporation) MD5=19DD0FB48B0C18892F70E2E7D61A1529 -- C:\WINDOWS\system32\drivers\uotzqyte.sys

< MD5 for: VYTQOHJF.SYS >
[2010/06/26 23:30:23 | 000,055,168 | ---- | M] (Microsoft Corporation) MD5=19DD0FB48B0C18892F70E2E7D61A1529 -- C:\WINDOWS\system32\drivers\vytqohjf.sys

========== Files - Unicode (All) ==========
[2007/01/24 22:34:57 | 000,001,375 | ---- | M] ()(C:\Documents and Settings\Owner\My Documents\fasa_com??Helping you receive the Financial Aid YOU deserve.htm) -- C:\Documents and Settings\Owner\My Documents\fasa_com**Helping you receive the Financial Aid YOU deserve.htm
[2007/01/24 22:34:57 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\My Documents\fasa_com??Helping you receive the Financial Aid YOU deserve_files) -- C:\Documents and Settings\Owner\My Documents\fasa_com**Helping you receive the Financial Aid YOU deserve_files
[2007/01/24 22:34:56 | 000,000,000 | ---D | C](C:\Documents and Settings\Owner\My Documents\fasa_com??Helping you receive the Financial Aid YOU deserve_files) -- C:\Documents and Settings\Owner\My Documents\fasa_com**Helping you receive the Financial Aid YOU deserve_files
[2007/01/24 22:34:55 | 000,001,375 | ---- | C] ()(C:\Documents and Settings\Owner\My Documents\fasa_com??Helping you receive the Financial Aid YOU deserve.htm) -- C:\Documents and Settings\Owner\My Documents\fasa_com**Helping you receive the Financial Aid YOU deserve.htm

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0F8F5844
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8FB6501C
< End of report >
ATTOJ1 is offline  
Old 07-12-2010, 06:06 PM   #8
Security Team
Analyst
 
Join Date: Sep 2007
Location: West Coast of Florida
Posts: 1,383
OS: Windows 7 Ultimate 64bit



I'll have a post for you in a bit. I'm conferring with another expert about those .sys files.
sjpritch25 is offline  
Old 07-12-2010, 06:21 PM   #9
Security Team
Analyst
 
Join Date: Sep 2007
Location: West Coast of Florida
Posts: 1,383
OS: Windows 7 Ultimate 64bit



  • Double-Click on OTL to run it.
  • When the window appears, underneath Output at the top change it to Standard Output.
  • Under the Standard Registry box change it to All.
  • Under the Services box change it to all.
  • Under the Drivers box change it to All.
  • Under Custom scan's and fixes section paste in the below in bold


%systemdrive%\aic78u2.sys /s /md5
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
  • When the scan completes, it will open two notepad windows. OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
sjpritch25 is offline  
Old 07-13-2010, 04:59 PM   #10
Registered Member
 
Join Date: Apr 2009
Posts: 26
OS: XP



OTL logfile created on: 07/13/2010 4:46:46 PM - Run 3
OTL by OldTimer - Version 3.2.9.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 55.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): C:\pagefile.sys 2 2047 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.29 Gb Total Space | 35.30 Gb Free Space | 24.29% Space Free | Partition Type: NTFS
Drive D: | 3.75 Gb Total Space | 1.68 Gb Free Space | 44.86% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: YOUR-7648F3E7A0
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/07/11 11:52:02 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2010/07/09 12:04:34 | 003,493,776 | ---- | M] (Xfire Inc.) -- C:\Program Files\Xfire\Xfire.exe
PRC - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/03/30 14:44:52 | 000,307,672 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/09/30 08:50:46 | 000,503,808 | ---- | M] (Lime Wire, LLC) -- C:\Program Files\LimeWire\LimeWire.exe
PRC - [2009/04/22 22:11:32 | 001,675,776 | ---- | M] (Flagship Industries, Inc.) -- C:\Program Files\Ventrilo\Ventrilo.exe
PRC - [2008/07/09 17:05:22 | 000,018,704 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
PRC - [2007/11/27 22:56:32 | 000,755,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
PRC - [2007/06/13 03:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/07/11 11:52:02 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
MOD - [2010/07/09 12:04:44 | 000,970,640 | ---- | M] (Xfire Inc.) -- C:\Program Files\Xfire\xfire_toucan_43094.dll
MOD - [2010/02/27 16:47:52 | 000,353,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcr71.dll
MOD - [2006/08/25 08:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2004/08/04 12:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2004/08/04 12:00:00 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wsock32.dll
MOD - [2001/08/17 22:36:14 | 000,256,512 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\devcon32.dll
MOD - [1999/06/17 01:00:00 | 000,019,456 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\ctsyn32.dll
MOD - [1999/04/29 01:05:00 | 000,018,432 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\ctmm32.dll


