Sign In
Register
Help
This topic is locked
I was working on my friends computer which was highly infected. I used several programs to clean it and it seemed to be doing alright except for a few minor things like a few programs not wanting to uninstall and the internet not connecting. I was trying to fix the internet and physically entered the ip and dns address since it didn't seem like it was doing it automatically (wireless). It said it was connected but when trying either IE or Firefox, it would not load any pages. I decided to try to put the computer into safe mode for the first time w/network access to see if this would work.
I went into msconfig/boot and told it to boot into safe mode with network access. Computer shuts down and restarts saying it could not start properly and gave me a choice to start normally or in safe mode again. I tried both options and the computer would start to boot then reset back to the startup option screen...
Mind you the computer had been restarted more than once successfully although there seemed to be a file missing from windows. It would state something like skipping check. The file ended something like system32/chk... something like that. I was going to try to repair this with a windows cd but have yet to find it so I haven't done it yet...
Is there anything that can be done?
Thanks
Welcome to 247fixes PC Help Forum
 |
Welcome to 247fixes PC Help Forum, like most online communities you must register to view or post in our community, but don't worry this is a simple free process that requires minimal information. Take advantage of it immediately, Register Now or Sign In.
|
| Guest Message © 2010 DevFuse | |
[Inactive] Computer Stuck In Loop
MultiQuote
#2
- Forum Junkie
-
- Group: Malware Remover
- Posts: 62
- Joined: 12-November 09
- Gender:Female
Posted 05 February 2010 - 10:23 PM
Hello and welcome to 247fixes! :)
What you describe is the reason why we suggest to never use msconfig to reboot into safe mode. ;)
Using msconfig will force a reboot into safe mode until you have booted safe mode successfully. You can no longer choose to not boot safe mode. If the safe mode has been corrupted, you can no longer boot the PC.
If you have a Windows disc or any other kind of disc from which we can boot the PC, this problem can easily be fixed. Do you have for example the windows-cd close by? If not do you have a PC close by that could download about 300Mb for a live-cd in a reasonable amount of time and burn it on CD?
regards myrti
What you describe is the reason why we suggest to never use msconfig to reboot into safe mode. ;)
Using msconfig will force a reboot into safe mode until you have booted safe mode successfully. You can no longer choose to not boot safe mode. If the safe mode has been corrupted, you can no longer boot the PC.
If you have a Windows disc or any other kind of disc from which we can boot the PC, this problem can easily be fixed. Do you have for example the windows-cd close by? If not do you have a PC close by that could download about 300Mb for a live-cd in a reasonable amount of time and burn it on CD?
regards myrti
#3
- Full Member
-
- Group: Member+
- Posts: 25
- Joined: 05-December 09
Posted 05 February 2010 - 10:27 PM
I have my laptop which is what I was using to transfer the programs over to the infected computer since the internet was not working. I can use that to download the file and write it to cd. My xp cd seems to be misplaced at the moment. I was not aware of the recommendation you're speaking of although it had crossed my mind that it might be a bad idea... :(
#4
- Forum Junkie
-
- Group: Malware Remover
- Posts: 62
- Joined: 12-November 09
- Gender:Female
Posted 05 February 2010 - 11:16 PM
Hi,
malware will frequently mutilate the safe mode in order to protect itself from changes being made in safe mode where it isn't running.
If you don't have your Windows CD, please download Hiren's Boot-CD and boot your PC from it.
regards myrti
malware will frequently mutilate the safe mode in order to protect itself from changes being made in safe mode where it isn't running.
If you don't have your Windows CD, please download Hiren's Boot-CD and boot your PC from it.
- Download Hiren's BootCD Iso to the desktop of a clean computer.
- Extract the zipped HirensBootCD.zip to your desktop.
- Open the extracted HirensBootCD folder and extract the zipped HirensBootCD.iso.
- Double click the BurnToCD.cmd bat file contained in the HirensBootCD folder. This will launch BurnCDCC.
- Insert a blank CD in your drive.
- Press Start. This will burn the image to disc. After it has completed...
- Restart your sick computer and boot from the HBCD you created.
- If your PC is not booting from the CD, you need to change the boot order:
- Restart your PC
- As soon as you get an image, press the Setup key. This is usually F2, F10, F12 or Del. On some machines the key can also be a different one. It should, however, be stated on the screen which key is the setup key.
- Once you enter the computer's BIOS, use the arrow keys and tab key to move between elements. Press enter to select an item to change.
- Navigate to the tab, where you can set the boot order. It should be called Boot or Boot order
- The tab should now show your current boot order.
- If the CD-drive is not at the top, please navigate to the CD-Rom drive with the keys arrows. Then move it to the top of the list. The keys for switching boot position are usually + to move up and - to move down. However they can be different, but they should be stated in the help, so that you can find them easily.
- Once the CD-drive is on top of the boot order, navigate to Exit and select Exit saving changes.
- Restart your PC
- Your PC should now boot from your CD.
- Click to select any options that are required to start the computer from the CD-ROM drive if you are prompted.
- If your PC is not booting from the CD, you need to change the boot order:
- When the CD boots choose "Start MiniWindowsXP". Allow Windows to load. You will see a typical Windows Desktop.
- You will be able to access your sick drive and save files/folders from here. Let me know when you have gotten this far and I can guide you.
- If you have an Ethernet connection you can double click the Network icon on the desktop to gain internet access. You will need to choose the "HBCD tools" icon on your Desktop. Choose "Menu" - "Browsers" - "Opera".
- You should now be connected to the internet.
regards myrti
#5
- Full Member
-
- Group: Member+
- Posts: 25
- Joined: 05-December 09
Posted 06 February 2010 - 11:40 PM
I got the sick computer to boot from CD. I'm actually on the computer now using Opera so the internet via wired works. I tried to get the WIFI to work but it is saying that either wifi doesn't exist on this computer or it's disabled. The computer does have wifi and there is a button which I tried pressing but it doesn't seem to want to work.
Besides that I just want to mention that I would like to make a partition on this hard drive (doesn't have one) similar to what I have on my laptop if possible.
Now what?
Besides that I just want to mention that I would like to make a partition on this hard drive (doesn't have one) similar to what I have on my laptop if possible.
Now what?
#6
- Forum Junkie
-
- Group: Malware Remover
- Posts: 62
- Joined: 12-November 09
- Gender:Female
Posted 07 February 2010 - 08:55 AM
Hi,
I'm sorry I don't entirely understand. Why would you want to make a new partition on the PC? Do you not see the partitions present on the PC now?
You should be able to access the files from your hard disk now. Navigate to the file boot.ini which lies in the root folder of your windows install on the hard disk. (Normally that would be C:\, it may have another letter D:\ or F:\ while you are booted from CD)
Copy boot.ini to boot.ini.backup, so that we have a backup in case something goes wrong. Then open boot.ini with an editor of your choice and you should see /safeboot:minimal (or /safeboot:network if you tried into safe mode with network support) somewhere. Remove that part and try to boot the PC from your hard disk.
If you are unsure on what to remove, then just open boot.ini and copy the entire content into your next reply.
rgeards myrti
I'm sorry I don't entirely understand. Why would you want to make a new partition on the PC? Do you not see the partitions present on the PC now?
You should be able to access the files from your hard disk now. Navigate to the file boot.ini which lies in the root folder of your windows install on the hard disk. (Normally that would be C:\, it may have another letter D:\ or F:\ while you are booted from CD)
Copy boot.ini to boot.ini.backup, so that we have a backup in case something goes wrong. Then open boot.ini with an editor of your choice and you should see /safeboot:minimal (or /safeboot:network if you tried into safe mode with network support) somewhere. Remove that part and try to boot the PC from your hard disk.
If you are unsure on what to remove, then just open boot.ini and copy the entire content into your next reply.
rgeards myrti
#7
- Full Member
-
- Group: Member+
- Posts: 25
- Joined: 05-December 09
Posted 07 February 2010 - 09:45 AM
There is no partition on this computer, only drive c.
The computer started up successfully in normal start-up.
Now how can I go about repairing safe mode along with the other missing or corrupt files on this thing? Wireless doesn't seem to be working, only wired. I have tried uninstalling the driver and reinstalling an updated version. This didn't fix the problem. I also tried running a program called winsocfix which replaced some registry files but it also didn't fix the problem. It seems like it won't assign a correct IP and DNS to the computer. Wireless is working fine on my laptop.
Thanks again.
The computer started up successfully in normal start-up.
Now how can I go about repairing safe mode along with the other missing or corrupt files on this thing? Wireless doesn't seem to be working, only wired. I have tried uninstalling the driver and reinstalling an updated version. This didn't fix the problem. I also tried running a program called winsocfix which replaced some registry files but it also didn't fix the problem. It seems like it won't assign a correct IP and DNS to the computer. Wireless is working fine on my laptop.
Thanks again.
#8
- Forum Junkie
-
- Group: Malware Remover
- Posts: 62
- Joined: 12-November 09
- Gender:Female
Posted 07 February 2010 - 10:18 PM
Hi,
please follow the steps in this topic: Before you post now and post a log from OTL in your next reply so I can see what is still on your PC.
After that we will try to repair what is still wrong with your system.
regards myrti
please follow the steps in this topic: Before you post now and post a log from OTL in your next reply so I can see what is still on your PC.
After that we will try to repair what is still wrong with your system.
regards myrti
#9
- Full Member
-
- Group: Member+
- Posts: 25
- Joined: 05-December 09
Posted 07 February 2010 - 10:59 PM
OTL logfile created on: 2/7/2010 2:43:19 PM - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\Admin\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
502.00 Mb Total Physical Memory | 244.00 Mb Available Physical Memory | 49.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.32 Gb Total Space | 55.15 Gb Free Space | 74.21% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 3.84 Gb Total Space | 0.01 Gb Free Space | 0.23% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: PC244461808863
Current User Name: Admin
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Processes (SafeList) ==========
PRC - [2010/02/07 14:38:41 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\OTL.exe
PRC - [2009/12/16 17:21:24 | 000,135,664 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe
PRC - [2009/03/09 11:06:55 | 000,951,632 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2009/03/09 11:06:55 | 000,515,416 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2008/11/09 12:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/08/29 10:18:44 | 000,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/04/13 16:12:41 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/03/11 21:09:40 | 000,106,496 | ---- | M] () -- C:\Program Files\Duel Systems\DuelAdapter\DuelService.exe
PRC - [2007/01/31 13:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2005/12/20 16:40:40 | 000,921,600 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe
PRC - [2005/01/24 10:30:00 | 001,204,306 | ---- | M] (Venturi Wireless) -- c:\Program Files\Verizon Wireless\venturi\Client\VentC.exe
PRC - [2005/01/13 17:15:52 | 000,038,912 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2004/11/04 10:40:08 | 000,098,394 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2004/11/04 10:38:54 | 000,688,218 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2004/08/04 00:00:00 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\unsecapp.exe
========== Modules (SafeList) ==========
MOD - [2010/02/07 14:38:41 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\OTL.exe
MOD - [2004/11/04 10:39:58 | 000,069,722 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [On_Demand | Stopped] -- -- (ACDaemon)
SRV - [2009/12/16 17:21:24 | 000,135,664 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate) Google Update Service (gupdate)
SRV - [2009/03/09 11:06:55 | 000,951,632 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2008/11/20 13:20:44 | 000,536,872 | ---- | M] (Apple Inc.) [On_Demand | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2008/11/09 12:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/08/29 10:18:44 | 000,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2007/03/11 21:09:40 | 000,106,496 | ---- | M] () [Auto | Running] -- C:\Program Files\Duel Systems\DuelAdapter\DuelService.exe -- (DuelService)
SRV - [2007/01/31 13:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2005/01/24 10:30:00 | 001,204,306 | ---- | M] (Venturi Wireless) [Auto | Running] -- c:\Program Files\Verizon Wireless\venturi\Client\VentC.exe -- (Venturi2)
SRV - [2005/01/13 17:15:52 | 000,038,912 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2004/11/17 21:32:56 | 000,098,304 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\HPQ\Shared\hpqwmi.exe -- (hpqwmi)
SRV - [2004/10/22 02:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003/07/28 12:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
========== Driver Services (SafeList) ==========
DRV - [2009/12/03 16:14:06 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2009/11/11 04:26:02 | 002,216,064 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel®
DRV - [2009/03/09 11:06:56 | 000,064,160 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2008/04/17 13:12:54 | 000,015,464 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2007/11/13 02:25:53 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/01/23 14:45:00 | 000,034,576 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2007/01/23 14:45:00 | 000,033,296 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2007/01/23 14:45:00 | 000,028,176 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2006/12/14 13:00:34 | 000,007,808 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\Program Files\Duel Systems\DuelAdapter\cpuz.sys -- (cpuz126)
DRV - [2006/01/19 03:17:38 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2006/01/18 22:44:46 | 000,053,248 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrSerIf.sys -- (BrSerIf)
DRV - [2005/02/10 16:52:36 | 000,157,056 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/01/26 01:03:00 | 000,020,576 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2005/01/22 11:05:06 | 000,804,317 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm)
DRV - [2005/01/10 16:13:00 | 000,346,496 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camc6hal.sys -- (CAMCHALA)
DRV - [2005/01/10 16:12:12 | 000,037,760 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camc6aud.sys -- (CAMCAUD)
DRV - [2004/12/14 14:18:34 | 000,207,232 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2004/12/14 14:18:28 | 000,703,232 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/12/14 14:18:26 | 001,038,208 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004/12/02 08:36:08 | 000,070,912 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2004/11/29 08:51:26 | 000,029,952 | ---- | M] (Kyocera Wireless Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\kwusb2k.sys -- (kwkxusb)
DRV - [2004/11/04 10:26:42 | 000,186,016 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2004/10/15 12:50:20 | 000,015,295 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrScnUsb.sys -- (BrScnUsb)
DRV - [2004/08/04 00:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/04/14 11:08:00 | 000,044,064 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2004/04/14 11:08:00 | 000,021,280 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2004/04/14 11:08:00 | 000,010,144 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2004/04/14 11:08:00 | 000,005,600 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2004/04/14 06:36:50 | 000,007,432 | ---- | M] (Hewlett-Packard Company) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2004/03/16 10:04:14 | 000,013,059 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2003/06/06 10:46:16 | 000,005,220 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2002/11/26 13:54:58 | 000,016,936 | ---- | M] (Smith Micro Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Verizon Wireless\VZAccess Manager\SMNDIS5.sys -- (SMNDIS5)
DRV - [2001/08/17 12:53:32 | 000,006,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\serscan.sys -- (StillCam)
DRV - [2001/08/17 11:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
DRV - [2001/08/17 07:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...ilion&pf=laptop
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/14 18:21:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/03 19:19:18 | 000,000,000 | ---D | M]
[2010/02/07 13:24:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\jdojjoe1.default\extensions
[2010/02/07 13:24:18 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/01/05 22:08:36 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org
[2007/11/28 11:12:01 | 000,067,696 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jar50.dll
[2007/11/28 11:12:02 | 000,054,376 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jsd3250.dll
[2007/11/28 11:12:03 | 000,034,952 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\myspell.dll
[2007/11/28 11:12:04 | 000,046,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\spellchk.dll
[2007/11/28 11:12:04 | 000,172,144 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\xpinstal.dll
O1 HOSTS File: ([2010/02/05 13:36:32 | 000,000,736 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (no name) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No CLSID value found.