========== Win32 Services (All) ==========

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/06/11 18:47:21 | 000,215,128 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\PnkBstrB.exe -- (PnkBstrB)
SRV - [2010/04/28 1518 | 000,545,576 | ---- | M] (Apple Inc.) [On_Demand | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/02/05 17:19:44 | 001,141,112 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft Windows OneCare Live\winss.exe -- (winss)
SRV - [2010/02/05 17:19:42 | 000,026,120 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe -- (OcHealthMon)
SRV - [2009/11/03 20:52:42 | 000,075,064 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA)
SRV - [2009/09/27 19:19:46 | 000,172,100 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2009/06/09 23:32:40 | 000,132,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wkssvc.dll -- (lanmanworkstation)
SRV - [2009/04/30 17:01:10 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2009/04/07 15:56:21 | 000,152,984 | ---- | M] (Sun Microsystems, Inc.) [Auto | Stopped] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/02/19 09:34:32 | 000,233,472 | ---- | M] (Teruten) [Auto | Stopped] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2009/02/09 03:20:34 | 000,399,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\rpcss.dll -- (RpcSs) Remote Procedure Call (RPC)
SRV - [2009/02/09 03:20:34 | 000,399,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\rpcss.dll -- (DcomLaunch)
SRV - [2009/02/06 10:14:03 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (PlugPlay)
SRV - [2009/02/06 10:14:03 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (Eventlog)
SRV - [2008/07/29 21:10:04 | 000,046,104 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2008/07/29 19:24:50 | 000,881,664 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2008/07/29 19:16:38 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008/07/25 11:17:02 | 000,069,632 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/07/25 11:16:40 | 000,034,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state)
SRV - [2008/07/09 17:05:22 | 000,018,704 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe -- (OneCareMP)
SRV - [2008/07/07 13:32:22 | 000,253,952 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\es.dll -- (EventSystem)
SRV - [2008/06/20 10:41:10 | 000,245,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\mswsock.dll -- (Nla) Network Location Awareness (NLA)
SRV - [2008/04/07 09:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008/02/19 22:32:43 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dnsrslvr.dll -- (Dnscache)
SRV - [2007/11/27 22:56:32 | 000,755,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe -- (msfwsvc)
SRV - [2007/07/08 15:16:57 | 000,138,680 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2007/02/05 13:17:02 | 000,185,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\upnphost.dll -- (upnphost)
SRV - [2007/01/04 14:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Stopped] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/12/19 14:52:18 | 000,134,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (Themes)
SRV - [2006/12/19 14:52:18 | 000,134,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (ShellHWDetection)
SRV - [2006/12/19 14:52:18 | 000,134,656 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (FastUserSwitchingCompatibility)
SRV - [2006/12/19 11:16:47 | 000,333,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wiaservc.dll -- (stisvc) Windows Image Acquisition (WIA)
SRV - [2006/10/18 21:47:16 | 000,027,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\mspmsnsv.dll -- (WmdmPmSN)
SRV - [2006/10/18 20:05:24 | 000,913,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc)
SRV - [2006/09/28 18:56:14 | 000,055,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\WudfSvc.dll -- (WudfSvc)
SRV - [2006/05/19 05:59:41 | 000,111,616 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dhcpcsvc.dll -- (Dhcp)
SRV - [2006/01/03 20:35:05 | 000,068,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\webclnt.dll -- (WebClient)
SRV - [2005/08/22 11:29:46 | 000,197,632 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\netman.dll -- (Netman)
SRV - [2005/07/08 09:27:56 | 000,249,344 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\tapisrv.dll -- (TapiSrv)
SRV - [2005/06/21 13:21:52 | 001,277,952 | ---- | M] (Access Remote PC (www.access-remote-pc.com)) [Auto | Stopped] -- C:\Program Files\Access Remote PC 4\rpcsetup.exe -- (RpcSvr4x)
SRV - [2005/06/10 16:53:32 | 000,057,856 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\spoolsv.exe -- (Spooler)
SRV - [2005/04/04 01:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005/03/21 15:00:22 | 000,078,848 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\msiexec.exe -- (MSIServer)
SRV - [2005/01/28 02:07:47 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
SRV - [2004/12/07 12:32:34 | 000,096,768 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srvsvc.dll -- (lanmanserver)
SRV - [2004/11/02 16:59:50 | 000,316,544 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe -- (SymWSC)
SRV - [2004/08/04 12:00:00 | 000,435,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ntmssvc.dll -- (NtmsSvc)
SRV - [2004/08/04 12:00:00 | 000,382,464 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\qmgr.dll -- (BITS)
SRV - [2004/08/04 12:00:00 | 000,359,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wzcsvc.dll -- (WZCSVC)
SRV - [2004/08/04 12:00:00 | 000,331,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ipnathlp.dll -- (SharedAccess) Windows Firewall/Internet Connection Sharing (ICS)
SRV - [2004/08/04 12:00:00 | 000,295,424 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\termsrv.dll -- (TermService)
SRV - [2004/08/04 12:00:00 | 000,289,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\vssvc.exe -- (VSS)
SRV - [2004/08/04 12:00:00 | 000,224,768 | ---- | M] (Microsoft Corp., Veritas Software) [On_Demand | Stopped] -- C:\WINDOWS\System32\dmadmin.exe -- (dmadmin)
SRV - [2004/08/04 12:00:00 | 000,190,976 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\schedsvc.dll -- (Schedule)
SRV - [2004/08/04 12:00:00 | 000,174,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\w32time.dll -- (W32Time)
SRV - [2004/08/04 12:00:00 | 000,174,080 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\rasmans.dll -- (RasMan)
SRV - [2004/08/04 12:00:00 | 000,170,496 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\srsvc.dll -- (srservice)
SRV - [2004/08/04 12:00:00 | 000,150,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\imapi.exe -- (ImapiService)
SRV - [2004/08/04 12:00:00 | 000,144,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wbem\wmisvc.dll -- (winmgmt)
SRV - [2004/08/04 12:00:00 | 000,140,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\sessmgr.exe -- (RDSessMgr)
SRV - [2004/08/04 12:00:00 | 000,132,608 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rsvp.exe -- (RSVP)
SRV - [2004/08/04 12:00:00 | 000,129,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\xmlprov.dll -- (xmlprov)
SRV - [2004/08/04 12:00:00 | 000,126,464 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\wbem\wmiapsrv.exe -- (WmiApSrv)
SRV - [2004/08/04 12:00:00 | 000,111,104 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDEdsdm)
SRV - [2004/08/04 12:00:00 | 000,111,104 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDE)
SRV - [2004/08/04 12:00:00 | 000,095,744 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\scardsvr.exe -- (SCardSvr)
SRV - [2004/08/04 12:00:00 | 000,090,624 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\trkwks.dll -- (TrkWks)
SRV - [2004/08/04 12:00:00 | 000,089,600 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\smlogsvc.exe -- (SysmonLog)
SRV - [2004/08/04 12:00:00 | 000,089,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rasauto.dll -- (RasAuto)
SRV - [2004/08/04 12:00:00 | 000,081,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wscsvc.dll -- (wscsvc)
SRV - [2004/08/04 12:00:00 | 000,077,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\browser.dll -- (Browser)
SRV - [2004/08/04 12:00:00 | 000,075,264 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\locator.exe -- (RpcLocator) Remote Procedure Call (RPC)
SRV - [2004/08/04 12:00:00 | 000,071,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ssdpsrv.dll -- (SSDPSRV)
SRV - [2004/08/04 12:00:00 | 000,066,560 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ipxsap.dll -- (NwSapAgent)
SRV - [2004/08/04 12:00:00 | 000,060,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\cryptsvc.dll -- (CryptSvc)
SRV - [2004/08/04 12:00:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\mprdim.dll -- (RemoteAccess)
SRV - [2004/08/04 12:00:00 | 000,044,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\alg.exe -- (ALG)
SRV - [2004/08/04 12:00:00 | 000,042,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\audiosrv.dll -- (AudioSrv)
SRV - [2004/08/04 12:00:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\sens.dll -- (SENS)
SRV - [2004/08/04 12:00:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll -- (helpsvc)
SRV - [2004/08/04 12:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\msgsvc.dll -- (Messenger)
SRV - [2004/08/04 12:00:00 | 000,033,280 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\clipsrv.exe -- (ClipSrv)
SRV - [2004/08/04 12:00:00 | 000,032,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\mnmsrvc.exe -- (mnmsrvc)
SRV - [2004/08/04 12:00:00 | 000,023,552 | ---- | M] (Microsoft Corp.) [On_Demand | Stopped] -- C:\WINDOWS\system32\dmserver.dll -- (dmserver)
SRV - [2004/08/04 12:00:00 | 000,023,040 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\ersvc.dll -- (ERSvc)
SRV - [2004/08/04 12:00:00 | 000,018,944 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\seclogon.dll -- (seclogon)
SRV - [2004/08/04 12:00:00 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ups.exe -- (UPS)
SRV - [2004/08/04 12:00:00 | 000,017,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\alrsvc.dll -- (Alerter)
SRV - [2004/08/04 12:00:00 | 000,015,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\w3ssl.dll -- (HTTPFilter)
SRV - [2004/08/04 12:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\svchost.exe -- (usprserv)
SRV - [2004/08/04 12:00:00 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lmhsvc.dll -- (LmHosts)
SRV - [2004/08/04 12:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (SamSs)
SRV - [2004/08/04 12:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (ProtectedStorage)
SRV - [2004/08/04 12:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\lsass.exe -- (PolicyAgent)
SRV - [2004/08/04 12:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\lsass.exe -- (NtLmSsp)
SRV - [2004/08/04 12:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\lsass.exe -- (Netlogon)
SRV - [2004/08/04 12:00:00 | 000,006,656 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)
SRV - [2004/08/04 12:00:00 | 000,006,144 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\msdtc.exe -- (MSDTC)
SRV - [2004/08/04 12:00:00 | 000,005,632 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\cisvc.exe -- (CiSvc)
SRV - [2004/08/04 12:00:00 | 000,005,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\dllhost.exe -- (SwPrv)
SRV - [2004/08/04 12:00:00 | 000,005,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\dllhost.exe -- (COMSysApp)
SRV - [2004/08/04 00:56:44 | 000,021,504 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\hidserv.dll -- (HidServ)


========== Driver Services (All) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\XTrapD12.sys -- (XTrapD12)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Simbad)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Definition Updates\{523999BE-F1DD-468D-ADAC-6E585B4B4B00}\MpKsl9b2d8487.sys -- (MpKsl9b2d8487)
DRV - File not found [Kernel | System | Stopped] -- C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Definition Updates\{95E113F0-FADD-4241-AB55-77A7E5A8AD62}\MpKsl60e8f4a4.sys -- (MpKsl60e8f4a4)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\KMW_KBD.sys -- (KMW_KBD)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Atdisk)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\AWRTRD.sys -- (Ad-Watch Registry Filter)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\AWRTPD.sys -- (Ad-Watch Real-Time Scanner)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\NSDriver.sys -- (Ad-Watch Connect Filter)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Abiosdsk)
DRV - [2010/06/19 17:17:11 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/06/11 17:01:58 | 000,138,384 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PnkBstrK.sys -- (PnkBstrK)
DRV - [2010/06/09 16:01:10 | 000,045,648 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2010/04/16 08:33:36 | 000,041,472 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2010/02/24 05:31:30 | 000,454,016 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\mrxsmb.sys -- (MRxSmb)
DRV - [2010/02/11 05:01:43 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009/12/31 09:14:12 | 000,352,640 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\srv.sys -- (Srv)
DRV - [2009/10/20 07:58:48 | 000,263,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\http.sys -- (HTTP)
DRV - [2009/09/27 17:12:22 | 007,655,872 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2009/06/22 04:34:52 | 000,092,544 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\ksecdd.sys -- (KSecDD)
DRV - [2009/06/07 16:29:18 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/05/18 13:17:00 | 000,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/04/30 17:00:12 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/04/30 16:03:30 | 000,023,832 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2009/04/30 16:03:08 | 006,754,712 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam 300(UVC)
DRV - [2009/04/30 16:01:36 | 000,265,496 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2009/04/30 16:00:00 | 000,114,712 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2009/02/19 09:34:30 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2008/08/14 02:51:43 | 000,138,368 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\afd.sys -- (AFD)
DRV - [2008/06/20 03:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip.sys -- (Tcpip)
DRV - [2008/05/15 16:15:16 | 000,053,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MpFilter.sys -- (MpFilter)
DRV - [2007/12/18 02:51:35 | 000,179,584 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mrxdav.sys -- (MRxDAV)
DRV - [2007/11/27 22:56:30 | 000,116,416 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\msfwhlpr.sys -- (MSFWHLPR)
DRV - [2007/11/27 22:56:28 | 000,091,328 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\msfwdrv.sys -- (MSFWDrv)
DRV - [2007/11/13 03:25:53 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/09/17 15:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/07/03 16:58:20 | 000,106,792 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2007/07/03 16:57:24 | 000,011,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2007/07/03 16:54:24 | 000,080,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2007/02/09 04:10:35 | 000,574,464 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Running] -- C:\WINDOWS\System32\drivers\ntfs.sys -- (Ntfs)
DRV - [2006/10/18 20:00:00 | 000,038,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wpdusb.sys -- (WpdUsb)
DRV - [2006/09/28 19:00:34 | 000,082,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WudfRd.sys -- (WudfRd)
DRV - [2006/09/28 18:55:50 | 000,077,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\WudfPf.sys -- (WudfPf)
DRV - [2006/08/21 02:14:58 | 000,128,896 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\fltMgr.sys -- (FltMgr)
DRV - [2006/06/27 17:42:14 | 003,972,672 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2006/06/14 02:00:45 | 000,082,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wdmaud.sys -- (wdmaud)
DRV - [2006/06/14 01:47:46 | 000,006,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\splitter.sys -- (splitter)
DRV - [2006/06/14 01:47:45 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\kmixer.sys -- (kmixer)
DRV - [2006/05/05 02:47:57 | 000,174,592 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\rdbss.sys -- (Rdbss)
DRV - [2006/02/14 17:22:26 | 000,142,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\aec.sys -- (aec)
DRV - [2005/10/20 18:47:05 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023x.sys -- (usb_rndisx)
DRV - [2005/06/09 21:09:46 | 000,139,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\rdpwd.sys -- (RDPWD)
DRV - [2005/05/11 01:33:12 | 000,032,256 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdrbsdrv.sys -- (cdrbsdrv)
DRV - [2004/11/15 18:41:54 | 000,036,804 | ---- | M] (Alcor Micro Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Sunkfilt.sys -- (SunkFilt)
DRV - [2004/09/29 15:28:37 | 000,134,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ipnat.sys -- (IpNat)
DRV - [2004/08/04 12:00:00 | 000,799,744 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dmboot.sys -- (dmboot)
DRV - [2004/08/04 12:00:00 | 000,209,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\update.sys -- (Update)
DRV - [2004/08/04 12:00:00 | 000,187,776 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ACPI.sys -- (ACPI)
DRV - [2004/08/04 12:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\ndis.sys -- (NDIS)
DRV - [2004/08/04 12:00:00 | 000,162,816 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\netbt.sys -- (NetBT)
DRV - [2004/08/04 12:00:00 | 000,153,344 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dmio.sys -- (dmio)
DRV - [2004/08/04 12:00:00 | 000,143,360 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Running] -- C:\WINDOWS\System32\drivers\fastfat.sys -- (Fastfat)
DRV - [2004/08/04 12:00:00 | 000,119,936 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\pcmcia.sys -- (Pcmcia)
DRV - [2004/08/04 12:00:00 | 000,107,904 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\mup.sys -- (Mup)
DRV - [2004/08/04 12:00:00 | 000,091,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ndiswan.sys -- (NdisWan)
DRV - [2004/08/04 12:00:00 | 000,088,448 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2004/08/04 12:00:00 | 000,080,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\parport.sys -- (Parport)
DRV - [2004/08/04 12:00:00 | 000,074,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ipsec.sys -- (IPSec)
DRV - [2004/08/04 12:00:00 | 000,073,472 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sr.sys -- (sr)
DRV - [2004/08/04 12:00:00 | 000,069,120 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psched.sys -- (PSched)
DRV - [2004/08/04 12:00:00 | 000,066,176 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\udfs.sys -- (Udfs)
DRV - [2004/08/04 12:00:00 | 000,064,896 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\serial.sys -- (Serial)
DRV - [2004/08/04 12:00:00 | 000,063,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Running] -- C:\WINDOWS\System32\drivers\cdfs.sys -- (Cdfs)
DRV - [2004/08/04 12:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004/08/04 12:00:00 | 000,061,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nic1394.sys -- (NIC1394)
DRV - [2004/08/04 12:00:00 | 000,060,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\arp1394.sys -- (Arp1394)
DRV - [2004/08/04 12:00:00 | 000,059,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atmarpc.sys -- (Atmarpc)
DRV - [2004/08/04 12:00:00 | 000,057,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbhub.sys -- (usbhub)
DRV - [2004/08/04 12:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2004/08/04 12:00:00 | 000,052,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\volsnap.sys -- (VolSnap)
DRV - [2004/08/04 12:00:00 | 000,051,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rasl2tp.sys -- (Rasl2tp) WAN Miniport (L2TP)
DRV - [2004/08/04 12:00:00 | 000,049,536 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdrom.sys -- (Cdrom)
DRV - [2004/08/04 12:00:00 | 000,048,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\raspptp.sys -- (PptpMiniport) WAN Miniport (PPTP)
DRV - [2004/08/04 12:00:00 | 000,042,496 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\p3.sys -- (P3)
DRV - [2004/08/04 12:00:00 | 000,042,240 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\mountmgr.sys -- (MountMgr)
DRV - [2004/08/04 12:00:00 | 000,041,856 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\imapi.sys -- (Imapi)
DRV - [2004/08/04 12:00:00 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\raspppoe.sys -- (RasPppoe)
DRV - [2004/08/04 12:00:00 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2004/08/04 12:00:00 | 000,038,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\ndproxy.sys -- (NDProxy)
DRV - [2004/08/04 12:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\disk.sys -- (Disk)
DRV - [2004/08/04 12:00:00 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\processr.sys -- (Processor)
DRV - [2004/08/04 12:00:00 | 000,035,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msgpc.sys -- (Gpc)
DRV - [2004/08/04 12:00:00 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\fips.sys -- (Fips)
DRV - [2004/08/04 12:00:00 | 000,034,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanarp.sys -- (Wanarp)
DRV - [2004/08/04 12:00:00 | 000,034,560 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\netbios.sys -- (NetBIOS)
DRV - [2004/08/04 12:00:00 | 000,032,896 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ipfltdrv.sys -- (IpFilterDriver)
DRV - [2004/08/04 12:00:00 | 000,032,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwlnkfwd.sys -- (NwlnkFwd)
DRV - [2004/08/04 12:00:00 | 000,030,848 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\npfs.sys -- (Npfs)
DRV - [2004/08/04 12:00:00 | 000,030,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\modem.sys -- (Modem)
DRV - [2004/08/04 12:00:00 | 000,029,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ip6fw.sys -- (Ip6Fw)
DRV - [2004/08/04 12:00:00 | 000,027,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fdc.sys -- (Fdc)
DRV - [2004/08/04 12:00:00 | 000,021,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\tdtcp.sys -- (TDTCP)
DRV - [2004/08/04 12:00:00 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\vga.sys -- (VgaSave)
DRV - [2004/08/04 12:00:00 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ipinip.sys -- (IpInIp)
DRV - [2004/08/04 12:00:00 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbuhci.sys -- (usbuhci)
DRV - [2004/08/04 12:00:00 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\flpydisk.sys -- (Flpydisk)
DRV - [2004/08/04 12:00:00 | 000,019,072 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\msfs.sys -- (Msfs)
DRV - [2004/08/04 12:00:00 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\partmgr.sys -- (PartMgr)
DRV - [2004/08/04 12:00:00 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\cdaudio.sys -- (Cdaudio)
DRV - [2004/08/04 12:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/08/04 12:00:00 | 000,016,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\raspti.sys -- (Raspti)
DRV - [2004/08/04 12:00:00 | 000,015,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\serenum.sys -- (serenum)
DRV - [2004/08/04 12:00:00 | 000,015,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mssmbios.sys -- (mssmbios)
DRV - [2004/08/04 12:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\asyncmac.sys -- (AsyncMac)
DRV - [2004/08/04 12:00:00 | 000,012,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ndisuio.sys -- (Ndisuio)
DRV - [2004/08/04 12:00:00 | 000,012,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tunmp.sys -- (tunmp)