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\LaunchU3.exe.lnk = C:\WINDOWS\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_294823.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase8942.cab (Windows Live Safety Center Base Module)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Key error. File not found
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - Reg Error: Key error. File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\BGInfo.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\BGInfo.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/12/06 12:59:40 | 000,000,000 | RHSD | M] - E:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (SBBD.exe) - File not found
O34 - HKLM BootExecute: (/d \Device\HarddiskVolume1\Program Files\Sunbelt Software\VIPRE\Definitions) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2006/11/22 12:26:49 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - C:\WINDOWS\system32\irmon.dll (Microsoft Corporation)
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
MsConfig - Services: "KodakCCS"
MsConfig - Services: "iPodService"
MsConfig - Services: "SymWSC"
MsConfig - Services: "SPBBCSvc"
MsConfig - Services: "SNDSrvc"
MsConfig - Services: "SBService"
MsConfig - Services: "SAVScan"
MsConfig - Services: "navapsvc"
MsConfig - Services: "LiveUpdate"
MsConfig - Services: "ccSetMgr"
MsConfig - Services: "ccPwdSvc"
MsConfig - Services: "ccProxy"
MsConfig - Services: "ccEvtMgr"
MsConfig - Services: "Automatic LiveUpdate Scheduler"
MsConfig - Services: "ISSVC"
MsConfig - Services: "gusvc"
MsConfig - Services: "GoogleDesktopManager"
MsConfig - Services: "GoogleDesktopManager-110309-193829"
MsConfig - Services: "EPSON_PM_RPCV4_01"
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe - (Eastman Kodak Company)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk - C:\PROGRA~1\Logitech\SetPoint\SetPoint.exe - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe - File not found
MsConfig - StartUpReg: ccleaner - hkey= - key= - C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)
MsConfig - StartUpReg: DuelTray - hkey= - key= - C:\Program Files\Duel Systems\DuelAdapter\DuelTray.exe ()
MsConfig - StartUpReg: eabconfg.cpl - hkey= - key= - C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe (Hewlett-Packard )
MsConfig - StartUpReg: HotKeysCmds - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: HP Software Update - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: IgfxTray - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: IndexSearch - hkey= - key= - C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe File not found
MsConfig - StartUpReg: ISUSPM Startup - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: ISUSScheduler - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: Kernel and Hardware Abstraction Layer - hkey= - key= - C:\WINDOWS\KHALMNPR.Exe (Logitech Inc.)
MsConfig - StartUpReg: LSBWatcher - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: MSMSGS - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: OpwareSE4 - hkey= - key= - C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.)
MsConfig - StartUpReg: PaperPort PTD - hkey= - key= - C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe File not found
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: SSBkgdUpdate - hkey= - key= - C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
MsConfig - StartUpReg: TkBellExe - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: updateMgr - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: YMailAdvisor - hkey= - key= - C:\Program Files\Yahoo!\Common\YMailAdvisor.exe (Yahoo! Inc.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 2
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: WdfLoadGroup - Reg Error: Value error.
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: WdfLoadGroup - Reg Error: Value error.
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - Reg Error: Value error.
ActiveX: {AA218328-0EA8-4D70-8972-E987A9190FF4} - Reg Error: Value error.
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17173366603513856)
========== Files/Folders - Created Within 30 Days ==========
[2010/02/07 14:39:03 | 000,021,504 | ---- | C] (Doug Knox) -- C:\Documents and Settings\Admin\Desktop\SysRestorePoint.exe
[2010/02/07 14:38:39 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\OTL.exe
[2010/02/07 14:17:47 | 000,028,672 | ---- | C] (National Semiconductor Corporation) -- C:\WINDOWS\System32\dllcache\nscirda.sys
[2010/02/07 14:17:09 | 000,010,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndisip.sys
[2010/02/07 14:17:07 | 000,085,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nabtsfec.sys
[2010/02/07 14:16:04 | 000,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstee.sys
[2010/02/07 14:16:03 | 000,049,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstape.sys
[2010/02/07 14:15:47 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msircomm.sys
[2010/02/07 14:15:30 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdv.sys
[2010/02/07 14:15:17 | 000,015,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mpe.sys
[2010/02/07 14:14:52 | 000,026,112 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\dllcache\memstpci.sys
[2010/02/07 14:14:07 | 000,007,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ltotape.sys
[2010/02/07 14:13:37 | 000,034,688 | ---- | C] (Toshiba Corp.) -- C:\WINDOWS\System32\dllcache\lbrtfdc.sys
[2010/02/07 14:13:29 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kswdmcap.ax
[2010/02/07 14:13:29 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksxbar.ax
[2010/02/07 14:13:28 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kstvtune.ax
[2010/02/07 14:13:20 | 000,253,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kdsusd.dll
[2010/02/07 14:13:19 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kdsui.dll
[2010/02/07 14:12:48 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ipsink.ax
[2010/02/07 14:11:24 | 000,702,845 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\i81xdnt5.dll
[2010/02/07 14:11:17 | 000,018,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\i2omp.sys
[2010/02/07 14:11:16 | 000,008,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\i2omgmt.sys
[2010/02/07 14:09:19 | 000,020,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidbatt.sys
[2010/02/07 14:09:13 | 000,028,288 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grserial.sys
[2010/02/07 14:09:05 | 000,059,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gckernel.sys
[2010/02/07 14:09:04 | 000,010,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gameenum.sys
[2010/02/07 14:06:19 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dshowext.ax
[2010/02/07 14:06:05 | 000,206,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dot4.sys
[2010/02/07 14:05:59 | 000,008,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dlttape.sys
[2010/02/07 14:04:31 | 000,249,856 | ---- | C] (Comtrol® Corporation) -- C:\WINDOWS\System32\dllcache\ctmasetp.dll
[2010/02/07 14:03:51 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\changer.sys
[2010/02/07 14:03:43 | 000,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ccdecode.sys
[2010/02/07 14:03:33 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camext30.dll
[2010/02/07 14:02:42 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bdaplgin.ax
[2010/02/07 14:02:42 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bdasup.sys
[2010/02/07 14:02:28 | 000,013,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avcstrm.sys
[2010/02/07 14:02:27 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avc.sys
[2010/02/07 14:01:33 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\61883.sys
[2010/02/07 14:01:32 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\4mmdat.sys
[2010/02/07 13:48:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/02/07 13:27:10 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/02/07 13:27:10 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/02/07 13:27:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/02/07 02:21:59 | 000,176,392 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\Admin\Desktop\TDSSKiller.exe
[2010/02/07 02:21:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\WinRAR
[2010/02/07 02:18:31 | 000,439,808 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\TFC.exe
[2010/02/07 02:15:18 | 000,718,104 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\Admin\Desktop\avgremover.exe
[2010/02/07 02:14:15 | 003,012,768 | ---- | C] (Javacool Software LLC ) -- C:\Documents and Settings\Admin\Desktop\spywareblastersetup42.exe
[2010/02/07 01:55:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\Macromedia
[2010/02/05 13:56:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Local Settings\Application Data\AVG Security Toolbar
[2010/02/05 13:55:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Local Settings\Application Data\Mozilla
[2010/02/05 13:55:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\Mozilla
[2010/02/05 13:37:03 | 000,000,000 | ---D | C] -- C:\ERDNT
[2010/02/05 13:25:11 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Admin\IECompatCache
[2010/02/05 13:23:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\Adobe
[2010/02/05 13:23:50 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Admin\PrivacIE
[2010/02/05 13:20:46 | 000,000,000 | ---D | C] -- C:\Program Files\Shavlik Technologies
[2010/02/05 13:04:14 | 002,732,032 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\Netw2r32.dll
[2010/02/05 13:04:14 | 000,557,056 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\Netw2c32.dll
[2010/02/05 03:49:11 | 000,064,160 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010/02/05 03:48:34 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
[2010/02/05 03:48:13 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010/02/05 03:48:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2010/02/05 02:32:33 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Admin\Recent
[2010/02/05 02:30:56 | 001,803,064 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Admin\Desktop\CCleaner.exe
[2010/02/05 01:37:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\NewSoft
[2010/02/05 01:35:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2010/02/05 01:20:02 | 000,038,480 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\IJRMF.exe
[2010/02/05 01:12:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\Yahoo!
[2010/02/05 01:12:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Local Settings\Application Data\Yahoo
[2010/02/05 01:06:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\My Documents\My Received Files
[2010/02/05 01:05:13 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Admin\IETldCache
[2010/02/05 01:05:13 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Admin\Cookies
[2010/02/05 01:05:03 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Admin\Application Data\Microsoft
[2010/02/05 01:05:03 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Admin\Application Data
[2010/02/05 01:05:03 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Admin\Favorites
[2010/02/05 01:05:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\Symantec
[2010/02/05 01:05:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft
[2010/02/05 01:05:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Local Settings\Application Data\LightScribe
[2010/02/05 01:05:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\Identities
[2010/02/05 01:05:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Local Settings\Application Data\Google
[2010/02/05 01:05:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Desktop
[2010/02/05 01:05:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Local Settings\Application Data\ApplicationHistory
[2010/02/05 01:05:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Local Settings\Application Data\Apple Computer
[2010/02/05 01:05:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\Apple Computer
[2010/02/05 01:05:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150000}
[2010/02/05 01:05:02 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Admin\SendTo
[2010/02/05 01:05:02 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Admin\Start Menu
[2010/02/05 01:05:02 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Admin\My Documents\My Videos
[2010/02/05 01:05:02 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Admin\My Documents\My Pictures
[2010/02/05 01:05:02 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Admin\My Documents\My Music
[2010/02/05 01:05:02 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Admin\My Documents
[2010/02/05 01:05:02 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Admin\Templates
[2010/02/05 01:05:02 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Admin\PrintHood
[2010/02/05 01:05:02 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Admin\NetHood
[2010/02/05 01:05:02 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Admin\Local Settings
[2010/02/03 22:30:13 | 000,000,000 | ---D | C] -- C:\Program Files\Auslogics
[2010/02/03 21:59:46 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/02/03 21:49:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/02/03 21:34:20 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/02/03 21:34:20 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/02/03 21:34:20 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/02/03 21:34:20 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/02/03 21:33:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/02/03 21:29:57 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/02/03 20:03:24 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/02/03 20:03:21 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/02/03 20:03:21 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/02/03 20:03:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/01/30 21:24:14 | 000,245,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\unicows.dll
[2010/01/26 17:26:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SITEguard
[2010/01/26 17:24:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2010/01/26 17:24:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
[2010/01/26 16:44:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sunbelt
[2010/01/24 13:43:08 | 000,000,000 | ---D | C] -- C:\ProgramData
[2010/01/24 13:43:08 | 000,000,000 | ---D | C] -- C:\Program Files\Angle Interactive
[2010/01/24 11:59:14 | 000,207,792 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2010/01/24 11:59:14 | 000,087,784 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2010/01/24 11:58:47 | 000,070,408 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2010/01/24 11:58:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/01/24 11:58:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2010/01/24 11:57:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/01/24 09:21:13 | 000,000,000 | ---D | C] -- C:\spoolerlogs
[2010/01/22 07:47:02 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2010/01/17 23:09:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2010/01/16 19:25:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Service
[2010/01/16 17:44:33 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/01/15 20:21:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2010/01/15 11:40:35 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/01/14 09:06:01 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2010/01/13 17:58:24 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/01/13 11:03:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/01/09 15:47:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\AntiSpy
[2010/01/09 09:21:19 | 000,000,000 | ---D | C] -- C:\Program Files\Defender Pro
[2009/12/29 19:25:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2009/12/16 17:26:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/12/16 17:21:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
========== Files - Modified Within 30 Days ==========
[2010/02/07 14:38:41 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\OTL.exe
[2010/02/07 14:38:23 | 000,513,320 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\erunt.zip
[2010/02/07 14:37:42 | 000,009,334 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\SysRestorePoint_v13.zip
[2010/02/07 14:26:00 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/02/07 14:24:22 | 000,002,539 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\LaunchU3.exe.lnk
[2010/02/07 14:23:55 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/02/07 14:20:48 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/07 14:20:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/07 14:19:15 | 001,310,720 | -H-- | M] () -- C:\Documents and Settings\Admin\NTUSER.DAT
[2010/02/07 13:48:55 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Admin\ntuser.ini
[2010/02/07 02:23:31 | 000,096,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atapi.sys
[2010/02/07 02:18:34 | 000,439,808 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\TFC.exe
[2010/02/07 02:17:58 | 000,152,401 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\tdsskiller.zip
[2010/02/07 02:15:23 | 000,718,104 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\Admin\Desktop\avgremover.exe
[2010/02/07 02:14:32 | 003,012,768 | ---- | M] (Javacool Software LLC ) -- C:\Documents and Settings\Admin\Desktop\spywareblastersetup42.exe
[2010/02/07 02:12:41 | 002,062,665 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\spywareguardsetup.exe
[2010/02/07 02:09:24 | 030,909,992 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\avira_antivir_personal_en.exe
[2010/02/07 01:37:31 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/06 17:30:37 | 000,000,209 | RHS- | M] () -- C:\boot.ini
[2010/02/05 14:02:47 | 000,000,741 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/02/05 14:02:47 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/02/05 13:36:32 | 000,000,736 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/02/05 13:28:06 | 003,932,214 | ---- | M] () -- C:\WINDOWS\BGInfo.bmp
[2010/02/05 13:11:19 | 000,067,376 | ---- | M] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/02/05 12:26:35 | 005,025,044 | -H-- | M] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\IconCache.db
[2010/02/05 12:25:21 | 000,000,108 | -H-- | M] () -- C:\aaw7boot.cmd
[2010/02/05 03:51:33 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/02/05 03:48:33 | 000,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/02/05 01:38:39 | 000,000,256 | ---- | M] () -- C:\WINDOWS\setup.iss
[2010/02/05 01:05:20 | 000,000,782 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\Windows Media Player.lnk
[2010/02/03 20:03:27 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/03 19:04:40 | 000,000,104 | ---- | M] () -- C:\WINDOWS\System32\SBRC.dat
[2010/01/30 08:05:41 | 000,000,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2010/01/27 11:39:00 | 000,000,446 | ---- | M] () -- C:\WINDOWS\tasks\EasyShare Registration Task.job
[2010/01/27 09:47:06 | 000,016,700 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\h8srtmainqt.dll
[2010/01/26 19:25:09 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/01/26 17:24:59 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\6334.exe
[2010/01/26 17:04:58 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\18467.exe
[2010/01/26 16:44:26 | 000,001,020 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\h8srtkrl32mainweq.dll
[2010/01/26 16:36:54 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\11478.exe
[2010/01/26 16:16:53 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\15724.exe
[2010/01/26 15:56:53 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\19169.exe
[2010/01/26 15:36:52 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\26500.exe
[2010/01/26 14:12:06 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\16827.exe
[2010/01/26 13:52:06 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\23281.exe
[2010/01/26 13:32:05 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\28145.exe
[2010/01/26 13:12:02 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\5705.exe
[2010/01/26 12:52:02 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\24464.exe
[2010/01/26 12:31:58 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\26962.exe
[2010/01/26 12:11:52 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\29358.exe
[2010/01/24 14:08:19 | 000,030,720 | ---- | M] () -- C:\WINDOWS\System32\9961.exe
[2010/01/22 18:29:16 | 000,528,020 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/01/22 18:29:16 | 000,445,938 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/01/22 18:29:16 | 000,072,978 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/01/22 17:43:13 | 000,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.bak
[2010/01/20 21:12:43 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/01/14 13:55:55 | 000,003,766 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2010/01/14 13:55:53 | 000,000,056 | RHS- | M] () -- C:\WINDOWS\System32\F1D8621EC7.sys
[2010/01/14 10:56:12 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2010/01/13 18:37:36 | 000,253,472 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/01/13 12:16:00 | 000,000,780 | ---- | M] () -- C:\WINDOWS\orun32.ini
[2010/01/13 08:44:14 | 000,176,392 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\Admin\Desktop\TDSSKiller.exe
[2010/01/12 06:50:59 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\5436.exe
[2010/01/12 06:30:27 | 000,000,166 | ---- | M] () -- C:\WINDOWS\System32\4827.exe
[2010/01/12 06:10:27 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\11942.exe
[2010/01/12 05:50:23 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\2995.exe
[2010/01/12 05:30:22 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\491.exe
[2010/01/11 13:38:52 | 000,000,056 | RHS- | M] () -- C:\WINDOWS\System32\0DE8C8C0E8.sys
[2010/01/09 15:47:11 | 000,000,137 | ---- | M] () -- C:\WINDOWS\tsiwinfile.dat
[2010/01/08 16:58:02 | 000,000,008 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\sysReserve.ini
========== Files Created - No Company Name ==========
[2010/02/07 14:40:33 | 000,163,328 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\ERDNT.E_E
[2010/02/07 14:40:33 | 000,157,696 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\ERUNT.EXE
[2010/02/07 14:40:33 | 000,140,288 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\NTREGOPT.EXE