DRV - [2004/08/04 12:00:00 | 000,012,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwlnkflt.sys -- (NwlnkFlt)
DRV - [2004/08/04 12:00:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fsvga.sys -- (FsVga)
DRV - [2004/08/04 12:00:00 | 000,012,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\tdpipe.sys -- (TDPIPE)
DRV - [2004/08/04 12:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\ws2ifsl.sys -- (WS2IFSL)
DRV - [2004/08/04 12:00:00 | 000,011,648 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\acpiec.sys -- (ACPIEC)
DRV - [2004/08/04 12:00:00 | 000,011,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\sfloppy.sys -- (Sfloppy)
DRV - [2004/08/04 12:00:00 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irenum.sys -- (IRENUM)
DRV - [2004/08/04 12:00:00 | 000,009,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ndistapi.sys -- (NdisTapi)
DRV - [2004/08/04 12:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\rasacd.sys -- (RasAcd)
DRV - [2004/08/04 12:00:00 | 000,006,784 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\parvdm.sys -- (ParVdm)
DRV - [2004/08/04 12:00:00 | 000,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dmload.sys -- (dmload)
DRV - [2004/08/04 12:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\rdpcdd.sys -- (RDPCDD)
DRV - [2004/08/04 12:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\mnmdd.sys -- (mnmdd)
DRV - [2004/08/04 12:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\beep.sys -- (Beep)
DRV - [2004/08/04 12:00:00 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\null.sys -- (Null)
DRV - [2004/08/04 08:01:08 | 000,040,840 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\termdd.sys -- (TermDD)
DRV - [2004/08/04 06:07:48 | 000,068,224 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\pci.sys -- (PCI)
DRV - [2004/08/04 06:07:44 | 000,044,928 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\agpCPQ.sys -- (agpCPQ)
DRV - [2004/08/04 06:07:44 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2004/08/04 06:07:44 | 000,042,240 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\viaagp.sys -- (viaagp)
DRV - [2004/08/04 06:07:44 | 000,041,088 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2004/08/04 06:07:42 | 000,042,752 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\alim1541.sys -- (alim1541)
DRV - [2004/08/04 06:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\agp440.sys -- (agp440)
DRV - [2004/08/04 06:01:16 | 000,196,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rdpdr.sys -- (rdpdr)
DRV - [2004/08/04 06:00:52 | 000,018,560 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\i2omp.sys -- (i2omp)
DRV - [2004/08/04 06:00:52 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\i2omgmt.sys -- (i2omgmt)
DRV - [2004/08/04 05:59:44 | 000,005,376 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\viaide.sys -- (ViaIde)
DRV - [2004/08/04 05:59:42 | 000,005,504 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\intelide.sys -- (IntelIde)
DRV - [2004/08/04 05:58:42 | 000,004,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\swenum.sys -- (swenum)
DRV - [2004/08/04 05:58:34 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kbdclass.sys -- (Kbdclass)
DRV - [2004/08/04 00:15:56 | 000,060,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sysaudio.sys -- (sysaudio)
DRV - [2004/08/04 00:10:30 | 000,085,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NABTSFEC.sys -- (NABTSFEC)
DRV - [2004/08/04 00:10:22 | 000,019,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WSTCODEC.SYS -- (WSTCODEC)
DRV - [2004/08/04 00:10:18 | 000,017,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CCDECODE.sys -- (CCDECODE)
DRV - [2004/08/04 00:10:18 | 000,011,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SLIP.sys -- (SLIP)
DRV - [2004/08/04 00:10:14 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\StreamIP.sys -- (streamip)
DRV - [2004/08/04 00:10:14 | 000,010,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NdisIP.sys -- (NdisIP)
DRV - [2004/08/04 00:10:12 | 000,078,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbvideo.sys -- (usbvideo) USB Video Device (WDM)
DRV - [2004/08/04 00:10:10 | 000,061,056 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ohci1394.sys -- (ohci1394)
DRV - [2004/08/04 00:08:48 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbccgp.sys -- (usbccgp)
DRV - [2004/08/04 00:08:48 | 000,026,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBSTOR.SYS -- (USBSTOR)
DRV - [2004/08/04 00:08:38 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbehci.sys -- (usbehci)
DRV - [2004/08/04 00:08:38 | 000,017,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbohci.sys -- (usbohci)
DRV - [2004/08/04 00:07:58 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\drmkaud.sys -- (drmkaud)
DRV - [2004/08/04 00:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2004/08/04 00:07:40 | 000,052,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DMusic.sys -- (DMusic)
DRV - [2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\atapi.sys -- (atapi)
DRV - [2004/08/03 23:58:46 | 000,015,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbscan.sys -- (usbscan)
DRV - [2004/08/03 23:58:42 | 000,007,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MSKSSRV.sys -- (MSKSSRV)
DRV - [2004/08/03 23:58:42 | 000,004,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MSPQM.sys -- (MSPQM)
DRV - [2004/08/03 23:58:40 | 000,005,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MSTEE.sys -- (MSTEE)
DRV - [2004/08/03 23:58:40 | 000,005,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MSPCLOCK.sys -- (MSPCLOCK)
DRV - [2004/08/03 23:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/08/03 23:14:38 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\i8042prt.sys -- (i8042prt)
DRV - [2004/08/03 22:59:58 | 000,043,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sbp2port.sys -- (sbp2port)
DRV - [2004/08/03 22:59:38 | 000,057,472 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\redbook.sys -- (redbook)
DRV - [2004/08/03 22:58:36 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid)
DRV - [2004/08/03 22:58:34 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mouclass.sys -- (Mouclass)
DRV - [2004/06/17 15:56:22 | 000,220,032 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2004/06/17 15:55:38 | 000,685,056 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/06/17 15:55:04 | 001,041,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004/03/17 12:04:14 | 000,013,059 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2003/12/01 17:53:06 | 000,009,984 | ---- | M] (Kensington Technology Group) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\KMW_USB.sys -- (KMW_USB)
DRV - [2001/08/17 21:07:44 | 000,025,952 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\hpn.sys -- (hpn)
DRV - [2001/08/17 21:07:44 | 000,020,192 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dpti2o.sys -- (dpti2o)
DRV - [2001/08/17 21:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 21:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 21:07:42 | 000,005,504 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\perc2hib.sys -- (perc2hib)
DRV - [2001/08/17 21:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 21:07:40 | 000,027,296 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\perc2.sys -- (perc2)
DRV - [2001/08/17 21:07:38 | 000,056,960 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aic78xx.sys -- (aic78xx)
DRV - [2001/08/17 21:07:36 | 000,055,168 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aic78u2.sys -- (aic78u2)
DRV - [2001/08/17 21:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 21:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 21:07:32 | 000,101,888 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\adpu160m.sys -- (adpu160m)
DRV - [2001/08/17 20:58:02 | 000,035,840 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\isapnp.sys -- (isapnp)
DRV - [2001/08/17 20:52:50 | 000,125,056 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ftdisk.sys -- (Ftdisk)
DRV - [2001/08/17 20:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 20:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 20:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 20:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 20:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 20:52:16 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1240.sys -- (ql1240)
DRV - [2001/08/17 20:52:16 | 000,033,152 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql10wnt.sys -- (Ql10wnt)
DRV - [2001/08/17 20:52:16 | 000,014,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac960nt.sys -- (dac960nt)
DRV - [2001/08/17 20:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 20:52:08 | 000,016,000 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ini910u.sys -- (ini910u)
DRV - [2001/08/17 20:52:08 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\cbidf2k.sys -- (cbidf2k)
DRV - [2001/08/17 20:52:08 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cbidf2k.sys -- (cbidf)
DRV - [2001/08/17 20:52:06 | 000,014,976 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cpqarray.sys -- (Cpqarray)
DRV - [2001/08/17 20:52:06 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys -- (cd20xrnt)
DRV - [2001/08/17 20:52:04 | 000,022,400 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3350p.sys -- (asc3350p)
DRV - [2001/08/17 20:52:04 | 000,012,032 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amsint.sys -- (amsint)
DRV - [2001/08/17 20:52:02 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aha154x.sys -- (Aha154x)
DRV - [2001/08/17 20:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 20:52:00 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS -- (abp480n5)
DRV - [2001/08/17 20:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 20:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 20:51:56 | 000,004,992 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\toside.sys -- (TosIde)
DRV - [2001/08/17 20:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 15:00:52 | 000,054,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swmidi.sys -- (swmidi)
DRV - [2001/08/17 14:51:52 | 000,003,328 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\pciide.sys -- (PCIIde)
DRV - [2001/08/17 14:02:20 | 000,009,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hidusb.sys -- (HidUsb)
DRV - [2001/08/17 13:59:44 | 000,003,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\audstub.sys -- (audstub)
DRV - [2001/08/17 13:49:32 | 000,019,968 | ---- | M] (Macronix International Co., Ltd. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxnic.sys -- (mxnic)
DRV - [2001/08/17 13:48:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mouhid.sys -- (mouhid)
DRV - [1999/09/20 0100 | 000,218,944 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\EMU10K1.SYS -- (EMU10K1)
DRV - [1999/06/16 01:00:00 | 000,160,832 | ---- | M] (Creative Technology Ltd.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\CTSYN.SYS -- (CTSYN)
DRV - [1999/02/09 01:00:00 | 000,027,264 | ---- | M] (Creative Technology Ltd.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\SFMAN.SYS -- (SFMAN)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = https://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = https://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = https://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = https://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = https://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = https://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = https://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = https://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://go.microsoft.com/fwlink/?LinkId=69157
IE - HKCU\..\URLSearchHook: {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll (America Online, Inc.)
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.2.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.19
FF - prefs.js..keyword.URL: "https://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q="
FF - prefs.js..network.proxy.type: 4

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/03/30 21:29:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/08 22:29:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6E19037A-12E3-4295-8915-ED48BC341614}: C:\Program Files\RelevantKnowledge
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/05 14:32:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/11 19:36:09 | 000,000,000 | ---D | M]

[2009/05/22 19:51:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2009/04/07 16:14:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/05/22 19:51:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\[email protected]
[2010/07/13 11:15:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ai471edq.default\extensions
[2010/07/11 13:17:05 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ai471edq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/12/28 19:19:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ai471edq.default\extensions\[email protected]
[2009/05/06 20:36:37 | 000,002,038 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ai471edq.default\searchplugins\AIM Search.xml
[2009/04/20 20:42:31 | 000,001,739 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ai471edq.default\searchplugins\aim-search.xml
[2010/01/18 18:29:23 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/03/30 14:44:58 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/03/30 14:44:52 | 000,023,000 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2010/03/30 14:44:52 | 000,134,616 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2006/07/28 08:32:54 | 000,049,152 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
[2009/03/30 21:28:34 | 000,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2006/08/07 11:32:12 | 001,376,560 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
[2010/03/30 14:44:55 | 000,065,496 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2009/02/27 12:13:42 | 000,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2010/06/03 17:33:30 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2010/06/03 17:33:30 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2010/06/03 17:33:30 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2010/06/03 17:33:30 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2010/06/03 17:33:30 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2010/06/03 17:33:30 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2010/06/03 17:33:30 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2005/04/27 13:10:49 | 000,102,400 | ---- | M] (RealNetworks) -- C:\Program Files\Mozilla Firefox\plugins\npracplug.dll
[2005/08/09 11:42:53 | 000,057,344 | ---- | M] (America Online, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npunagi2.dll
[2007/04/16 10:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
[2009/03/26 11:56:22 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2009/03/26 11:56:22 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2009/03/26 11:56:22 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/03/26 11:56:22 | 000,002,343 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2009/03/26 11:56:22 | 000,001,706 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009/03/26 11:56:22 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2009/03/26 11:56:22 | 000,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2010/07/12 17:24:03 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AOLSearchHook Class) - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll (America Online, Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [NPSStartup] File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [OneCareUI] C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconEM.exe (Alcor Micro, Corp.)
O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} https://upload.facebook.com/controls/...oUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} https://download.macromedia.com/pub/s...irector/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} https://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} https://upload.facebook.com/controls/...Uploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} https://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} https://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} https://lads.myspace.com/upload/MySpaceUploader2.cab (MySpace Uploader Control)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} https://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} https://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get...nt/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.76.182 68.87.78.134
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/26 11:04:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2003/08/08 17:24:26 | 000,000,045 | -HS- | M] () - D:\autorun.inf.aug.8 -- [ FAT32 ]
O33 - MountPoints2\{4f63278d-8557-11d9-be24-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{4f63278d-8557-11d9-be24-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4f63278d-8557-11d9-be24-806d6172696f}\Shell\AutoRun\command - "" = C:\WINDOWS\System32\shell32.dll -- [2008/07/03 06:03:29 | 008,460,800 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{e1ec6b61-710a-11d9-b301-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{e1ec6b61-710a-11d9-b301-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e1ec6b61-710a-11d9-b301-806d6172696f}\Shell\AutoRun\command - "" = C:\WINDOWS\System32\shell32.dll -- [2008/07/03 06:03:29 | 008,460,800 | ---- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
ATTOJ1 is offline  
Old 07-13-2010, 05:02 PM   #11
Registered Member
 