[2010/02/07 14:40:33 | 000,038,912 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\AUTOBACK.EXE
[2010/02/07 14:40:33 | 000,005,417 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\LOC_GER.ZIP
[2010/02/07 14:40:33 | 000,004,090 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\ERUNT.LOC
[2010/02/07 14:40:33 | 000,003,275 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\ERDNTWIN.LOC
[2010/02/07 14:40:33 | 000,002,815 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\ERDNTDOS.LOC
[2010/02/07 14:40:33 | 000,001,960 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\NTREGOPT.LOC
[2010/02/07 14:38:23 | 000,513,320 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\erunt.zip
[2010/02/07 14:37:45 | 000,009,334 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\SysRestorePoint_v13.zip
[2010/02/07 14:15:31 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdvbnp.ax
[2010/02/07 02:18:01 | 000,152,401 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\tdsskiller.zip
[2010/02/07 02:12:30 | 002,062,665 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\spywareguardsetup.exe
[2010/02/07 02:06:14 | 030,909,992 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\avira_antivir_personal_en.exe
[2010/02/05 13:54:56 | 000,001,614 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\Mozilla Firefox.lnk
[2010/02/05 13:26:12 | 003,932,214 | ---- | C] () -- C:\WINDOWS\BGInfo.bmp
[2010/02/05 12:25:21 | 000,000,108 | -H-- | C] () -- C:\aaw7boot.cmd
[2010/02/05 03:51:33 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/02/05 03:48:33 | 000,000,867 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/02/05 01:05:20 | 000,000,782 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\Windows Media Player.lnk
[2010/02/05 01:05:04 | 000,002,510 | ---- | C] () -- C:\Documents and Settings\Admin\secedit.INTEG.RAW
[2010/02/05 01:05:02 | 001,310,720 | -H-- | C] () -- C:\Documents and Settings\Admin\NTUSER.DAT
[2010/02/05 01:05:02 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Admin\ntuser.ini
[2010/02/03 21:34:20 | 000,260,608 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/02/03 21:34:20 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/02/03 21:34:20 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/02/03 21:34:20 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/02/03 21:34:20 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/02/03 20:03:27 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/03 19:10:52 | 000,002,539 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\LaunchU3.exe.lnk
[2010/01/30 21:28:38 | 000,000,104 | ---- | C] () -- C:\WINDOWS\System32\SBRC.dat
[2010/01/30 08:04:10 | 000,000,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2010/01/26 14:12:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\16827.exe
[2010/01/26 13:12:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\5705.exe
[2010/01/26 12:31:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\26962.exe
[2010/01/26 12:11:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\29358.exe
[2010/01/26 11:51:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\11478.exe
[2010/01/26 10:51:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\26500.exe
[2010/01/26 10:31:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\6334.exe
[2010/01/26 08:19:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\18467.exe
[2010/01/25 14:24:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\23281.exe
[2010/01/25 14:04:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\28145.exe
[2010/01/25 13:23:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\24464.exe
[2010/01/25 11:42:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\19169.exe
[2010/01/24 11:59:14 | 000,007,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCTAppEvent.cat
[2010/01/24 11:59:14 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat
[2010/01/24 11:58:47 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctplsg.cat
[2010/01/24 11:03:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\15724.exe
[2010/01/22 07:37:00 | 000,016,700 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\h8srtmainqt.dll
[2010/01/20 19:42:32 | 000,001,020 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\h8srtkrl32mainweq.dll
[2010/01/12 06:50:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\5436.exe
[2010/01/12 06:30:27 | 000,000,166 | ---- | C] () -- C:\WINDOWS\System32\4827.exe
[2010/01/12 06:10:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\11942.exe
[2010/01/11 23:35:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\2995.exe
[2010/01/11 23:15:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\491.exe
[2010/01/11 22:55:32 | 000,030,720 | ---- | C] () -- C:\WINDOWS\System32\9961.exe
[2010/01/11 13:38:42 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\0DE8C8C0E8.sys
[2010/01/09 15:47:11 | 000,000,137 | ---- | C] () -- C:\WINDOWS\tsiwinfile.dat
[2010/01/08 16:58:02 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\sysReserve.ini
[2009/03/17 06:58:57 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\IPPCPUID.DLL
[2009/03/17 06:57:40 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll
[2008/11/23 15:43:48 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2008/11/23 15:43:48 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2008/11/23 15:41:58 | 000,000,225 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2008/11/23 15:41:58 | 000,000,093 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2008/11/23 15:40:13 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2007/04/20 07:53:27 | 000,000,023 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2007/04/06 07:24:31 | 000,000,056 | ---- | C] () -- C:\WINDOWS\hpdj130.ini
[2007/01/10 08:11:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\JDSecure20.INI
[2006/11/15 07:53:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\plclient.INI
[2006/10/19 10:32:05 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/09/01 18:21:21 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/06/17 08:09:24 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\F1D8621EC7.sys
[2006/06/16 22:38:07 | 000,003,766 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/05/30 06:35:57 | 000,000,739 | ---- | C] () -- C:\WINDOWS\FastBid2.ini
[2006/04/07 17:41:53 | 000,000,028 | ---- | C] () -- C:\WINDOWS\EzyTuner.INI
[2006/04/07 10:29:26 | 000,007,043 | ---- | C] () -- C:\WINDOWS\ePrompter.ini
[2006/03/03 20:48:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2006/03/03 20:45:34 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS71.DLL
[2006/02/19 14:58:56 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2006/02/09 22:30:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\muveeapp.INI
[2006/02/01 10:51:43 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/04/10 01:58:17 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/04/10 01:58:17 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/04/10 01:58:16 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/04/10 01:58:16 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/04/10 01:58:16 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/04/10 01:58:16 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/04/10 01:42:35 | 000,015,669 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/02/12 00:33:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/07 05:16:44 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/07 05:10:08 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/01/13 10:46:34 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/03/19 06:18:54 | 000,120,832 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2010/02/05 12:25:21 | 000,000,108 | -H-- | M] () -- C:\aaw7boot.cmd
[2007/12/26 11:37:47 | 000,029,958 | ---- | M] () -- C:\ASLog.txt
[2010/02/06 17:30:37 | 000,000,209 | RHS- | M] () -- C:\boot.ini
[2008/11/23 15:43:36 | 000,000,025 | ---- | M] () -- C:\Brxpinst.log
[2010/02/03 21:49:00 | 000,027,281 | ---- | M] () -- C:\ComboFix.txt
[2010/01/31 14:39:26 | 000,000,081 | ---- | M] () -- C:\DVDPATH.TXT
[2007/05/08 11:51:23 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2006/05/07 08:32:58 | 000,003,857 | ---- | M] () -- C:\LGSInst.Log
[2007/05/08 11:51:23 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 00:00:00 | 000,047,564 | RHS- | M] () -- C:\ntdetect.com
[2010/01/02 18:03:12 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/02/07 14:20:39 | 792,723,456 | -HS- | M] () -- C:\pagefile.sys
[2010/01/22 17:46:29 | 000,000,335 | ---- | M] () -- C:\rapport.txt
[2004/12/01 00:04:48 | 000,010,522 | ---- | M] () -- C:\README.TXT
[2010/02/07 02:22:30 | 000,041,876 | ---- | M] () -- C:\TDSSKiller.2.2.2_07.02.2010_02.22.26_log.txt
< MD5 for: AGP440.SYS >
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:AGP440.sys
[2004/08/04 00:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2010/01/02 17:51:38 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2010/01/02 17:51:38 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 10:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 10:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 10:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\agp440.sys
[2008/04/13 10:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\dllcache\agp440.sys
[2008/04/13 10:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
< MD5 for: ATAPI.SYS >
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:atapi.sys
[2004/08/04 00:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2010/01/02 17:51:38 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2010/01/02 17:51:38 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2010/01/31 10:26:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 10:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 10:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\atapi.sys
[2010/02/07 02:23:31 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2010/02/07 02:23:31 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/03 16:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0009\DriverFiles\i386\atapi.sys
< MD5 for: EVENTLOG.DLL >
[2008/04/13 16:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 16:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 16:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\eventlog.dll
[2008/04/13 16:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008/04/13 16:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 00:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
< MD5 for: NETLOGON.DLL >
[2008/04/13 16:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 16:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 16:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\netlogon.dll
[2008/04/13 16:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008/04/13 16:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2009/02/06 10:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 10:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2004/08/04 00:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
< MD5 for: SCECLI.DLL >
[2004/08/04 00:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 16:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 16:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 16:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\scecli.dll
[2008/04/13 16:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2004/08/06 21:45:26 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/08/06 21:45:26 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/08/06 21:45:26 | 000,892,928 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
========== Alternate Data Streams ==========
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\Admin\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
502.00 Mb Total Physical Memory | 244.00 Mb Available Physical Memory | 49.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.32 Gb Total Space | 55.15 Gb Free Space | 74.21% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 3.84 Gb Total Space | 0.01 Gb Free Space | 0.23% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: PC244461808863
Current User Name: Admin
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Processes (SafeList) ==========
PRC - [2010/02/07 14:38:41 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\OTL.exe
PRC - [2009/12/16 17:21:24 | 000,135,664 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe
PRC - [2009/03/09 11:06:55 | 000,951,632 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2009/03/09 11:06:55 | 000,515,416 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2008/11/09 12:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/08/29 10:18:44 | 000,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/04/13 16:12:41 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/03/11 21:09:40 | 000,106,496 | ---- | M] () -- C:\Program Files\Duel Systems\DuelAdapter\DuelService.exe
PRC - [2007/01/31 13:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2005/12/20 16:40:40 | 000,921,600 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe
PRC - [2005/01/24 10:30:00 | 001,204,306 | ---- | M] (Venturi Wireless) -- c:\Program Files\Verizon Wireless\venturi\Client\VentC.exe
PRC - [2005/01/13 17:15:52 | 000,038,912 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2004/11/04 10:40:08 | 000,098,394 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2004/11/04 10:38:54 | 000,688,218 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2004/08/04 00:00:00 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\unsecapp.exe
========== Modules (SafeList) ==========
MOD - [2010/02/07 14:38:41 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\OTL.exe
MOD - [2004/11/04 10:39:58 | 000,069,722 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [On_Demand | Stopped] -- -- (ACDaemon)
SRV - [2009/12/16 17:21:24 | 000,135,664 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate) Google Update Service (gupdate)
SRV - [2009/03/09 11:06:55 | 000,951,632 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2008/11/20 13:20:44 | 000,536,872 | ---- | M] (Apple Inc.) [On_Demand | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2008/11/09 12:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/08/29 10:18:44 | 000,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2007/03/11 21:09:40 | 000,106,496 | ---- | M] () [Auto | Running] -- C:\Program Files\Duel Systems\DuelAdapter\DuelService.exe -- (DuelService)
SRV - [2007/01/31 13:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2005/01/24 10:30:00 | 001,204,306 | ---- | M] (Venturi Wireless) [Auto | Running] -- c:\Program Files\Verizon Wireless\venturi\Client\VentC.exe -- (Venturi2)
SRV - [2005/01/13 17:15:52 | 000,038,912 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2004/11/17 21:32:56 | 000,098,304 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\HPQ\Shared\hpqwmi.exe -- (hpqwmi)
SRV - [2004/10/22 02:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003/07/28 12:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
========== Driver Services (SafeList) ==========
DRV - [2009/12/03 16:14:06 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2009/11/11 04:26:02 | 002,216,064 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel®
DRV - [2009/03/09 11:06:56 | 000,064,160 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2008/04/17 13:12:54 | 000,015,464 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2007/11/13 02:25:53 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/01/23 14:45:00 | 000,034,576 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2007/01/23 14:45:00 | 000,033,296 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2007/01/23 14:45:00 | 000,028,176 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2006/12/14 13:00:34 | 000,007,808 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\Program Files\Duel Systems\DuelAdapter\cpuz.sys -- (cpuz126)
DRV - [2006/01/19 03:17:38 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2006/01/18 22:44:46 | 000,053,248 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrSerIf.sys -- (BrSerIf)
DRV - [2005/02/10 16:52:36 | 000,157,056 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/01/26 01:03:00 | 000,020,576 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2005/01/22 11:05:06 | 000,804,317 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm)
DRV - [2005/01/10 16:13:00 | 000,346,496 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camc6hal.sys -- (CAMCHALA)
DRV - [2005/01/10 16:12:12 | 000,037,760 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camc6aud.sys -- (CAMCAUD)
DRV - [2004/12/14 14:18:34 | 000,207,232 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2004/12/14 14:18:28 | 000,703,232 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/12/14 14:18:26 | 001,038,208 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004/12/02 08:36:08 | 000,070,912 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2004/11/29 08:51:26 | 000,029,952 | ---- | M] (Kyocera Wireless Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\kwusb2k.sys -- (kwkxusb)
DRV - [2004/11/04 10:26:42 | 000,186,016 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2004/10/15 12:50:20 | 000,015,295 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrScnUsb.sys -- (BrScnUsb)
DRV - [2004/08/04 00:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/04/14 11:08:00 | 000,044,064 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2004/04/14 11:08:00 | 000,021,280 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2004/04/14 11:08:00 | 000,010,144 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2004/04/14 11:08:00 | 000,005,600 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2004/04/14 06:36:50 | 000,007,432 | ---- | M] (Hewlett-Packard Company) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2004/03/16 10:04:14 | 000,013,059 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2003/06/06 10:46:16 | 000,005,220 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2002/11/26 13:54:58 | 000,016,936 | ---- | M] (Smith Micro Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Verizon Wireless\VZAccess Manager\SMNDIS5.sys -- (SMNDIS5)
DRV - [2001/08/17 12:53:32 | 000,006,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\serscan.sys -- (StillCam)
DRV - [2001/08/17 11:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
DRV - [2001/08/17 07:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...ilion&pf=laptop
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/14 18:21:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/03 19:19:18 | 000,000,000 | ---D | M]
[2010/02/07 13:24:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\jdojjoe1.default\extensions
[2010/02/07 13:24:18 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/01/05 22:08:36 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org
[2007/11/28 11:12:01 | 000,067,696 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jar50.dll
[2007/11/28 11:12:02 | 000,054,376 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jsd3250.dll
[2007/11/28 11:12:03 | 000,034,952 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\myspell.dll
[2007/11/28 11:12:04 | 000,046,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\spellchk.dll
[2007/11/28 11:12:04 | 000,172,144 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\xpinstal.dll
O1 HOSTS File: ([2010/02/05 13:36:32 | 000,000,736 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (no name) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No CLSID value found.
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\LaunchU3.exe.lnk = C:\WINDOWS\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_294823.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase8942.cab (Windows Live Safety Center Base Module)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Key error. File not found
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - Reg Error: Key error. File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\BGInfo.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\BGInfo.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/12/06 12:59:40 | 000,000,000 | RHSD | M] - E:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (SBBD.exe) - File not found
O34 - HKLM BootExecute: (/d \Device\HarddiskVolume1\Program Files\Sunbelt Software\VIPRE\Definitions) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2006/11/22 12:26:49 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - C:\WINDOWS\system32\irmon.dll (Microsoft Corporation)
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
MsConfig - Services: "KodakCCS"
MsConfig - Services: "iPodService"
MsConfig - Services: "SymWSC"
MsConfig - Services: "SPBBCSvc"
MsConfig - Services: "SNDSrvc"
MsConfig - Services: "SBService"
MsConfig - Services: "SAVScan"
MsConfig - Services: "navapsvc"
MsConfig - Services: "LiveUpdate"
MsConfig - Services: "ccSetMgr"
MsConfig - Services: "ccPwdSvc"
MsConfig - Services: "ccProxy"
MsConfig - Services: "ccEvtMgr"
MsConfig - Services: "Automatic LiveUpdate Scheduler"
MsConfig - Services: "ISSVC"
MsConfig - Services: "gusvc"
MsConfig - Services: "GoogleDesktopManager"
MsConfig - Services: "GoogleDesktopManager-110309-193829"
MsConfig - Services: "EPSON_PM_RPCV4_01"
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe - (Eastman Kodak Company)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk - C:\PROGRA~1\Logitech\SetPoint\SetPoint.exe - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe - File not found
MsConfig - StartUpReg: ccleaner - hkey= - key= - C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)
MsConfig - StartUpReg: DuelTray - hkey= - key= - C:\Program Files\Duel Systems\DuelAdapter\DuelTray.exe ()
MsConfig - StartUpReg: eabconfg.cpl - hkey= - key= - C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe (Hewlett-Packard )
MsConfig - StartUpReg: HotKeysCmds - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: HP Software Update - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: IgfxTray - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: IndexSearch - hkey= - key= - C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe File not found
MsConfig - StartUpReg: ISUSPM Startup - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: ISUSScheduler - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: Kernel and Hardware Abstraction Layer - hkey= - key= - C:\WINDOWS\KHALMNPR.Exe (Logitech Inc.)