Join Date: Apr 2009
Posts: 26
OS: XP



O1 HOSTS File: ([2010/07/12 17:24:03 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AOLSearchHook Class) - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll (America Online, Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [NPSStartup] File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [OneCareUI] C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconEM.exe (Alcor Micro, Corp.)
O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} https://upload.facebook.com/controls/...oUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} https://download.macromedia.com/pub/s...irector/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} https://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} https://upload.facebook.com/controls/...Uploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} https://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} https://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} https://lads.myspace.com/upload/MySpaceUploader2.cab (MySpace Uploader Control)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} https://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} https://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get...nt/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.76.182 68.87.78.134
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/26 11:04:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2003/08/08 17:24:26 | 000,000,045 | -HS- | M] () - D:\autorun.inf.aug.8 -- [ FAT32 ]
O33 - MountPoints2\{4f63278d-8557-11d9-be24-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{4f63278d-8557-11d9-be24-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4f63278d-8557-11d9-be24-806d6172696f}\Shell\AutoRun\command - "" = C:\WINDOWS\System32\shell32.dll -- [2008/07/03 06:03:29 | 008,460,800 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{e1ec6b61-710a-11d9-b301-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{e1ec6b61-710a-11d9-b301-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e1ec6b61-710a-11d9-b301-806d6172696f}\Shell\AutoRun\command - "" = C:\WINDOWS\System32\shell32.dll -- [2008/07/03 06:03:29 | 008,460,800 | ---- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/07/13 11:12:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2010/07/12 23:16:12 | 000,055,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nofalixi.sys
[2010/07/12 17:23:57 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/07/11 23:19:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\stardevelop.com
[2010/07/11 23:16:41 | 000,055,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bfakztjr.sys
[2010/07/11 23:08:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\stardevelop.com
[2010/07/11 18:41:01 | 000,000,000 | ---D | C] -- C:\Program Files\Stardevelop Pty Ltd
[2010/07/11 18:40:18 | 009,663,824 | ---- | C] (DevAge, Vestris Inc. & Contributors) -- C:\Setup.exe
[2010/07/11 13:17:05 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2010/07/11 13:16:33 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2010/07/11 13:16:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\SystemRequirementsLab
[2010/07/11 13:16:25 | 000,000,000 | ---D | C] -- C:\Program Files\Electronic Arts
[2010/07/11 12:47:10 | 000,000,000 | ---D | C] -- C:\Program Files\Viewpoint
[2010/07/11 12:29:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\RegCure
[2010/07/11 12:29:35 | 000,000,000 | ---D | C] -- C:\Program Files\RegCure
[2010/07/11 12:29:29 | 001,940,640 | ---- | C] (ParetoLogic Inc.) -- C:\Documents and Settings\Owner\Desktop\RegCureSetup_CB.exe
[2010/07/11 11:52:06 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/07/11 11:39:53 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/07/11 11:39:50 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/07/10 23:17:22 | 000,055,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\uotzqyte.sys
[2010/07/09 23:10:50 | 000,055,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\cxqtaavb.sys
[2010/07/09 17:52:23 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\HijackThis.exe
[2010/07/07 15:52:38 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/07 13:08:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DivX
[2010/07/01 17:15:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SITEguard
[2010/07/01 17:14:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
[2010/07/01 17:14:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2010/07/01 16:58:49 | 000,390,656 | ---- | C] (iS3, Inc.) -- C:\Documents and Settings\Owner\Desktop\STOPzilla_Setup.exe
[2010/07/01 16:43:35 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\mbam-setup.exe
[2010/07/01 15:53:06 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\mbam-setup-1.46.exe
[2010/07/01 13:50:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/06/30 23:14:03 | 000,055,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\quhijjwk.sys
[2010/06/30 00:11:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple Computer
[2010/06/30 00:11:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Apple Computer
[2010/06/29 23:16:10 | 000,055,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dlzufxgb.sys
[2010/06/29 09:35:46 | 000,055,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ctgapenb.sys
[2010/06/27 23:48:32 | 000,055,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\cinjmwma.sys
[2010/06/26 23:30:23 | 000,055,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\vytqohjf.sys
[2010/06/26 09:43:47 | 000,055,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\orhntmbd.sys
[2010/06/25 12:38:29 | 000,055,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dedstcsr.sys
[2010/06/24 14:11:52 | 000,055,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\gkoceznv.sys
[2010/06/23 15:53:48 | 000,055,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fpgjtcvm.sys
[2010/06/23 11:47:01 | 000,055,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\qjmfdqhm.sys
[2010/06/22 11:16:54 | 001,990,728 | ---- | C] (Facebook, Inc.) -- C:\Documents and Settings\Owner\Desktop\Install_Facebook_Plug-In_1.0.3.exe
[2010/06/19 20:09:19 | 000,000,000 | ---D | C] -- C:\SWGEmu
[2010/06/19 19:38:38 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Owner\IETldCache
[2010/06/19 19:13:10 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/06/19 17:17:04 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2010/06/19 17:16:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\DAEMON Tools Lite
[2010/06/19 17:16:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010/06/19 17:15:14 | 009,591,104 | ---- | C] (DT Soft Ltd.) -- C:\DTLite4356-0091.exe
[2010/06/18 15:51:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\New Folder
[2010/06/18 15:43:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\nikon
[2010/06/15 21:56:02 | 013,004,984 | ---- | C] (TeamSpeak Systems GmbH) -- C:\Documents and Settings\Owner\Desktop\TeamSpeak3-Client-win32-3.0.0-beta22.exe
[2005/10/12 13:57:08 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\Implode.dll
[7 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/07/13 15:38:44 | 000,081,192 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\meandkelllyyy.jpg
[2010/07/13 15:29:01 | 000,034,692 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat
[2010/07/13 11:13:51 | 000,001,469 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\DivX Movies.lnk
[2010/07/13 11:13:29 | 000,000,777 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Player.lnk
[2010/07/13 11:12:55 | 000,000,817 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Converter.lnk
[2010/07/13 10:04:04 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/13 10:00:16 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/13 09:58:42 | 000,251,181 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010/07/13 09:58:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/13 09:58:18 | 2145,964,032 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/13 09:58:17 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2010/07/13 09:58:11 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2010/07/13 00:07:04 | 012,582,912 | ---- | M] () -- C:\Documents and Settings\Owner\NTUSER.DAT
[2010/07/12 23:16:12 | 000,055,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nofalixi.sys
[2010/07/12 22:34:40 | 000,000,291 | ---- | M] () -- C:\filezilla.doc
[2010/07/12 17:24:03 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/07/11 23:16:41 | 000,055,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bfakztjr.sys
[2010/07/11 2346 | 000,002,561 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Live Help Messenger.lnk
[2010/07/11 23:02:57 | 009,663,824 | ---- | M] (DevAge, Vestris Inc. & Contributors) -- C:\Setup.exe
[2010/07/11 19:03:27 | 003,932,214 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\untitled.bmp
[2010/07/11 17:00:00 | 000,000,390 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2010/07/11 16:35:01 | 000,174,037 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\meandbriiii222.jpg
[2010/07/11 12:48:46 | 000,000,372 | ---- | M] () -- C:\WINDOWS\tasks\RegCure.job
[2010/07/11 12:29:36 | 000,000,738 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RegCure.lnk
[2010/07/11 12:29:27 | 001,940,640 | ---- | M] (ParetoLogic Inc.) -- C:\Documents and Settings\Owner\Desktop\RegCureSetup_CB.exe
[2010/07/11 11:52:02 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/07/11 11:39:06 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\mbam-setup-1.46.exe
[2010/07/10 23:17:22 | 000,055,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\uotzqyte.sys
[2010/07/09 23:10:50 | 000,055,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\cxqtaavb.sys
[2010/07/09 18:22:47 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\HijackThis.exe
[2010/07/09 18:17:32 | 000,005,079 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Attach.zip
[2010/07/09 18:00:01 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\gmer.zip
[2010/07/09 17:57:20 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2010/07/09 13:40:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/07/09 12:04:40 | 000,041,872 | ---- | M] () -- C:\WINDOWS\System32\xfcodec.dll
[2010/07/04 20:48:52 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/01 22:16:45 | 000,043,077 | ---- | M] () -- C:\tzH0aB1278049233.jpg
[2010/07/01 22:15:20 | 000,012,530 | ---- | M] () -- C:\18079_105567949460574_100000221079148_144600_901469_n.jpg
[2010/07/01 18:16:41 | 000,003,088 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2010/07/01 17:57:35 | 000,000,856 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpfr2.cfg
[2010/07/01 17:15:21 | 000,675,840 | -H-- | M] () -- C:\SZKGFS.dat
[2010/07/01 17:01:54 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2010/07/01 16:58:46 | 000,390,656 | ---- | M] (iS3, Inc.) -- C:\Documents and Settings\Owner\Desktop\STOPzilla_Setup.exe
[2010/07/01 16:43:51 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\mbam-setup.exe
[2010/07/01 16:21:50 | 004,275,706 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2010/07/01 15:15:16 | 034,595,056 | ---- | M] (PC Tools ) -- C:\Documents and Settings\Owner\Desktop\spyware-doctor.exe
[2010/06/30 23:14:03 | 000,055,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\quhijjwk.sys
[2010/06/30 22:30:11 | 000,905,616 | ---- | M] () -- C:\Funny Voice.mp3
[2010/06/29 23:16:10 | 000,055,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dlzufxgb.sys
[2010/06/29 09:35:46 | 000,055,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ctgapenb.sys
[2010/06/28 15:13:30 | 000,050,851 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\men ashh.jpg
[2010/06/27 23:48:32 | 000,055,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\cinjmwma.sys
[2010/06/26 23:30:23 | 000,055,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\vytqohjf.sys
[2010/06/26 09:43:47 | 000,055,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\orhntmbd.sys
[2010/06/25 12:38:29 | 000,055,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dedstcsr.sys
[2010/06/24 15:44:44 | 000,010,240 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\2010 workout.wps
[2010/06/24 14:11:52 | 000,055,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\gkoceznv.sys
[2010/06/23 15:53:48 | 000,055,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fpgjtcvm.sys
[2010/06/23 11:47:01 | 000,055,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\qjmfdqhm.sys
[2010/06/22 11:16:50 | 001,990,728 | ---- | M] (Facebook, Inc.) -- C:\Documents and Settings\Owner\Desktop\Install_Facebook_Plug-In_1.0.3.exe
[2010/06/21 19:02:20 | 000,000,994 | ---- | M] () -- C:\WINDOWS\System32\ealregsnapshot1.reg
[2010/06/21 15:40:32 | 000,000,837 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Warhammer Online - Age of Reckoning.lnk
[2010/06/19 19:38:36 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/06/19 17:17:11 | 000,691,696 | ---- | M] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010/06/19 17:17:11 | 000,001,613 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DAEMON Tools Lite.lnk
[2010/06/19 17:15:45 | 009,591,104 | ---- | M] (DT Soft Ltd.) -- C:\DTLite4356-0091.exe
[2010/06/19 15:17:28 | 003,067,400 | ---- | M] () -- C:\Setup_MagicISO.exe
[2010/06/18 11:11:16 | 000,014,336 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\laurens resume.wps
[2010/06/17 11:54:48 | 002,839,304 | ---- | M] () -- C:\Program Files\Springmeier_Wheeler_-_Illuminati_Formula_Mind_Control_Slave.zip
[2010/06/17 11:27:17 | 000,033,577 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Raze is a Hardcore PVP Sith Faction guild that was formed by three people who have been best friends since the sandboxe and have been gaming together for many years.rtf
[2010/06/15 21:57:15 | 013,004,984 | ---- | M] (TeamSpeak Systems GmbH) -- C:\Documents and Settings\Owner\Desktop\TeamSpeak3-Client-win32-3.0.0-beta22.exe