MsConfig - StartUpReg: LSBWatcher - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: MSMSGS - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: OpwareSE4 - hkey= - key= - C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.)
MsConfig - StartUpReg: PaperPort PTD - hkey= - key= - C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe File not found
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: SSBkgdUpdate - hkey= - key= - C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
MsConfig - StartUpReg: TkBellExe - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: updateMgr - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: YMailAdvisor - hkey= - key= - C:\Program Files\Yahoo!\Common\YMailAdvisor.exe (Yahoo! Inc.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 2
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: WdfLoadGroup - Reg Error: Value error.
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: WdfLoadGroup - Reg Error: Value error.
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - Reg Error: Value error.
ActiveX: {AA218328-0EA8-4D70-8972-E987A9190FF4} - Reg Error: Value error.
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17173366603513856)
========== Files/Folders - Created Within 30 Days ==========
[2010/02/07 14:39:03 | 000,021,504 | ---- | C] (Doug Knox) -- C:\Documents and Settings\Admin\Desktop\SysRestorePoint.exe
[2010/02/07 14:38:39 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\OTL.exe
[2010/02/07 14:17:47 | 000,028,672 | ---- | C] (National Semiconductor Corporation) -- C:\WINDOWS\System32\dllcache\nscirda.sys
[2010/02/07 14:17:09 | 000,010,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndisip.sys
[2010/02/07 14:17:07 | 000,085,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nabtsfec.sys
[2010/02/07 14:16:04 | 000,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstee.sys
[2010/02/07 14:16:03 | 000,049,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstape.sys
[2010/02/07 14:15:47 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msircomm.sys
[2010/02/07 14:15:30 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdv.sys
[2010/02/07 14:15:17 | 000,015,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mpe.sys
[2010/02/07 14:14:52 | 000,026,112 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\dllcache\memstpci.sys
[2010/02/07 14:14:07 | 000,007,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ltotape.sys
[2010/02/07 14:13:37 | 000,034,688 | ---- | C] (Toshiba Corp.) -- C:\WINDOWS\System32\dllcache\lbrtfdc.sys
[2010/02/07 14:13:29 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kswdmcap.ax
[2010/02/07 14:13:29 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksxbar.ax
[2010/02/07 14:13:28 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kstvtune.ax
[2010/02/07 14:13:20 | 000,253,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kdsusd.dll
[2010/02/07 14:13:19 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kdsui.dll
[2010/02/07 14:12:48 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ipsink.ax
[2010/02/07 14:11:24 | 000,702,845 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\i81xdnt5.dll
[2010/02/07 14:11:17 | 000,018,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\i2omp.sys
[2010/02/07 14:11:16 | 000,008,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\i2omgmt.sys
[2010/02/07 14:09:19 | 000,020,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidbatt.sys
[2010/02/07 14:09:13 | 000,028,288 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grserial.sys
[2010/02/07 14:09:05 | 000,059,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gckernel.sys
[2010/02/07 14:09:04 | 000,010,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gameenum.sys
[2010/02/07 14:06:19 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dshowext.ax
[2010/02/07 14:06:05 | 000,206,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dot4.sys
[2010/02/07 14:05:59 | 000,008,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dlttape.sys
[2010/02/07 14:04:31 | 000,249,856 | ---- | C] (Comtrol® Corporation) -- C:\WINDOWS\System32\dllcache\ctmasetp.dll
[2010/02/07 14:03:51 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\changer.sys
[2010/02/07 14:03:43 | 000,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ccdecode.sys
[2010/02/07 14:03:33 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camext30.dll
[2010/02/07 14:02:42 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bdaplgin.ax
[2010/02/07 14:02:42 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bdasup.sys
[2010/02/07 14:02:28 | 000,013,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avcstrm.sys
[2010/02/07 14:02:27 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avc.sys
[2010/02/07 14:01:33 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\61883.sys
[2010/02/07 14:01:32 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\4mmdat.sys
[2010/02/07 13:48:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/02/07 13:27:10 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/02/07 13:27:10 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/02/07 13:27:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/02/07 02:21:59 | 000,176,392 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\Admin\Desktop\TDSSKiller.exe
[2010/02/07 02:21:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\WinRAR
[2010/02/07 02:18:31 | 000,439,808 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\TFC.exe
[2010/02/07 02:15:18 | 000,718,104 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\Admin\Desktop\avgremover.exe
[2010/02/07 02:14:15 | 003,012,768 | ---- | C] (Javacool Software LLC ) -- C:\Documents and Settings\Admin\Desktop\spywareblastersetup42.exe
[2010/02/07 01:55:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\Macromedia
[2010/02/05 13:56:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Local Settings\Application Data\AVG Security Toolbar
[2010/02/05 13:55:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Local Settings\Application Data\Mozilla
[2010/02/05 13:55:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\Mozilla
[2010/02/05 13:37:03 | 000,000,000 | ---D | C] -- C:\ERDNT
[2010/02/05 13:25:11 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Admin\IECompatCache
[2010/02/05 13:23:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\Adobe
[2010/02/05 13:23:50 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Admin\PrivacIE
[2010/02/05 13:20:46 | 000,000,000 | ---D | C] -- C:\Program Files\Shavlik Technologies
[2010/02/05 13:04:14 | 002,732,032 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\Netw2r32.dll
[2010/02/05 13:04:14 | 000,557,056 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\Netw2c32.dll
[2010/02/05 03:49:11 | 000,064,160 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010/02/05 03:48:34 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
[2010/02/05 03:48:13 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010/02/05 03:48:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2010/02/05 02:32:33 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Admin\Recent
[2010/02/05 02:30:56 | 001,803,064 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Admin\Desktop\CCleaner.exe
[2010/02/05 01:37:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\NewSoft
[2010/02/05 01:35:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2010/02/05 01:20:02 | 000,038,480 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\IJRMF.exe
[2010/02/05 01:12:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\Yahoo!
[2010/02/05 01:12:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Local Settings\Application Data\Yahoo
[2010/02/05 01:06:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\My Documents\My Received Files
[2010/02/05 01:05:13 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Admin\IETldCache
[2010/02/05 01:05:13 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Admin\Cookies
[2010/02/05 01:05:03 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Admin\Application Data\Microsoft
[2010/02/05 01:05:03 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Admin\Application Data
[2010/02/05 01:05:03 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Admin\Favorites
[2010/02/05 01:05:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\Symantec
[2010/02/05 01:05:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft
[2010/02/05 01:05:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Local Settings\Application Data\LightScribe
[2010/02/05 01:05:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\Identities
[2010/02/05 01:05:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Local Settings\Application Data\Google
[2010/02/05 01:05:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Desktop
[2010/02/05 01:05:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Local Settings\Application Data\ApplicationHistory
[2010/02/05 01:05:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Local Settings\Application Data\Apple Computer
[2010/02/05 01:05:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\Apple Computer
[2010/02/05 01:05:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150000}
[2010/02/05 01:05:02 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Admin\SendTo
[2010/02/05 01:05:02 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Admin\Start Menu
[2010/02/05 01:05:02 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Admin\My Documents\My Videos
[2010/02/05 01:05:02 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Admin\My Documents\My Pictures
[2010/02/05 01:05:02 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Admin\My Documents\My Music
[2010/02/05 01:05:02 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Admin\My Documents
[2010/02/05 01:05:02 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Admin\Templates
[2010/02/05 01:05:02 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Admin\PrintHood
[2010/02/05 01:05:02 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Admin\NetHood
[2010/02/05 01:05:02 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Admin\Local Settings
[2010/02/03 22:30:13 | 000,000,000 | ---D | C] -- C:\Program Files\Auslogics
[2010/02/03 21:59:46 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/02/03 21:49:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/02/03 21:34:20 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/02/03 21:34:20 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/02/03 21:34:20 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/02/03 21:34:20 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/02/03 21:33:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/02/03 21:29:57 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/02/03 20:03:24 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/02/03 20:03:21 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/02/03 20:03:21 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/02/03 20:03:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/01/30 21:24:14 | 000,245,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\unicows.dll
[2010/01/26 17:26:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SITEguard
[2010/01/26 17:24:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2010/01/26 17:24:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
[2010/01/26 16:44:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sunbelt
[2010/01/24 13:43:08 | 000,000,000 | ---D | C] -- C:\ProgramData
[2010/01/24 13:43:08 | 000,000,000 | ---D | C] -- C:\Program Files\Angle Interactive
[2010/01/24 11:59:14 | 000,207,792 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2010/01/24 11:59:14 | 000,087,784 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2010/01/24 11:58:47 | 000,070,408 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2010/01/24 11:58:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/01/24 11:58:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2010/01/24 11:57:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/01/24 09:21:13 | 000,000,000 | ---D | C] -- C:\spoolerlogs
[2010/01/22 07:47:02 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2010/01/17 23:09:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2010/01/16 19:25:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Service
[2010/01/16 17:44:33 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/01/15 20:21:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2010/01/15 11:40:35 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/01/14 09:06:01 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2010/01/13 17:58:24 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/01/13 11:03:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/01/09 15:47:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\AntiSpy
[2010/01/09 09:21:19 | 000,000,000 | ---D | C] -- C:\Program Files\Defender Pro
[2009/12/29 19:25:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2009/12/16 17:26:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/12/16 17:21:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
========== Files - Modified Within 30 Days ==========
[2010/02/07 14:38:41 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\OTL.exe
[2010/02/07 14:38:23 | 000,513,320 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\erunt.zip
[2010/02/07 14:37:42 | 000,009,334 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\SysRestorePoint_v13.zip
[2010/02/07 14:26:00 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/02/07 14:24:22 | 000,002,539 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\LaunchU3.exe.lnk
[2010/02/07 14:23:55 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/02/07 14:20:48 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/07 14:20:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/07 14:19:15 | 001,310,720 | -H-- | M] () -- C:\Documents and Settings\Admin\NTUSER.DAT
[2010/02/07 13:48:55 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Admin\ntuser.ini
[2010/02/07 02:23:31 | 000,096,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atapi.sys
[2010/02/07 02:18:34 | 000,439,808 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\TFC.exe
[2010/02/07 02:17:58 | 000,152,401 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\tdsskiller.zip
[2010/02/07 02:15:23 | 000,718,104 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\Admin\Desktop\avgremover.exe
[2010/02/07 02:14:32 | 003,012,768 | ---- | M] (Javacool Software LLC ) -- C:\Documents and Settings\Admin\Desktop\spywareblastersetup42.exe
[2010/02/07 02:12:41 | 002,062,665 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\spywareguardsetup.exe
[2010/02/07 02:09:24 | 030,909,992 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\avira_antivir_personal_en.exe
[2010/02/07 01:37:31 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/06 17:30:37 | 000,000,209 | RHS- | M] () -- C:\boot.ini
[2010/02/05 14:02:47 | 000,000,741 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/02/05 14:02:47 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/02/05 13:36:32 | 000,000,736 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/02/05 13:28:06 | 003,932,214 | ---- | M] () -- C:\WINDOWS\BGInfo.bmp
[2010/02/05 13:11:19 | 000,067,376 | ---- | M] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/02/05 12:26:35 | 005,025,044 | -H-- | M] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\IconCache.db
[2010/02/05 12:25:21 | 000,000,108 | -H-- | M] () -- C:\aaw7boot.cmd
[2010/02/05 03:51:33 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/02/05 03:48:33 | 000,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/02/05 01:38:39 | 000,000,256 | ---- | M] () -- C:\WINDOWS\setup.iss
[2010/02/05 01:05:20 | 000,000,782 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\Windows Media Player.lnk
[2010/02/03 20:03:27 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/03 19:04:40 | 000,000,104 | ---- | M] () -- C:\WINDOWS\System32\SBRC.dat
[2010/01/30 08:05:41 | 000,000,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2010/01/27 11:39:00 | 000,000,446 | ---- | M] () -- C:\WINDOWS\tasks\EasyShare Registration Task.job
[2010/01/27 09:47:06 | 000,016,700 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\h8srtmainqt.dll
[2010/01/26 19:25:09 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/01/26 17:24:59 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\6334.exe
[2010/01/26 17:04:58 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\18467.exe
[2010/01/26 16:44:26 | 000,001,020 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\h8srtkrl32mainweq.dll
[2010/01/26 16:36:54 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\11478.exe
[2010/01/26 16:16:53 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\15724.exe
[2010/01/26 15:56:53 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\19169.exe
[2010/01/26 15:36:52 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\26500.exe
[2010/01/26 14:12:06 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\16827.exe
[2010/01/26 13:52:06 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\23281.exe
[2010/01/26 13:32:05 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\28145.exe
[2010/01/26 13:12:02 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\5705.exe
[2010/01/26 12:52:02 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\24464.exe
[2010/01/26 12:31:58 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\26962.exe
[2010/01/26 12:11:52 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\29358.exe
[2010/01/24 14:08:19 | 000,030,720 | ---- | M] () -- C:\WINDOWS\System32\9961.exe
[2010/01/22 18:29:16 | 000,528,020 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/01/22 18:29:16 | 000,445,938 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/01/22 18:29:16 | 000,072,978 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/01/22 17:43:13 | 000,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.bak
[2010/01/20 21:12:43 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/01/14 13:55:55 | 000,003,766 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2010/01/14 13:55:53 | 000,000,056 | RHS- | M] () -- C:\WINDOWS\System32\F1D8621EC7.sys
[2010/01/14 10:56:12 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2010/01/13 18:37:36 | 000,253,472 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/01/13 12:16:00 | 000,000,780 | ---- | M] () -- C:\WINDOWS\orun32.ini
[2010/01/13 08:44:14 | 000,176,392 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\Admin\Desktop\TDSSKiller.exe
[2010/01/12 06:50:59 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\5436.exe
[2010/01/12 06:30:27 | 000,000,166 | ---- | M] () -- C:\WINDOWS\System32\4827.exe
[2010/01/12 06:10:27 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\11942.exe
[2010/01/12 05:50:23 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\2995.exe
[2010/01/12 05:30:22 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\491.exe
[2010/01/11 13:38:52 | 000,000,056 | RHS- | M] () -- C:\WINDOWS\System32\0DE8C8C0E8.sys
[2010/01/09 15:47:11 | 000,000,137 | ---- | M] () -- C:\WINDOWS\tsiwinfile.dat
[2010/01/08 16:58:02 | 000,000,008 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\sysReserve.ini
========== Files Created - No Company Name ==========
[2010/02/07 14:40:33 | 000,163,328 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\ERDNT.E_E
[2010/02/07 14:40:33 | 000,157,696 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\ERUNT.EXE
[2010/02/07 14:40:33 | 000,140,288 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\NTREGOPT.EXE
[2010/02/07 14:40:33 | 000,038,912 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\AUTOBACK.EXE
[2010/02/07 14:40:33 | 000,005,417 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\LOC_GER.ZIP
[2010/02/07 14:40:33 | 000,004,090 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\ERUNT.LOC
[2010/02/07 14:40:33 | 000,003,275 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\ERDNTWIN.LOC
[2010/02/07 14:40:33 | 000,002,815 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\ERDNTDOS.LOC
[2010/02/07 14:40:33 | 000,001,960 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\NTREGOPT.LOC
[2010/02/07 14:38:23 | 000,513,320 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\erunt.zip
[2010/02/07 14:37:45 | 000,009,334 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\SysRestorePoint_v13.zip
[2010/02/07 14:15:31 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdvbnp.ax
[2010/02/07 02:18:01 | 000,152,401 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\tdsskiller.zip
[2010/02/07 02:12:30 | 002,062,665 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\spywareguardsetup.exe
[2010/02/07 02:06:14 | 030,909,992 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\avira_antivir_personal_en.exe
[2010/02/05 13:54:56 | 000,001,614 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\Mozilla Firefox.lnk
[2010/02/05 13:26:12 | 003,932,214 | ---- | C] () -- C:\WINDOWS\BGInfo.bmp
[2010/02/05 12:25:21 | 000,000,108 | -H-- | C] () -- C:\aaw7boot.cmd
[2010/02/05 03:51:33 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/02/05 03:48:33 | 000,000,867 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/02/05 01:05:20 | 000,000,782 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\Windows Media Player.lnk
[2010/02/05 01:05:04 | 000,002,510 | ---- | C] () -- C:\Documents and Settings\Admin\secedit.INTEG.RAW
[2010/02/05 01:05:02 | 001,310,720 | -H-- | C] () -- C:\Documents and Settings\Admin\NTUSER.DAT
[2010/02/05 01:05:02 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Admin\ntuser.ini
[2010/02/03 21:34:20 | 000,260,608 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/02/03 21:34:20 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/02/03 21:34:20 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/02/03 21:34:20 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/02/03 21:34:20 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/02/03 20:03:27 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/03 19:10:52 | 000,002,539 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\LaunchU3.exe.lnk
[2010/01/30 21:28:38 | 000,000,104 | ---- | C] () -- C:\WINDOWS\System32\SBRC.dat
[2010/01/30 08:04:10 | 000,000,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2010/01/26 14:12:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\16827.exe
[2010/01/26 13:12:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\5705.exe
[2010/01/26 12:31:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\26962.exe
[2010/01/26 12:11:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\29358.exe
[2010/01/26 11:51:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\11478.exe
[2010/01/26 10:51:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\26500.exe
[2010/01/26 10:31:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\6334.exe
[2010/01/26 08:19:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\18467.exe
[2010/01/25 14:24:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\23281.exe
[2010/01/25 14:04:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\28145.exe
[2010/01/25 13:23:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\24464.exe
[2010/01/25 11:42:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\19169.exe
[2010/01/24 11:59:14 | 000,007,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCTAppEvent.cat
[2010/01/24 11:59:14 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat
[2010/01/24 11:58:47 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctplsg.cat
[2010/01/24 11:03:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\15724.exe
[2010/01/22 07:37:00 | 000,016,700 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\h8srtmainqt.dll
[2010/01/20 19:42:32 | 000,001,020 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\h8srtkrl32mainweq.dll
[2010/01/12 06:50:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\5436.exe
[2010/01/12 06:30:27 | 000,000,166 | ---- | C] () -- C:\WINDOWS\System32\4827.exe
[2010/01/12 06:10:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\11942.exe
[2010/01/11 23:35:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\2995.exe
[2010/01/11 23:15:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\491.exe
[2010/01/11 22:55:32 | 000,030,720 | ---- | C] () -- C:\WINDOWS\System32\9961.exe
[2010/01/11 13:38:42 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\0DE8C8C0E8.sys
[2010/01/09 15:47:11 | 000,000,137 | ---- | C] () -- C:\WINDOWS\tsiwinfile.dat
[2010/01/08 16:58:02 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\sysReserve.ini
[2009/03/17 06:58:57 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\IPPCPUID.DLL
[2009/03/17 06:57:40 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll
[2008/11/23 15:43:48 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2008/11/23 15:43:48 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2008/11/23 15:41:58 | 000,000,225 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2008/11/23 15:41:58 | 000,000,093 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2008/11/23 15:40:13 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2007/04/20 07:53:27 | 000,000,023 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2007/04/06 07:24:31 | 000,000,056 | ---- | C] () -- C:\WINDOWS\hpdj130.ini
[2007/01/10 08:11:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\JDSecure20.INI
[2006/11/15 07:53:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\plclient.INI
[2006/10/19 10:32:05 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/09/01 18:21:21 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/06/17 08:09:24 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\F1D8621EC7.sys
[2006/06/16 22:38:07 | 000,003,766 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/05/30 06:35:57 | 000,000,739 | ---- | C] () -- C:\WINDOWS\FastBid2.ini
[2006/04/07 17:41:53 | 000,000,028 | ---- | C] () -- C:\WINDOWS\EzyTuner.INI
[2006/04/07 10:29:26 | 000,007,043 | ---- | C] () -- C:\WINDOWS\ePrompter.ini
[2006/03/03 20:48:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2006/03/03 20:45:34 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS71.DLL
[2006/02/19 14:58:56 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2006/02/09 22:30:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\muveeapp.INI
[2006/02/01 10:51:43 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/04/10 01:58:17 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/04/10 01:58:17 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/04/10 01:58:16 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/04/10 01:58:16 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/04/10 01:58:16 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/04/10 01:58:16 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/04/10 01:42:35 | 000,015,669 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/02/12 00:33:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/07 05:16:44 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/07 05:10:08 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/01/13 10:46:34 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/03/19 06:18:54 | 000,120,832 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2010/02/05 12:25:21 | 000,000,108 | -H-- | M] () -- C:\aaw7boot.cmd
[2007/12/26 11:37:47 | 000,029,958 | ---- | M] () -- C:\ASLog.txt
[2010/02/06 17:30:37 | 000,000,209 | RHS- | M] () -- C:\boot.ini
[2008/11/23 15:43:36 | 000,000,025 | ---- | M] () -- C:\Brxpinst.log
[2010/02/03 21:49:00 | 000,027,281 | ---- | M] () -- C:\ComboFix.txt
[2010/01/31 14:39:26 | 000,000,081 | ---- | M] () -- C:\DVDPATH.TXT
[2007/05/08 11:51:23 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2006/05/07 08:32:58 | 000,003,857 | ---- | M] () -- C:\LGSInst.Log
[2007/05/08 11:51:23 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 00:00:00 | 000,047,564 | RHS- | M] () -- C:\ntdetect.com
[2010/01/02 18:03:12 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/02/07 14:20:39 | 792,723,456 | -HS- | M] () -- C:\pagefile.sys
[2010/01/22 17:46:29 | 000,000,335 | ---- | M] () -- C:\rapport.txt
[2004/12/01 00:04:48 | 000,010,522 | ---- | M] () -- C:\README.TXT
[2010/02/07 02:22:30 | 000,041,876 | ---- | M] () -- C:\TDSSKiller.2.2.2_07.02.2010_02.22.26_log.txt
< MD5 for: AGP440.SYS >
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:AGP440.sys
[2004/08/04 00:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2010/01/02 17:51:38 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2010/01/02 17:51:38 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 10:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 10:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 10:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\agp440.sys
[2008/04/13 10:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\dllcache\agp440.sys
[2008/04/13 10:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
< MD5 for: ATAPI.SYS >
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:atapi.sys
[2004/08/04 00:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2010/01/02 17:51:38 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2010/01/02 17:51:38 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2010/01/31 10:26:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 10:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 10:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\atapi.sys
[2010/02/07 02:23:31 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2010/02/07 02:23:31 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/03 16:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0009\DriverFiles\i386\atapi.sys
< MD5 for: EVENTLOG.DLL >
[2008/04/13 16:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 16:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 16:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\eventlog.dll
[2008/04/13 16:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008/04/13 16:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 00:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
< MD5 for: NETLOGON.DLL >
[2008/04/13 16:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 16:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 16:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\netlogon.dll
[2008/04/13 16:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008/04/13 16:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2009/02/06 10:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 10:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2004/08/04 00:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
< MD5 for: SCECLI.DLL >
[2004/08/04 00:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 16:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 16:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 16:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\scecli.dll
[2008/04/13 16:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2004/08/06 21:45:26 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/08/06 21:45:26 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/08/06 21:45:26 | 000,892,928 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
========== Alternate Data Streams ==========
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >
#10
- Full Member
-
- Group: Member+
- Posts: 25
- Joined: 05-December 09
Posted 07 February 2010 - 10:59 PM
OTL Extras logfile created on: 2/7/2010 2:43:19 PM - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\Admin\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
502.00 Mb Total Physical Memory | 244.00 Mb Available Physical Memory | 49.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.32 Gb Total Space | 55.15 Gb Free Space | 74.21% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 3.84 Gb Total Space | 0.01 Gb Free Space | 0.23% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: PC244461808863
Current User Name: Admin
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- C:\PROGRA~1\MOZILL~2\FIREFOX.EXE -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- C:\PROGRA~1\MOZILL~2\FIREFOX.EXE -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with PhotoLine 32...] -- Reg Error: Key error.
Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{026873C3-DBAD-488F-A8D4-1379EE0CA8AB}" = HP Software Update
"{06ECCCF4-9295-468E-851C-9529A7C181E8}" = HP User Guides 0001
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic Data Module
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{154508C0-07C5-4659-A7A0-E49968750D21}" = HLPPDOCK
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{2A9E0236-A906-4813-B86E-E16D4D4DE782}" = DuelAdapter
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{318AB667-3230-41B5-A617-CB3BF748D371}" = iTunes
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}" = HP Wireless Assistant
"{432C3720-37BF-4BD7-8E49-F38E090246D0}" = CR2
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{534AA552-E1F1-4965-B2AA-FBDEB0730D60}" = muvee autoProducer 4.0 - SE
"{54C8FE84-89C4-40E8-976C-439EB0729BD6}" = CardRd81
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{608D2A3C-6889-4C11-9B54-A42F45ACBFDB}" = fflink
"{618F637A-5D4D-48F4-9679-D02F45BD4315}" = LS_HSI
"{62AAFC0A-00B8-4663-98D8-96AE9F3BA058}" = TTS
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver for Mobile
"{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}" = CDDRV_Installer
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{95720E85-F3FB-4F95-9399-7E3E3E26D7AB}" = hp designjet printer software
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A32A6393-37DA-4E44-BB9F-C4F384F89EB9}" = HP System maintenance for HP Designjet 30 130 series
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic Audio Module
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic Copy Module
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{BB3AB664-D92B-4CB5-8B3E-D841841F4E68}" = Canon Camera WIA Driver
"{C084BC61-E537-11DE-8616-005056806466}" = Google Earth
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1E693A4-B1D5-4DCD-B68D-2087835B7184}" = ScanSoft OmniPage SE 4.0
"{C89C8D86-4423-4A58-AA40-DD259ACE07C1}" = KhalSetup
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEB326EC-8F40-47B2-BA22-BB092565D66F}" = Quick Launch Buttons 5.10 B2
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC}" = iPod for Windows 2005-09-23
"{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}" = U3Launcher
"{D958FAC4-BAE0-4B1D-A42E-DE9BFDE7DDEE}" = Canon PhotoRecord
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = AusLogics Disk Defrag
"{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}" = tooltips
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F958CA02-BB40-4007-894B-258729456EE4}" = QuickTime
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AdobeESD" = Adobe Download Manager 2.0 (Remove Only)
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_8086&DEV_266D&SUBSYS_3080103C" = Soft Data Fax Modem with SmartCP
"Conexant PCI Audio" = Conexant AC-Link Audio
"CSCLIB" = Canon Camera Support Core Library
"DPP" = Canon Utilities Digital Photo Professional 3.4
"EOS Utility" = Canon Utilities EOS Utility
"ie8" = Windows Internet Explorer 8
"InstallShield_{BB3AB664-D92B-4CB5-8B3E-D841841F4E68}" = Canon EOS 5D WIA Driver
"Lavasoft VX2 Cleaner" = Lavasoft VX2 Cleaner
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (2.0.0.11)" = Mozilla Firefox (2.0.0.11)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"MyCamera" = Canon Utilities MyCamera
"Original Data Security Tools" = Canon Utilities Original Data Security Tools
"PhotoStitch" = Canon Utilities PhotoStitch
"Picture Style Editor" = Canon Utilities Picture Style Editor
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WFTK" = Canon Utilities WFT-E1/E2/E3 Utility
"WIC" = Windows Imaging Component
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Mail" = Yahoo! Internet Mail
"Yahoo! Mail Advisor" = Yahoo! Mail Advisor
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\Admin\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
502.00 Mb Total Physical Memory | 244.00 Mb Available Physical Memory | 49.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.32 Gb Total Space | 55.15 Gb Free Space | 74.21% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 3.84 Gb Total Space | 0.01 Gb Free Space | 0.23% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: PC244461808863
Current User Name: Admin
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- C:\PROGRA~1\MOZILL~2\FIREFOX.EXE -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- C:\PROGRA~1\MOZILL~2\FIREFOX.EXE -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with PhotoLine 32...] -- Reg Error: Key error.
Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{026873C3-DBAD-488F-A8D4-1379EE0CA8AB}" = HP Software Update
"{06ECCCF4-9295-468E-851C-9529A7C181E8}" = HP User Guides 0001
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic Data Module
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{154508C0-07C5-4659-A7A0-E49968750D21}" = HLPPDOCK
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{2A9E0236-A906-4813-B86E-E16D4D4DE782}" = DuelAdapter
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{318AB667-3230-41B5-A617-CB3BF748D371}" = iTunes
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}" = HP Wireless Assistant
"{432C3720-37BF-4BD7-8E49-F38E090246D0}" = CR2
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{534AA552-E1F1-4965-B2AA-FBDEB0730D60}" = muvee autoProducer 4.0 - SE
"{54C8FE84-89C4-40E8-976C-439EB0729BD6}" = CardRd81
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{608D2A3C-6889-4C11-9B54-A42F45ACBFDB}" = fflink
"{618F637A-5D4D-48F4-9679-D02F45BD4315}" = LS_HSI
"{62AAFC0A-00B8-4663-98D8-96AE9F3BA058}" = TTS
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver for Mobile
"{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}" = CDDRV_Installer
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{95720E85-F3FB-4F95-9399-7E3E3E26D7AB}" = hp designjet printer software
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A32A6393-37DA-4E44-BB9F-C4F384F89EB9}" = HP System maintenance for HP Designjet 30 130 series
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic Audio Module
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic Copy Module
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{BB3AB664-D92B-4CB5-8B3E-D841841F4E68}" = Canon Camera WIA Driver
"{C084BC61-E537-11DE-8616-005056806466}" = Google Earth
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1E693A4-B1D5-4DCD-B68D-2087835B7184}" = ScanSoft OmniPage SE 4.0
"{C89C8D86-4423-4A58-AA40-DD259ACE07C1}" = KhalSetup
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEB326EC-8F40-47B2-BA22-BB092565D66F}" = Quick Launch Buttons 5.10 B2
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC}" = iPod for Windows 2005-09-23
"{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}" = U3Launcher
"{D958FAC4-BAE0-4B1D-A42E-DE9BFDE7DDEE}" = Canon PhotoRecord
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = AusLogics Disk Defrag
"{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}" = tooltips
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F958CA02-BB40-4007-894B-258729456EE4}" = QuickTime
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AdobeESD" = Adobe Download Manager 2.0 (Remove Only)
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_8086&DEV_266D&SUBSYS_3080103C" = Soft Data Fax Modem with SmartCP
"Conexant PCI Audio" = Conexant AC-Link Audio
"CSCLIB" = Canon Camera Support Core Library
"DPP" = Canon Utilities Digital Photo Professional 3.4
"EOS Utility" = Canon Utilities EOS Utility
"ie8" = Windows Internet Explorer 8
"InstallShield_{BB3AB664-D92B-4CB5-8B3E-D841841F4E68}" = Canon EOS 5D WIA Driver
"Lavasoft VX2 Cleaner" = Lavasoft VX2 Cleaner
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (2.0.0.11)" = Mozilla Firefox (2.0.0.11)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"MyCamera" = Canon Utilities MyCamera
"Original Data Security Tools" = Canon Utilities Original Data Security Tools
"PhotoStitch" = Canon Utilities PhotoStitch
"Picture Style Editor" = Canon Utilities Picture Style Editor
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WFTK" = Canon Utilities WFT-E1/E2/E3 Utility
"WIC" = Windows Imaging Component
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Mail" = Yahoo! Internet Mail
"Yahoo! Mail Advisor" = Yahoo! Mail Advisor
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
#11
- Full Member
-
- Group: Member+
- Posts: 25
- Joined: 05-December 09
Posted 07 February 2010 - 11:21 PM
I would just like to mention a couple things that I noticed in the logs. First, Venturi wireless is running in the background. I was unable to remove this product from the computer so maybe that is what is affecting the wireless on the computer. I also noticed drivers on the computer from products I uninstalled.
I would also like to clarify what I meant about the partition since after reading my post. I wanted to create a second partition for recovery but I was unsure if that could be done. It no longer applies since I found the recovery cds for this computer through HP and purchased them (cheap). They will be here in a week. I figure even if they go unused now, that having them on hand would be better than not since my friend seems capable of ruining any computer she touches.
I would also like to clarify what I meant about the partition since after reading my post. I wanted to create a second partition for recovery but I was unsure if that could be done. It no longer applies since I found the recovery cds for this computer through HP and purchased them (cheap). They will be here in a week. I figure even if they go unused now, that having them on hand would be better than not since my friend seems capable of ruining any computer she touches.
#12
- Forum Junkie
-
- Group: Malware Remover
- Posts: 62
- Joined: 12-November 09
- Gender:Female
Posted 08 February 2010 - 02:37 AM
Hi,
ok, that doesn't look too bad.
Just to be safe please run a scan with gmer as well:
Please download GMER from one of the following locations and save it to your desktop:
Run the following tool to repair your safe mode:
And afterwards run a file check:
Go to the Run box on the Start Menu and type in:
sfc /scannow
Make sure to include the space between the first "c" and the "/".
This will run the System File checker and it will scan for corrupt or missing files. It may prompt you to insert the CD if it needs to obtain files. If it does, then just press abort and let me know. You can do those steps as well when your replacement CDs get to you.
SFC stands for system file integrity. It is a scan that will check the core system files for their integrity and replace if they are found to be corrupted.
Please post back when it has finished letting me know what it has reported.
More info on this process can be found here.
After that let me know if you can boot into safe mode (please try safe mode by rebooting and pressing F8 after the bios screen was shown). Please provide the log from gmer as well as the log from ComboFix: C:\combofix.txt
regards myrti
ok, that doesn't look too bad.
Just to be safe please run a scan with gmer as well:
Please download GMER from one of the following locations and save it to your desktop:
- Main Mirror
This version will download a randomly named file (Recommended) - Zipped Mirror
This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
- Disconnect from the Internet and close all running programs.
- Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
- Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
- Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.
http://img.photobucket.com/albums/v666/sUBs/gmer_zip.gif
- GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
- If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
- Now click the Scan button. If you see a rootkit warning window, click OK.
- When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
- Click the Copy button and paste the results into your next reply.
- Exit GMER and re-enable all active protection when done.
Run the following tool to repair your safe mode:
- Please download Safe Boot Key Repair and save it to your desktop.
- Open http://billy-oneal.com/Canned%20Speeches/speechimages/SafebootKeyRepair/desktopicon.png on your desktop.
- Copy and paste the resultant log here in your next reply.
And afterwards run a file check:
Go to the Run box on the Start Menu and type in:
sfc /scannow
Make sure to include the space between the first "c" and the "/".
This will run the System File checker and it will scan for corrupt or missing files. It may prompt you to insert the CD if it needs to obtain files. If it does, then just press abort and let me know. You can do those steps as well when your replacement CDs get to you.
SFC stands for system file integrity. It is a scan that will check the core system files for their integrity and replace if they are found to be corrupted.
Please post back when it has finished letting me know what it has reported.
More info on this process can be found here.
After that let me know if you can boot into safe mode (please try safe mode by rebooting and pressing F8 after the bios screen was shown). Please provide the log from gmer as well as the log from ComboFix: C:\combofix.txt
regards myrti
#13
- Full Member
-
- Group: Member+
- Posts: 25
- Joined: 05-December 09
Posted 09 February 2010 - 09:58 AM
ComboFix 09-12-05.01 - Kelly 02/03/2010 21:37.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.130 [GMT -8:00]
Running from: e:\computer software\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
- REDUCED FUNCTIONALITY MODE -
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\Kelly\LOCALS~1\Temp\install_flash_player.exe
c:\recycler\S-1-5-21-1708537768-308236825-839522115-1003
c:\recycler\S-1-5-21-1708537768-308236825-839522115-1003\desktop.ini
c:\recycler\S-1-5-21-1708537768-308236825-839522115-1003\INFO2
c:\recycler\S-1-5-21-3288127050-197847358-126776011-1003
c:\recycler\S-1-5-21-3288127050-197847358-126776011-1003\desktop.ini
c:\recycler\S-1-5-21-3288127050-197847358-126776011-1003\INFO2
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\mydll.dll
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
.
((((((((((((((((((((((((( Files Created from 2010-01-04 to 2010-02-04 )))))))))))))))))))))))))))))))
.
2010-02-04 04:03 . 2010-02-04 04:03 -------- d-----w- c:\documents and settings\Kelly\Application Data\Malwarebytes
2010-02-04 04:03 . 2009-12-04 00:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-04 04:03 . 2010-02-04 04:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-04 04:03 . 2010-02-04 04:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-02-04 04:03 . 2009-12-04 00:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-04 03:46 . 2010-02-04 03:46 -------- d-----w- c:\documents and settings\Kelly\Application Data\Skinux
2010-02-04 03:24 . 2010-02-04 03:24 -------- d-----w- c:\documents and settings\Kelly\Application Data\MSNInstaller
2010-02-04 03:12 . 2010-02-04 03:12 -------- d-----w- c:\documents and settings\Kelly\Application Data\Leadertech
2010-01-31 05:28 . 2010-02-04 03:04 104 ----a-w- c:\windows\system32\SBRC.dat
2010-01-31 05:24 . 2008-09-24 01:46 245408 ----a-w- c:\windows\system32\unicows.dll
2010-01-29 17:52 . 2010-01-29 17:52 -------- d-----w- c:\documents and settings\Jeff Pease\Application Data\Sunbelt
2010-01-28 18:15 . 2010-01-28 18:15 -------- d-----w- c:\documents and settings\Kelly\Application Data\InterVideo
2010-01-27 01:26 . 2010-01-27 01:26 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard
2010-01-27 01:24 . 2010-01-30 18:35 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2010-01-27 01:24 . 2010-01-27 01:24 -------- d-----w- c:\program files\Common Files\iS3
2010-01-27 00:44 . 2010-01-27 00:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Sunbelt
2010-01-26 22:12 . 2010-01-26 22:12 0 ----a-w- c:\windows\system32\16827.exe
2010-01-26 21:12 . 2010-01-26 21:12 0 ----a-w- c:\windows\system32\5705.exe
2010-01-26 20:31 . 2010-01-26 20:31 0 ----a-w- c:\windows\system32\26962.exe
2010-01-26 20:11 . 2010-01-26 20:11 0 ----a-w- c:\windows\system32\29358.exe
2010-01-26 19:51 . 2010-01-27 00:36 0 ----a-w- c:\windows\system32\11478.exe
2010-01-26 18:51 . 2010-01-26 23:36 0 ----a-w- c:\windows\system32\26500.exe
2010-01-26 18:31 . 2010-01-27 01:24 0 ----a-w- c:\windows\system32\6334.exe
2010-01-26 16:19 . 2010-01-27 01:04 0 ----a-w- c:\windows\system32\18467.exe
2010-01-25 22:24 . 2010-01-26 21:52 0 ----a-w- c:\windows\system32\23281.exe
2010-01-25 22:04 . 2010-01-26 21:32 0 ----a-w- c:\windows\system32\28145.exe
2010-01-25 21:23 . 2010-01-26 20:52 0 ----a-w- c:\windows\system32\24464.exe
2010-01-25 19:42 . 2010-01-26 23:56 0 ----a-w- c:\windows\system32\19169.exe
2010-01-25 17:29 . 2010-01-25 17:29 -------- d-sh--w- c:\documents and settings\Kelly\IECompatCache
2010-01-24 21:43 . 2010-01-24 21:43 -------- d-----w- C:\ProgramData
2010-01-24 21:43 . 2010-01-24 21:43 -------- d-----w- c:\program files\Angle Interactive
2010-01-24 19:59 . 2009-11-09 19:20 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-01-24 19:59 . 2009-10-07 00:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-01-24 19:58 . 2009-09-03 17:45 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-01-24 19:58 . 2010-01-24 19:58 -------- d-----w- c:\program files\Common Files\PC Tools
2010-01-24 19:58 . 2010-01-24 19:58 -------- d-----w- c:\documents and settings\Kelly\Application Data\PC Tools
2010-01-24 19:58 . 2010-01-24 19:58 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-01-24 19:57 . 2010-01-27 01:43 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-01-24 19:03 . 2010-01-27 00:16 0 ----a-w- c:\windows\system32\15724.exe
2010-01-24 17:21 . 2010-01-24 17:21 -------- d-----w- C:\spoolerlogs
2010-01-22 16:54 . 2010-01-22 16:54 -------- d-----w- c:\documents and settings\Administrator\Application Data\Leadertech
2010-01-22 15:47 . 2010-01-23 16:20 -------- d-----w- c:\program files\Windows Live Safety Center
2010-01-22 15:37 . 2010-01-27 17:47 16700 ----a-w- c:\documents and settings\All Users\Application Data\h8srtmainqt.dll
2010-01-21 03:42 . 2010-01-27 00:44 1020 ----a-w- c:\documents and settings\All Users\Application Data\h8srtkrl32mainweq.dll
2010-01-20 06:29 . 2010-01-20 06:29 -------- d-----w- c:\documents and settings\Kelly\Local Settings\Application Data\Apple
2010-01-18 07:09 . 2010-01-18 07:09 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2010-01-17 03:25 . 2010-01-17 03:25 -------- d-----w- c:\windows\system32\Service
2010-01-17 01:44 . 2010-01-17 01:44 -------- d-----w- c:\program files\Alwil Software
2010-01-16 16:49 . 2009-11-25 21:02 1230080 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2010-01-16 04:21 . 2010-01-16 19:00 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2010-01-15 19:40 . 2010-01-26 22:15 30104 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
2010-01-15 19:40 . 2010-01-15 19:40 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2010-01-15 19:40 . 2010-01-15 19:40 -------- d-----w- c:\program files\AVG
2010-01-15 19:40 . 2010-01-26 22:15 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-01-15 02:28 . 2010-01-15 02:28 -------- d-----w- c:\documents and settings\Kelly\Local Settings\Application Data\Adobe
2010-01-15 02:21 . 2010-01-15 02:21 -------- d-----w- c:\documents and settings\Kelly\Local Settings\Application Data\Mozilla
2010-01-15 01:05 . 2010-01-15 01:05 67376 ----a-w- c:\documents and settings\Kelly\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-14 02:51 . 2010-01-14 02:51 -------- d-----w- c:\documents and settings\Kelly\Application Data\AVG8
2010-01-14 02:21 . 2010-01-14 02:21 -------- d-----w- c:\documents and settings\Kelly\Local Settings\Application Data\ArcSoft
2010-01-14 02:21 . 2010-01-14 02:21 -------- d-----w- c:\documents and settings\Kelly\Application Data\Logitech
2010-01-14 02:21 . 2010-01-14 02:21 -------- d-----w- c:\documents and settings\Kelly\Application Data\ArcSoft
2010-01-14 02:21 . 2010-01-14 02:21 -------- d-----w- c:\documents and settings\Kelly\Local Settings\Application Data\Scansoft
2010-01-14 01:58 . 2010-01-14 01:58 -------- d-----w- c:\program files\CCleaner
2010-01-14 00:25 . 2010-01-14 00:25 -------- d-----w- c:\documents and settings\Jeff Pease\Application Data\AVG8
2010-01-12 14:50 . 2010-01-12 14:50 0 ----a-w- c:\windows\system32\5436.exe
2010-01-12 14:30 . 2010-01-12 14:30 166 ----a-w- c:\windows\system32\4827.exe
2010-01-12 14:10 . 2010-01-12 14:10 0 ----a-w- c:\windows\system32\11942.exe
2010-01-12 07:35 . 2010-01-12 13:50 0 ----a-w- c:\windows\system32\2995.exe
2010-01-12 07:15 . 2010-01-12 13:30 0 ----a-w- c:\windows\system32\491.exe
2010-01-12 06:55 . 2010-01-24 22:08 30720 ----a-w- c:\windows\system32\9961.exe
2010-01-11 21:41 . 2010-01-22 16:31 67376 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-11 21:38 . 2010-01-11 21:38 56 --sh--r- c:\windows\system32\0DE8C8C0E8.sys
2010-01-11 21:36 . 2005-04-10 10:29 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\LightScribe
2010-01-11 21:36 . 2005-04-10 10:15 -------- d-----w- c:\documents and settings\Administrator\Application Data\Symantec
2010-01-11 21:36 . 2005-04-10 10:06 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Apple Computer
2010-01-11 21:36 . 2005-04-10 10:06 -------- d-----w- c:\documents and settings\Administrator\Application Data\Apple Computer
2010-01-11 21:36 . 2005-04-10 09:34 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150000}
2010-01-11 21:36 . 2010-01-22 16:43 -------- d-----w- c:\documents and settings\Administrator
2010-01-09 23:47 . 2010-01-09 23:47 137 ----a-w- c:\windows\tsiwinfile.dat
2010-01-09 23:47 . 2010-01-09 23:47 -------- d-----w- c:\windows\AntiSpy
2010-01-09 17:21 . 2010-01-09 23:33 -------- d-----w- c:\program files\Defender Pro
2010-01-09 01:04 . 2010-01-09 01:04 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-04 05:23 . 2009-12-30 19:47 720 ----a-w- c:\documents and settings\All Users\Application Data\ArcSoft\kodak-printcreations-22-080812-oem\acforall.dll
2010-02-04 03:49 . 2006-06-17 06:36 -------- d-----w- c:\program files\Corel
2010-02-04 03:30 . 2006-11-22 21:31 -------- d-----w- c:\program files\TextAloud
2010-02-04 03:30 . 2005-04-10 09:20 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-04 03:18 . 2006-11-15 15:45 -------- d-----w- c:\documents and settings\All Users\Application Data\ScanSoft
2010-01-31 18:26 . 2004-08-04 00:59 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-01-30 16:05 . 2010-01-30 16:04 512 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2010-01-14 21:55 . 2006-06-17 06:38 3766 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-01-14 21:55 . 2006-06-17 16:09 56 --sh--r- c:\windows\system32\F1D8621EC7.sys
2010-01-14 02:37 . 2005-04-10 10:04 -------- d-----w- c:\program files\Google
2010-01-14 02:20 . 2010-01-14 02:20 -------- d-----w- c:\documents and settings\Kelly\Application Data\Yahoo!
2010-01-14 02:15 . 2006-06-18 03:26 -------- d-----w- c:\program files\Acoustica DJ Twist And Burn
2010-01-14 02:10 . 2006-02-09 05:32 -------- d-----w- c:\program files\Common Files\Intuit
2010-01-14 02:07 . 2006-03-18 14:47 -------- d-----w- c:\program files\IncrediMail
2010-01-13 19:43 . 2009-12-30 17:57 -------- d-----w- c:\documents and settings\Jeff Pease\Application Data\Yahoo!
2010-01-11 21:38 . 2010-01-11 21:38 -------- d-----w- c:\documents and settings\Administrator\Application Data\Corel
2010-01-04 04:15 . 2009-12-30 19:47 -------- d-----w- c:\documents and settings\Jeff Pease\Application Data\ArcSoft
2010-01-03 02:19 . 2004-08-07 13:10 83187 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-12-30 20:19 . 2009-12-30 20:19 -------- d-----w- c:\documents and settings\Jeff Pease\Application Data\KodakCredentialStore
2009-12-30 19:50 . 2006-03-29 12:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Kodak
2009-12-30 19:47 . 2009-12-30 19:47 -------- d-----w- c:\documents and settings\All Users\Application Data\ArcSoft
2009-12-30 19:47 . 2009-12-30 19:45 -------- d-----w- c:\program files\Common Files\ArcSoft
2009-12-30 19:45 . 2009-12-30 19:45 -------- d-----w- c:\program files\ArcSoft
2009-12-30 19:44 . 2006-03-29 12:50 -------- d-----w- c:\program files\Kodak
2009-12-30 19:42 . 2009-12-30 19:42 77824 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\ESS\bindbins\BindBins.exe
2009-12-30 19:42 . 2009-12-30 19:42 62976 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\creative\content\setup.exe
2009-12-30 19:41 . 2009-12-30 19:41 175104 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\creative\app\setup.exe
2009-12-30 19:41 . 2009-12-30 19:41 45056 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\SysFiles\kb945060\kb945060.exe
2009-12-30 19:40 . 2009-12-30 19:40 1187840 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_140001_5a58e\EasyShrx.Dll
2009-12-30 19:07 . 2006-03-29 12:53 -------- d-----w- c:\program files\Common Files\Kodak
2009-12-30 18:44 . 2009-12-30 18:44 1187840 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_140001_378949\EasyShrx.Dll
2009-12-30 18:44 . 2009-12-30 18:44 114688 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\$Registration\KodakCameraAPI_7.9.20.1.dll
2009-12-30 17:57 . 2006-03-03 19:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-12-30 17:57 . 2009-12-30 17:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-12-30 17:57 . 2006-03-03 19:34 -------- d-----w- c:\program files\Yahoo!
2009-12-24 22:23 . 2009-12-24 22:22 -------- d-----w- c:\program files\iTunes
2009-12-24 22:23 . 2009-12-24 22:22 -------- d-----w- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-12-24 22:21 . 2009-06-09 00:03 -------- d-----w- c:\program files\Bonjour
2009-12-24 22:20 . 2006-05-10 21:54 -------- d-----w- c:\program files\QuickTime
2009-12-24 22:19 . 2005-04-10 10:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-12-24 22:17 . 2009-06-08 23:57 -------- d-----w- c:\program files\Apple Software Update
2009-12-24 22:16 . 2009-12-24 22:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-12-21 19:14 . 2004-08-04 08:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-14 02:14 . 2006-02-10 06:29 73720 ----a-w- c:\documents and settings\Jeff Pease\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2007-11-28 19:12 . 2008-01-06 06:08 67696 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2007-11-28 19:12 . 2008-01-06 06:08 54376 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2007-11-28 19:12 . 2008-01-06 06:08 34952 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2007-11-28 19:12 . 2008-01-06 06:08 46720 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2007-11-28 19:12 . 2008-01-06 06:08 172144 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 21:02 1230080 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_8" [X]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2009-12-21 1803064]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-04 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-04 688218]
"hpWirelessAssistant"="c:\program files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-01-21 790528]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2004-11-05 233534]
"YMailAdvisor"="c:\program files\Yahoo!\Common\YMailAdvisor.exe" [2009-05-08 174424]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-04-08 180269]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
"SetDefPrt"="c:\program files\Brother\Brmfl06a\BrStDvPt.exe" [2005-01-27 49152]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 57393]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 101136]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-17 221184]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 40960]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-01-22 155648]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-01-22 126976]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 290816]
"DuelTray"="c:\program files\Duel Systems\DuelAdapter\DuelTray.exe" [2007-03-12 69632]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-06-29 77824]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-06-28 622592]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2009-10-10 203264]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_NONE 53004200420044002e0065007800650020002f00640020005c004400650076006900630065005c0048006100720064006400690073006b0056006f006c0075006d00650031005c00500072006f006700720061006d002000460069006c00650073005c00530075006e00620065006c007400200053006f006600740077006100720065005c00560049005000520045005c0044006500660069006e006900740069006f006e00730000000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"KodakCCS"=3 (0x3)
"iPodService"=3 (0x3)
"SymWSC"=2 (0x2)
"SPBBCSvc"=2 (0x2)
"SNDSrvc"=2 (0x2)
"SBService"=2 (0x2)
"SAVScan"=3 (0x3)
"navapsvc"=2 (0x2)
"LiveUpdate"=3 (0x3)
"ccSetMgr"=2 (0x2)
"ccPwdSvc"=3 (0x3)
"ccProxy"=2 (0x2)
"ccEvtMgr"=2 (0x2)
"Automatic LiveUpdate Scheduler"=2 (0x2)
"ISSVC"=2 (0x2)
"gusvc"=2 (0x2)
"GoogleDesktopManager"=3 (0x3)
"GoogleDesktopManager-110309-193829"=3 (0x3)
"EPSON_PM_RPCV4_01"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [10/11/2008 4:43 PM 10640]
R3 cpuz126;cpuz126;c:\program files\Duel Systems\DuelAdapter\cpuz.sys [12/14/2006 1:00 PM 7808]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2/3/2010 8:03 PM 38224]
S1 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S2 DuelService;DuelAdapter Support Service;c:\program files\Duel Systems\DuelAdapter\DuelService.exe [3/11/2007 9:09 PM 106496]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/16/2009 5:21 PM 135664]
S3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [1/15/2010 11:40 AM 30104]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [1/15/2010 11:40 AM 30104]
S3 kwkxusb;Kyocera CDMA Wireless Modem Driver;c:\windows\system32\drivers\kwusb2k.sys [1/24/2006 1:42 AM 29952]
S3 PTDMBus;PANTECH USB Modem Composite Device Driver ;c:\windows\system32\drivers\PTDMBus.sys [12/27/2007 8:45 AM 29952]
S3 PTDMMdm;PANTECH USB Modem Drivers ;c:\windows\system32\drivers\PTDMMdm.sys [12/27/2007 8:45 AM 41856]
S3 PTDMVsp;PANTECH USB Modem Serial Port ;c:\windows\system32\drivers\PTDMVsp.sys [12/27/2007 8:45 AM 39936]
S3 PTDMWWAN;PANTECH USB Modem WWAN Driver;c:\windows\system32\drivers\PTDMWWAN.sys [12/27/2007 8:45 AM 59520]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - MBAMSWISSARMY
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
LSP: vlsp.dll
Trusted Zone: facebook.com\www
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Kelly\Application Data\Mozilla\Firefox\Profiles\d1t5y9w6.default\
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -
Toolbar-SITEguard - (no file)
HKCU-Run-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
HKCU-Run-IncrediMail - c:\program files\IncrediMail\bin\IncMail.exe
HKCU-Run-CyberDefender Early Detection Center - c:\program files\CyberDefender\AntiSpyware\cdasbe.exe
HKCU-Run-Weather - c:\progra~1\AWS\WEATHE~1\Weather.exe
HKLM-Run-Symantec NetDriver Monitor - c:\progra~1\SYMNET~1\SNDMon.exe
HKLM-Run-smss32.exe - c:\windows\system32\smss32.exe
HKLM-Run-LaunchAntiSpy - c:\program files\DefenderPro\TSAntiSpy.exe
HKLM-Run-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
HKLM-Run-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe
HKLM-Run-Adobe Photo Downloader - c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
HKLM-Run-SBRegRebootCleaner - c:\program files\Sunbelt Software\VIPRE\SBRC.exe
AddRemove-Easy-PhotoPrint - c:\program files\Canon\Easy-PhotoPrint\uninst.exe uninst.ini
AddRemove-RealJukebox 1.0 - c:\program files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
AddRemove-RealPlayer 6.0 - c:\program files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
AddRemove-{91810AFC-A4F8-4EBA-A5AA-B198BBC81144} - c:\program files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe REMOVEALL
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-03 21:42
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????8?8?9?4??????? ?,?B?????????????hLC? ??????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x832E2856]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf85a8f28
\Driver\ACPI -> ACPI.sys @ 0xf840bcb8
\Driver\atapi -> atapi.sys @ 0xf83a5852
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022
ParseProcedure -> ntkrnlpa.exe @ 0x80577c84
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022
ParseProcedure -> ntkrnlpa.exe @ 0x80577c84
NDIS: Realtek RTL8139/810x Family Fast Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xf82b2bd4
PacketIndicateHandler -> NDIS.sys @ 0xf82a0a0d
SendHandler -> NDIS.sys @ 0xf82b4b40
user & kernel MBR OK
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(696)
c:\windows\system32\WININET.dll
- - - - - - - > 'lsass.exe'(756)
c:\windows\system32\WININET.dll
c:\windows\system32\vlsp.dll
.
Completion time: 2010-02-03 21:48
ComboFix-quarantined-files.txt 2010-02-04 05:48
Pre-Run: 58,392,756,224 bytes free
Post-Run: 59,212,808,192 bytes free
Current=1 Default=1 Failed=10 LastKnownGood=2 Sets=1,2,3,4,5,6,7,8,10
- - End Of File - - 6F8D69D857BC054DCAE96FDC5A1E374D
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.130 [GMT -8:00]
Running from: e:\computer software\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
- REDUCED FUNCTIONALITY MODE -
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\Kelly\LOCALS~1\Temp\install_flash_player.exe
c:\recycler\S-1-5-21-1708537768-308236825-839522115-1003
c:\recycler\S-1-5-21-1708537768-308236825-839522115-1003\desktop.ini
c:\recycler\S-1-5-21-1708537768-308236825-839522115-1003\INFO2
c:\recycler\S-1-5-21-3288127050-197847358-126776011-1003
c:\recycler\S-1-5-21-3288127050-197847358-126776011-1003\desktop.ini
c:\recycler\S-1-5-21-3288127050-197847358-126776011-1003\INFO2
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\mydll.dll
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
.
((((((((((((((((((((((((( Files Created from 2010-01-04 to 2010-02-04 )))))))))))))))))))))))))))))))
.
2010-02-04 04:03 . 2010-02-04 04:03 -------- d-----w- c:\documents and settings\Kelly\Application Data\Malwarebytes
2010-02-04 04:03 . 2009-12-04 00:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-04 04:03 . 2010-02-04 04:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-04 04:03 . 2010-02-04 04:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-02-04 04:03 . 2009-12-04 00:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-04 03:46 . 2010-02-04 03:46 -------- d-----w- c:\documents and settings\Kelly\Application Data\Skinux
2010-02-04 03:24 . 2010-02-04 03:24 -------- d-----w- c:\documents and settings\Kelly\Application Data\MSNInstaller
2010-02-04 03:12 . 2010-02-04 03:12 -------- d-----w- c:\documents and settings\Kelly\Application Data\Leadertech
2010-01-31 05:28 . 2010-02-04 03:04 104 ----a-w- c:\windows\system32\SBRC.dat
2010-01-31 05:24 . 2008-09-24 01:46 245408 ----a-w- c:\windows\system32\unicows.dll
2010-01-29 17:52 . 2010-01-29 17:52 -------- d-----w- c:\documents and settings\Jeff Pease\Application Data\Sunbelt
2010-01-28 18:15 . 2010-01-28 18:15 -------- d-----w- c:\documents and settings\Kelly\Application Data\InterVideo
2010-01-27 01:26 . 2010-01-27 01:26 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard
2010-01-27 01:24 . 2010-01-30 18:35 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2010-01-27 01:24 . 2010-01-27 01:24 -------- d-----w- c:\program files\Common Files\iS3
2010-01-27 00:44 . 2010-01-27 00:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Sunbelt
2010-01-26 22:12 . 2010-01-26 22:12 0 ----a-w- c:\windows\system32\16827.exe
2010-01-26 21:12 . 2010-01-26 21:12 0 ----a-w- c:\windows\system32\5705.exe
2010-01-26 20:31 . 2010-01-26 20:31 0 ----a-w- c:\windows\system32\26962.exe
2010-01-26 20:11 . 2010-01-26 20:11 0 ----a-w- c:\windows\system32\29358.exe
2010-01-26 19:51 . 2010-01-27 00:36 0 ----a-w- c:\windows\system32\11478.exe
2010-01-26 18:51 . 2010-01-26 23:36 0 ----a-w- c:\windows\system32\26500.exe
2010-01-26 18:31 . 2010-01-27 01:24 0 ----a-w- c:\windows\system32\6334.exe
2010-01-26 16:19 . 2010-01-27 01:04 0 ----a-w- c:\windows\system32\18467.exe
2010-01-25 22:24 . 2010-01-26 21:52 0 ----a-w- c:\windows\system32\23281.exe
2010-01-25 22:04 . 2010-01-26 21:32 0 ----a-w- c:\windows\system32\28145.exe
2010-01-25 21:23 . 2010-01-26 20:52 0 ----a-w- c:\windows\system32\24464.exe
2010-01-25 19:42 . 2010-01-26 23:56 0 ----a-w- c:\windows\system32\19169.exe
2010-01-25 17:29 . 2010-01-25 17:29 -------- d-sh--w- c:\documents and settings\Kelly\IECompatCache
2010-01-24 21:43 . 2010-01-24 21:43 -------- d-----w- C:\ProgramData
2010-01-24 21:43 . 2010-01-24 21:43 -------- d-----w- c:\program files\Angle Interactive
2010-01-24 19:59 . 2009-11-09 19:20 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-01-24 19:59 . 2009-10-07 00:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-01-24 19:58 . 2009-09-03 17:45 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-01-24 19:58 . 2010-01-24 19:58 -------- d-----w- c:\program files\Common Files\PC Tools
2010-01-24 19:58 . 2010-01-24 19:58 -------- d-----w- c:\documents and settings\Kelly\Application Data\PC Tools
2010-01-24 19:58 . 2010-01-24 19:58 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-01-24 19:57 . 2010-01-27 01:43 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-01-24 19:03 . 2010-01-27 00:16 0 ----a-w- c:\windows\system32\15724.exe
2010-01-24 17:21 . 2010-01-24 17:21 -------- d-----w- C:\spoolerlogs
2010-01-22 16:54 . 2010-01-22 16:54 -------- d-----w- c:\documents and settings\Administrator\Application Data\Leadertech
2010-01-22 15:47 . 2010-01-23 16:20 -------- d-----w- c:\program files\Windows Live Safety Center
2010-01-22 15:37 . 2010-01-27 17:47 16700 ----a-w- c:\documents and settings\All Users\Application Data\h8srtmainqt.dll
2010-01-21 03:42 . 2010-01-27 00:44 1020 ----a-w- c:\documents and settings\All Users\Application Data\h8srtkrl32mainweq.dll
2010-01-20 06:29 . 2010-01-20 06:29 -------- d-----w- c:\documents and settings\Kelly\Local Settings\Application Data\Apple
2010-01-18 07:09 . 2010-01-18 07:09 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2010-01-17 03:25 . 2010-01-17 03:25 -------- d-----w- c:\windows\system32\Service
2010-01-17 01:44 . 2010-01-17 01:44 -------- d-----w- c:\program files\Alwil Software
2010-01-16 16:49 . 2009-11-25 21:02 1230080 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2010-01-16 04:21 . 2010-01-16 19:00 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2010-01-15 19:40 . 2010-01-26 22:15 30104 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
2010-01-15 19:40 . 2010-01-15 19:40 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2010-01-15 19:40 . 2010-01-15 19:40 -------- d-----w- c:\program files\AVG
2010-01-15 19:40 . 2010-01-26 22:15 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-01-15 02:28 . 2010-01-15 02:28 -------- d-----w- c:\documents and settings\Kelly\Local Settings\Application Data\Adobe
2010-01-15 02:21 . 2010-01-15 02:21 -------- d-----w- c:\documents and settings\Kelly\Local Settings\Application Data\Mozilla
2010-01-15 01:05 . 2010-01-15 01:05 67376 ----a-w- c:\documents and settings\Kelly\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-14 02:51 . 2010-01-14 02:51 -------- d-----w- c:\documents and settings\Kelly\Application Data\AVG8
2010-01-14 02:21 . 2010-01-14 02:21 -------- d-----w- c:\documents and settings\Kelly\Local Settings\Application Data\ArcSoft
2010-01-14 02:21 . 2010-01-14 02:21 -------- d-----w- c:\documents and settings\Kelly\Application Data\Logitech
2010-01-14 02:21 . 2010-01-14 02:21 -------- d-----w- c:\documents and settings\Kelly\Application Data\ArcSoft
2010-01-14 02:21 . 2010-01-14 02:21 -------- d-----w- c:\documents and settings\Kelly\Local Settings\Application Data\Scansoft
2010-01-14 01:58 . 2010-01-14 01:58 -------- d-----w- c:\program files\CCleaner
2010-01-14 00:25 . 2010-01-14 00:25 -------- d-----w- c:\documents and settings\Jeff Pease\Application Data\AVG8
2010-01-12 14:50 . 2010-01-12 14:50 0 ----a-w- c:\windows\system32\5436.exe
2010-01-12 14:30 . 2010-01-12 14:30 166 ----a-w- c:\windows\system32\4827.exe
2010-01-12 14:10 . 2010-01-12 14:10 0 ----a-w- c:\windows\system32\11942.exe
2010-01-12 07:35 . 2010-01-12 13:50 0 ----a-w- c:\windows\system32\2995.exe
2010-01-12 07:15 . 2010-01-12 13:30 0 ----a-w- c:\windows\system32\491.exe
2010-01-12 06:55 . 2010-01-24 22:08 30720 ----a-w- c:\windows\system32\9961.exe
2010-01-11 21:41 . 2010-01-22 16:31 67376 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-11 21:38 . 2010-01-11 21:38 56 --sh--r- c:\windows\system32\0DE8C8C0E8.sys
2010-01-11 21:36 . 2005-04-10 10:29 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\LightScribe
2010-01-11 21:36 . 2005-04-10 10:15 -------- d-----w- c:\documents and settings\Administrator\Application Data\Symantec
2010-01-11 21:36 . 2005-04-10 10:06 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Apple Computer
2010-01-11 21:36 . 2005-04-10 10:06 -------- d-----w- c:\documents and settings\Administrator\Application Data\Apple Computer
2010-01-11 21:36 . 2005-04-10 09:34 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150000}
2010-01-11 21:36 . 2010-01-22 16:43 -------- d-----w- c:\documents and settings\Administrator
2010-01-09 23:47 . 2010-01-09 23:47 137 ----a-w- c:\windows\tsiwinfile.dat
2010-01-09 23:47 . 2010-01-09 23:47 -------- d-----w- c:\windows\AntiSpy
2010-01-09 17:21 . 2010-01-09 23:33 -------- d-----w- c:\program files\Defender Pro
2010-01-09 01:04 . 2010-01-09 01:04 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-04 05:23 . 2009-12-30 19:47 720 ----a-w- c:\documents and settings\All Users\Application Data\ArcSoft\kodak-printcreations-22-080812-oem\acforall.dll
2010-02-04 03:49 . 2006-06-17 06:36 -------- d-----w- c:\program files\Corel
2010-02-04 03:30 . 2006-11-22 21:31 -------- d-----w- c:\program files\TextAloud
2010-02-04 03:30 . 2005-04-10 09:20 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-04 03:18 . 2006-11-15 15:45 -------- d-----w- c:\documents and settings\All Users\Application Data\ScanSoft
2010-01-31 18:26 . 2004-08-04 00:59 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-01-30 16:05 . 2010-01-30 16:04 512 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2010-01-14 21:55 . 2006-06-17 06:38 3766 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-01-14 21:55 . 2006-06-17 16:09 56 --sh--r- c:\windows\system32\F1D8621EC7.sys
2010-01-14 02:37 . 2005-04-10 10:04 -------- d-----w- c:\program files\Google
2010-01-14 02:20 . 2010-01-14 02:20 -------- d-----w- c:\documents and settings\Kelly\Application Data\Yahoo!
2010-01-14 02:15 . 2006-06-18 03:26 -------- d-----w- c:\program files\Acoustica DJ Twist And Burn
2010-01-14 02:10 . 2006-02-09 05:32 -------- d-----w- c:\program files\Common Files\Intuit
2010-01-14 02:07 . 2006-03-18 14:47 -------- d-----w- c:\program files\IncrediMail
2010-01-13 19:43 . 2009-12-30 17:57 -------- d-----w- c:\documents and settings\Jeff Pease\Application Data\Yahoo!
2010-01-11 21:38 . 2010-01-11 21:38 -------- d-----w- c:\documents and settings\Administrator\Application Data\Corel
2010-01-04 04:15 . 2009-12-30 19:47 -------- d-----w- c:\documents and settings\Jeff Pease\Application Data\ArcSoft
2010-01-03 02:19 . 2004-08-07 13:10 83187 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-12-30 20:19 . 2009-12-30 20:19 -------- d-----w- c:\documents and settings\Jeff Pease\Application Data\KodakCredentialStore
2009-12-30 19:50 . 2006-03-29 12:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Kodak
2009-12-30 19:47 . 2009-12-30 19:47 -------- d-----w- c:\documents and settings\All Users\Application Data\ArcSoft
2009-12-30 19:47 . 2009-12-30 19:45 -------- d-----w- c:\program files\Common Files\ArcSoft
2009-12-30 19:45 . 2009-12-30 19:45 -------- d-----w- c:\program files\ArcSoft
2009-12-30 19:44 . 2006-03-29 12:50 -------- d-----w- c:\program files\Kodak
2009-12-30 19:42 . 2009-12-30 19:42 77824 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\ESS\bindbins\BindBins.exe
2009-12-30 19:42 . 2009-12-30 19:42 62976 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\creative\content\setup.exe
2009-12-30 19:41 . 2009-12-30 19:41 175104 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\creative\app\setup.exe
2009-12-30 19:41 . 2009-12-30 19:41 45056 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\SysFiles\kb945060\kb945060.exe
2009-12-30 19:40 . 2009-12-30 19:40 1187840 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_140001_5a58e\EasyShrx.Dll
2009-12-30 19:07 . 2006-03-29 12:53 -------- d-----w- c:\program files\Common Files\Kodak
2009-12-30 18:44 . 2009-12-30 18:44 1187840 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_140001_378949\EasyShrx.Dll
2009-12-30 18:44 . 2009-12-30 18:44 114688 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\$Registration\KodakCameraAPI_7.9.20.1.dll
2009-12-30 17:57 . 2006-03-03 19:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-12-30 17:57 . 2009-12-30 17:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-12-30 17:57 . 2006-03-03 19:34 -------- d-----w- c:\program files\Yahoo!
2009-12-24 22:23 . 2009-12-24 22:22 -------- d-----w- c:\program files\iTunes
2009-12-24 22:23 . 2009-12-24 22:22 -------- d-----w- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-12-24 22:21 . 2009-06-09 00:03 -------- d-----w- c:\program files\Bonjour
2009-12-24 22:20 . 2006-05-10 21:54 -------- d-----w- c:\program files\QuickTime
2009-12-24 22:19 . 2005-04-10 10:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-12-24 22:17 . 2009-06-08 23:57 -------- d-----w- c:\program files\Apple Software Update
2009-12-24 22:16 . 2009-12-24 22:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-12-21 19:14 . 2004-08-04 08:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-14 02:14 . 2006-02-10 06:29 73720 ----a-w- c:\documents and settings\Jeff Pease\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2007-11-28 19:12 . 2008-01-06 06:08 67696 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2007-11-28 19:12 . 2008-01-06 06:08 54376 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2007-11-28 19:12 . 2008-01-06 06:08 34952 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2007-11-28 19:12 . 2008-01-06 06:08 46720 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2007-11-28 19:12 . 2008-01-06 06:08 172144 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 21:02 1230080 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_8" [X]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2009-12-21 1803064]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-04 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-04 688218]
"hpWirelessAssistant"="c:\program files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-01-21 790528]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2004-11-05 233534]
"YMailAdvisor"="c:\program files\Yahoo!\Common\YMailAdvisor.exe" [2009-05-08 174424]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-04-08 180269]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
"SetDefPrt"="c:\program files\Brother\Brmfl06a\BrStDvPt.exe" [2005-01-27 49152]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 57393]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 101136]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-17 221184]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 40960]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-01-22 155648]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-01-22 126976]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 290816]
"DuelTray"="c:\program files\Duel Systems\DuelAdapter\DuelTray.exe" [2007-03-12 69632]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-06-29 77824]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-06-28 622592]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2009-10-10 203264]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_NONE 53004200420044002e0065007800650020002f00640020005c004400650076006900630065005c0048006100720064006400690073006b0056006f006c0075006d00650031005c00500072006f006700720061006d002000460069006c00650073005c00530075006e00620065006c007400200053006f006600740077006100720065005c00560049005000520045005c0044006500660069006e006900740069006f006e00730000000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"KodakCCS"=3 (0x3)
"iPodService"=3 (0x3)
"SymWSC"=2 (0x2)
"SPBBCSvc"=2 (0x2)
"SNDSrvc"=2 (0x2)
"SBService"=2 (0x2)
"SAVScan"=3 (0x3)
"navapsvc"=2 (0x2)
"LiveUpdate"=3 (0x3)
"ccSetMgr"=2 (0x2)
"ccPwdSvc"=3 (0x3)
"ccProxy"=2 (0x2)
"ccEvtMgr"=2 (0x2)
"Automatic LiveUpdate Scheduler"=2 (0x2)
"ISSVC"=2 (0x2)
"gusvc"=2 (0x2)
"GoogleDesktopManager"=3 (0x3)
"GoogleDesktopManager-110309-193829"=3 (0x3)
"EPSON_PM_RPCV4_01"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [10/11/2008 4:43 PM 10640]
R3 cpuz126;cpuz126;c:\program files\Duel Systems\DuelAdapter\cpuz.sys [12/14/2006 1:00 PM 7808]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2/3/2010 8:03 PM 38224]
S1 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S2 DuelService;DuelAdapter Support Service;c:\program files\Duel Systems\DuelAdapter\DuelService.exe [3/11/2007 9:09 PM 106496]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/16/2009 5:21 PM 135664]
S3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [1/15/2010 11:40 AM 30104]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [1/15/2010 11:40 AM 30104]
S3 kwkxusb;Kyocera CDMA Wireless Modem Driver;c:\windows\system32\drivers\kwusb2k.sys [1/24/2006 1:42 AM 29952]
S3 PTDMBus;PANTECH USB Modem Composite Device Driver ;c:\windows\system32\drivers\PTDMBus.sys [12/27/2007 8:45 AM 29952]
S3 PTDMMdm;PANTECH USB Modem Drivers ;c:\windows\system32\drivers\PTDMMdm.sys [12/27/2007 8:45 AM 41856]
S3 PTDMVsp;PANTECH USB Modem Serial Port ;c:\windows\system32\drivers\PTDMVsp.sys [12/27/2007 8:45 AM 39936]
S3 PTDMWWAN;PANTECH USB Modem WWAN Driver;c:\windows\system32\drivers\PTDMWWAN.sys [12/27/2007 8:45 AM 59520]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - MBAMSWISSARMY
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
LSP: vlsp.dll
Trusted Zone: facebook.com\www
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Kelly\Application Data\Mozilla\Firefox\Profiles\d1t5y9w6.default\
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -
Toolbar-SITEguard - (no file)
HKCU-Run-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
HKCU-Run-IncrediMail - c:\program files\IncrediMail\bin\IncMail.exe
HKCU-Run-CyberDefender Early Detection Center - c:\program files\CyberDefender\AntiSpyware\cdasbe.exe
HKCU-Run-Weather - c:\progra~1\AWS\WEATHE~1\Weather.exe
HKLM-Run-Symantec NetDriver Monitor - c:\progra~1\SYMNET~1\SNDMon.exe
HKLM-Run-smss32.exe - c:\windows\system32\smss32.exe
HKLM-Run-LaunchAntiSpy - c:\program files\DefenderPro\TSAntiSpy.exe
HKLM-Run-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
HKLM-Run-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe
HKLM-Run-Adobe Photo Downloader - c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
HKLM-Run-SBRegRebootCleaner - c:\program files\Sunbelt Software\VIPRE\SBRC.exe
AddRemove-Easy-PhotoPrint - c:\program files\Canon\Easy-PhotoPrint\uninst.exe uninst.ini
AddRemove-RealJukebox 1.0 - c:\program files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
AddRemove-RealPlayer 6.0 - c:\program files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
AddRemove-{91810AFC-A4F8-4EBA-A5AA-B198BBC81144} - c:\program files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe REMOVEALL
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-03 21:42
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????8?8?9?4??????? ?,?B?????????????hLC? ??????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x832E2856]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf85a8f28
\Driver\ACPI -> ACPI.sys @ 0xf840bcb8
\Driver\atapi -> atapi.sys @ 0xf83a5852
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022
ParseProcedure -> ntkrnlpa.exe @ 0x80577c84
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022
ParseProcedure -> ntkrnlpa.exe @ 0x80577c84
NDIS: Realtek RTL8139/810x Family Fast Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xf82b2bd4
PacketIndicateHandler -> NDIS.sys @ 0xf82a0a0d
SendHandler -> NDIS.sys @ 0xf82b4b40
user & kernel MBR OK
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(696)
c:\windows\system32\WININET.dll
- - - - - - - > 'lsass.exe'(756)
c:\windows\system32\WININET.dll
c:\windows\system32\vlsp.dll
.
Completion time: 2010-02-03 21:48
ComboFix-quarantined-files.txt 2010-02-04 05:48
Pre-Run: 58,392,756,224 bytes free
Post-Run: 59,212,808,192 bytes free
Current=1 Default=1 Failed=10 LastKnownGood=2 Sets=1,2,3,4,5,6,7,8,10
- - End Of File - - 6F8D69D857BC054DCAE96FDC5A1E374D
#14
- Full Member
-
- Group: Member+
- Posts: 25
- Joined: 05-December 09
Posted 09 February 2010 - 09:59 AM
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-02-08 21:55:08
Windows 5.1.2600 Service Pack 3
Running: z91m709t.exe; Driver: C:\DOCUME~1\Admin\LOCALS~1\Temp\pwloifob.sys
---- System - GMER 1.0.15 ----
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xF85A487E]
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xF85A4C10]
---- Kernel code sections - GMER 1.0.15 ----
init C:\WINDOWS\system32\drivers\tifm21.sys entry point in "init" section [0xF7C69ABF]
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Company)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Company)
AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 2
Reg HKLM\SYSTEM\CurrentControlSet\control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\CurrentControlSet\control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 7
Reg HKLM\SYSTEM\CurrentControlSet\control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\CurrentControlSet\control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 35
Reg HKLM\SYSTEM\CurrentControlSet\control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\CurrentControlSet\control\Class\{4D36E969-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 4
Reg HKLM\SYSTEM\CurrentControlSet\control\Class\{4D36E969-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\CurrentControlSet\control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 4
Reg HKLM\SYSTEM\CurrentControlSet\control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\CurrentControlSet\control\Class\{4D36E97B-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 4
Reg HKLM\SYSTEM\CurrentControlSet\control\Class\{4D36E97B-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\CurrentControlSet\control\Class\{4D36E980-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 7
Reg HKLM\SYSTEM\CurrentControlSet\control\Class\{4D36E980-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\CurrentControlSet\Services\MRxDAV\EncryptedDirectories@
Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 2
Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 7
Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 35
Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E969-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 4
Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E969-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 4
Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E97B-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 4
Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E97B-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E980-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 7
Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E980-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset002\Services\MRxDAV\EncryptedDirectories@
Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys@start 1
Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys@type 1
Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys@imagepath \systemroot\system32\drivers\H8SRTgwrqrdymyb.sys
Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys@group file system
Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys\modules@H8SRTd \\?\globalroot\systemroot\system32\drivers\H8SRTgwrqrdymyb.sys
Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys\modules@H8SRTc \\?\globalroot\systemroot\system32\H8SRTltpwakyavb.dll
Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys\modules@H8SRTsrcr \\?\globalroot\systemroot\system32\H8SRTuwtitablqt.dat
Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys\modules@h8srtserf \\?\globalroot\systemroot\system32\H8SRTvpqmujenjk.dll
Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys\modules@h8srtbbr \\?\globalroot\systemroot\system32\H8SRTdbosntydov.dll
Reg HKLM\SYSTEM\ControlSet004\Services\H8SRTd.sys@start 1
Reg HKLM\SYSTEM\ControlSet004\Services\H8SRTd.sys@type 1
Reg HKLM\SYSTEM\ControlSet004\Services\H8SRTd.sys@imagepath \systemroot\system32\drivers\H8SRTgwrqrdymyb.sys
Reg HKLM\SYSTEM\ControlSet004\Services\H8SRTd.sys@group file system
Reg HKLM\SYSTEM\ControlSet004\Services