========== Files Created - No Company Name ==========

[2010/07/13 15:38:44 | 000,081,192 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\meandkelllyyy.jpg
[2010/07/13 11:13:51 | 000,001,469 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\DivX Movies.lnk
[2010/07/13 11:13:29 | 000,000,777 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Player.lnk
[2010/07/13 11:12:55 | 000,000,817 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Converter.lnk
[2010/07/11 23:21:07 | 000,549,112 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/07/11 23:05:04 | 000,002,561 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Live Help Messenger.lnk
[2010/07/11 19:03:26 | 003,932,214 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\untitled.bmp
[2010/07/11 16:35:01 | 000,174,037 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\meandbriiii222.jpg
[2010/07/11 12:29:39 | 000,000,390 | ---- | C] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2010/07/11 12:29:39 | 000,000,372 | ---- | C] () -- C:\WINDOWS\tasks\RegCure.job
[2010/07/11 12:29:36 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RegCure.lnk
[2010/07/09 19:14:47 | 000,010,122 | ---- | C] () -- C:\Documents and Settings\Owner\hs_err_pid3760.log
[2010/07/09 18:17:32 | 000,005,079 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Attach.zip
[2010/07/09 18:00:05 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\gmer.zip
[2010/07/09 17:57:24 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2010/07/09 12:04:40 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2010/07/09 09:37:54 | 000,010,300 | ---- | C] () -- C:\Documents and Settings\Owner\hs_err_pid1444.log
[2010/07/01 22:16:50 | 000,043,077 | ---- | C] () -- C:\tzH0aB1278049233.jpg
[2010/07/01 22:15:19 | 000,012,530 | ---- | C] () -- C:\18079_105567949460574_100000221079148_144600_901469_n.jpg
[2010/07/01 17:25:13 | 000,000,856 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpfr2.cfg
[2010/07/01 17:24:48 | 000,003,088 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2010/07/01 17:15:21 | 000,675,840 | -H-- | C] () -- C:\SZKGFS.dat
[2010/07/01 16:29:38 | 2145,964,032 | -HS- | C] () -- C:\hiberfil.sys
[2010/06/30 22:30:23 | 000,905,616 | ---- | C] () -- C:\Funny Voice.mp3
[2010/06/28 15:13:28 | 000,050,851 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\men ashh.jpg
[2010/06/27 20:19:14 | 000,010,660 | ---- | C] () -- C:\Documents and Settings\Owner\hs_err_pid1784.log
[2010/06/21 15:40:32 | 000,000,837 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Warhammer Online - Age of Reckoning.lnk
[2010/06/20 21:31:51 | 000,010,240 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\2010 workout.wps
[2010/06/19 21:10:50 | 000,010,978 | ---- | C] () -- C:\Documents and Settings\Owner\hs_err_pid3196.log
[2010/06/19 17:17:11 | 000,001,613 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DAEMON Tools Lite.lnk
[2010/06/19 15:17:18 | 003,067,400 | ---- | C] () -- C:\Setup_MagicISO.exe
[2010/06/17 21:50:26 | 000,000,291 | ---- | C] () -- C:\filezilla.doc
[2010/06/17 11:54:50 | 002,839,304 | ---- | C] () -- C:\Program Files\Springmeier_Wheeler_-_Illuminati_Formula_Mind_Control_Slave.zip
[2010/06/17 11:27:16 | 000,033,577 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Raze is a Hardcore PVP Sith Faction guild that was formed by three people who have been best friends since the sandboxe and have been gaming together for many years.rtf
[2010/01/18 01:03:22 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/12/28 19:32:22 | 000,082,289 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/11/03 20:45:06 | 000,138,384 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009/09/24 11:43:25 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2009/09/24 11:43:25 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2009/06/30 14:29:28 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009/05/08 11:13:04 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2009/04/30 17:00:12 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2009/04/27 20:36:23 | 000,000,088 | ---- | C] () -- C:\WINDOWS\DETEST32.INI
[2008/12/06 10:40:48 | 000,000,538 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2008/05/17 03:01:35 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2007/10/25 17:26:10 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2007/10/13 18:47:51 | 000,000,319 | ---- | C] () -- C:\WINDOWS\game.ini
[2007/09/13 20:10:02 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2007/07/30 19:55:28 | 000,000,037 | ---- | C] () -- C:\WINDOWS\System32\sysmwwod.dll
[2007/07/30 19:53:23 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2007/07/22 18:39:26 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2007/07/22 18:39:26 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2007/07/22 18:39:26 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2007/07/22 18:39:26 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2007/07/22 18:39:26 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2007/07/22 18:39:26 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2007/07/22 18:39:26 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2007/07/22 18:39:26 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2007/07/22 18:39:26 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2007/06/25 21:34:26 | 000,070,400 | ---- | C] () -- C:\WINDOWS\System32\PhysXLoader.dll
[2007/04/29 11:38:16 | 000,000,283 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2007/04/29 11:35:33 | 000,017,408 | ---- | C] () -- C:\WINDOWS\UnInstall.dll
[2007/04/29 11:35:33 | 000,000,028 | ---- | C] () -- C:\WINDOWS\CTDelLau.INI
[2006/12/15 17:32:02 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/11/30 20:38:46 | 000,000,068 | ---- | C] () -- C:\WINDOWS\IDMan.INI
[2006/06/04 19:54:22 | 000,364,544 | ---- | C] () -- C:\WINDOWS\js32.dll
[2006/06/02 08:43:35 | 000,364,544 | ---- | C] () -- C:\WINDOWS\System32\js32.dll
[2006/05/07 22:14:59 | 000,000,032 | ---- | C] () -- C:\WINDOWS\GunzLauncher.INI
[2005/10/12 13:57:09 | 000,748,167 | ---- | C] () -- C:\WINDOWS\System32\Co2c40en.dll
[2005/10/12 13:57:09 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\P2sodbc.dll
[2005/10/12 13:57:09 | 000,054,272 | ---- | C] () -- C:\WINDOWS\System32\P2irdao.dll
[2005/10/12 13:57:09 | 000,050,176 | ---- | C] () -- C:\WINDOWS\System32\P2ctdao.dll
[2005/10/12 13:57:09 | 000,039,936 | ---- | C] () -- C:\WINDOWS\System32\Crxlat32.dll
[2005/10/12 13:57:09 | 000,036,352 | ---- | C] () -- C:\WINDOWS\System32\P2bbnd.dll
[2005/10/12 13:57:00 | 000,000,167 | ---- | C] () -- C:\WINDOWS\teensmrt.ini
[2005/09/06 16:54:56 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2005/07/17 06:56:06 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\frapsvid.dll
[2005/06/01 10:02:10 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2005/06/01 10:02:10 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2005/06/01 10:02:10 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2005/05/10 21:10:27 | 000,000,520 | ---- | C] () -- C:\WINDOWS\netdet.ini
[2005/04/10 12:33:10 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/04/09 19:59:43 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2005/02/24 07:32:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2005/02/24 07:32:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2005/01/28 02:15:08 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2005/01/28 02:09:49 | 000,532,544 | ---- | C] () -- C:\WINDOWS\PIC.dll
[2005/01/28 02:09:49 | 000,024,576 | ---- | C] () -- C:\WINDOWS\HKNTDLL.dll
[2004/08/27 03:50:59 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/26 09:12:43 | 000,001,314 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/08/26 09:12:43 | 000,000,487 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[1997/09/12 01:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1997/09/12 01:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

========== LOP Check ==========

[2009/04/20 20:40:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2007/08/25 12:01:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2010/06/19 17:16:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2009/07/01 13:15:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FlashFXP
[2008/06/15 17:56:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2005/04/20 22:22:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OLYMPUS
[2009/09/24 11:47:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2010/07/11 12:29:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RegCure
[2010/07/01 17:15:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SITEguard
[2010/07/11 13:10:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2010/07/09 16:50:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/07/12 18:19:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tiger Install
[2010/07/11 13:16:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2006/12/16 23:17:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/06/03 17:36:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/04/14 14:51:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2006/12/15 17:34:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\acccore
[2009/04/05 15:46:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Aim
[2008/03/07 17:01:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Azureus
[2009/01/26 21:31:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\CasinoOnNet
[2007/07/09 18:30:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Costco Photo Viewer US
[2008/03/01 14:05:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DAEMON Tools
[2010/06/19 17:26:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DAEMON Tools Lite
[2009/03/26 18:01:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DAEMON Tools Pro
[2006/12/17 16:56:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DMCache
[2008/05/22 21:45:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Dreamlords
[2006/08/08 15:38:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\EBookSys
[2007/07/10 12:31:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Electronic Arts
[2010/06/17 22:50:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FileZilla
[2009/11/29 15:03:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GetRightToGo
[2006/12/17 18:54:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\IDM
[2006/05/06 18:02:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Kensington
[2007/04/29 15:30:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2009/07/13 20:02:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\LPECommon
[2006/07/22 21:50:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MSNInstaller
[2008/06/15 17:56:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\NCH Swift Sound
[2006/12/25 11:23:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OLYMPUS
[2007/08/23 21:34:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Orbit
[2009/09/24 11:47:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PC Suite
[2005/01/28 02:22:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SampleView
[2009/09/24 11:43:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Samsung
[2009/07/22 22:50:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Simple Star
[2010/07/11 23:08:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\stardevelop.com
[2009/09/27 12:27:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\StreamTorrent
[2010/07/11 13:16:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SystemRequirementsLab
[2005/04/11 15:05:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Template
[2007/09/11 18:23:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Turbine
[2010/07/11 13:12:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\uTorrent
[2010/07/09 16:50:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Viewpoint
[2007/05/08 18:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Walgreens
[2007/07/12 17:21:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\WinPatrol
[2010/07/11 17:00:00 | 000,000,390 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure Program Check.job
[2010/07/11 12:48:46 | 000,000,372 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure.job

========== Purity Check ==========



========== Custom Scans ==========


< %systemdrive%\aic78u2.sys /s /md5 >
[2001/08/17 21:07:36 | 000,055,168 | ---- | M] (Microsoft Corporation) MD5=19DD0FB48B0C18892F70E2E7D61A1529 -- C:\WINDOWS\system32\dllcache\aic78u2.sys
[2001/08/17 21:07:36 | 000,055,168 | ---- | M] (Microsoft Corporation) MD5=19DD0FB48B0C18892F70E2E7D61A1529 -- C:\WINDOWS\system32\drivers\aic78u2.sys

========== Files - Unicode (All) ==========
[2007/01/24 22:34:57 | 000,001,375 | ---- | M] ()(C:\Documents and Settings\Owner\My Documents\fasa_com??Helping you receive the Financial Aid YOU deserve.htm) -- C:\Documents and Settings\Owner\My Documents\fasa_com Helping you receive the Financial Aid YOU deserve.htm
[2007/01/24 22:34:57 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\My Documents\fasa_com??Helping you receive the Financial Aid YOU deserve_files) -- C:\Documents and Settings\Owner\My Documents\fasa_com Helping you receive the Financial Aid YOU deserve_files
[2007/01/24 22:34:56 | 000,000,000 | ---D | C](C:\Documents and Settings\Owner\My Documents\fasa_com??Helping you receive the Financial Aid YOU deserve_files) -- C:\Documents and Settings\Owner\My Documents\fasa_com Helping you receive the Financial Aid YOU deserve_files
[2007/01/24 22:34:55 | 000,001,375 | ---- | C] ()(C:\Documents and Settings\Owner\My Documents\fasa_com??Helping you receive the Financial Aid YOU deserve.htm) -- C:\Documents and Settings\Owner\My Documents\fasa_com Helping you receive the Financial Aid YOU deserve.htm

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0F8F5844
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8FB6501C
< End of report >
ATTOJ1 is offline  
Old 07-13-2010, 07:07 PM   #12
Security Team
Analyst
 
Join Date: Sep 2007
Location: West Coast of Florida
Posts: 1,383
OS: Windows 7 Ultimate 64bit



Thanks for the last reply, that really sheded some light on the infection you have. I still need one more thing before i can post instructions for removal.

I need to check for any more patched system files.

Click Start, Click Run, Type sigverif then enter key.
Click on Advanced
On the Logging tab, Make sure the Save the file signature verification results to a log file check box is selected and then click Ok.

Go to Start, Run, Type "%systemroot%\Sigverif.txt" and press enter.

The log file will appear, please attach it to your next thread. It might be a very large file.
sjpritch25 is offline  
Old 07-14-2010, 11:37 AM   #13
Registered Member
 
Join Date: Apr 2009
Posts: 26
OS: XP



Thanks a lot, I really appreciate what you're doing for me. I put it as an attachment it's way too big to post here and I even tried splitting it up but still too long.
Attached Files
File Type: zip Sigverif.zip (27.1 KB, 12 views)
ATTOJ1 is offline  
Old 07-14-2010, 04:24 PM   #14
Security Team
Analyst
 
Join Date: Sep 2007
Location: West Coast of Florida
Posts: 1,383
OS: Windows 7 Ultimate 64bit



I've got to run out for a bit, but i'll have a fix for you in a couple of hrs.
sjpritch25 is offline  
Old 07-14-2010, 09:17 PM   #15
Security Team
Analyst
 
Join Date: Sep 2007
Location: West Coast of Florida
Posts: 1,383
OS: Windows 7 Ultimate 64bit



I've attached a file called fix.zip, i need you to extract both files to C:\Windows folder.

Please printout my instructions!!!!!!!!!!!!!!!!

Next, insert your windows xp install disc. You will probably be prompted to boot from cd.... Press any key to boot from cd...

In Windows setup, type R to access Recovery Console
Type 1 for your windows installation.
Your be prompted for an administrator password, press Enter unless you have an adminstrator password.

Type the following

batch fix.bat and press enter

You should get a message saying file was copied successfully and you will need to type Y to accept the deletion of a few bad files.

Type exit to reboot.

Please boot into Normal mode, i need you to run otl again using this script.
  • Double-Click on OTL to run it.
  • When the window appears, underneath Output at the top change it to Standard Output.
  • Under the Standard Registry box change it to All.
  • Under Custom scan's and fixes section paste in the below in bold


netsvcs
%SYSTEMDRIVE%\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\drivers\*.sys /90
%systemdrive%\aic78u2.sys /s /md5

  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
  • When the scan completes, it will open two notepad windows. OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
Attached Files
File Type: zip fix.zip (29.6 KB, 14 views)
sjpritch25 is offline  
Old 07-15-2010, 11:07 AM   #16
Registered Member
 
Join Date: Apr 2009
Posts: 26
OS: XP



Bah, I don't have an XP disc. I bought this pc 6 years ago and I'm not even sure if it came with it.
ATTOJ1 is offline  
Old 07-15-2010, 01:25 PM   #17
Security Team
Analyst
 
Join Date: Sep 2007
Location: West Coast of Florida
Posts: 1,383
OS: Windows 7 Ultimate 64bit



Okay lets run ComboFix, make sure you install Recovery Console when prompted. Thanks


We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

https://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.
sjpritch25 is offline  
Old 07-17-2010, 01:23 PM   #18
Registered Member
 
Join Date: Apr 2009
Posts: 26
OS: XP



I ran combofix but it didn't give me a log file. For some reason all of the text during when combofix was running was in chinese but I followed and went through all the steps so I don't know what happened.
ATTOJ1 is offline  
Old 07-18-2010, 12:47 PM   #19
Security Team
Analyst
 
Join Date: Sep 2007
Location: West Coast of Florida
Posts: 1,383
OS: Windows 7 Ultimate 64bit



Go ahead and run it again. Let me know if it still doesn't produce a log. Thanks
sjpritch25 is offline  
Closed Thread

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 10:29 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts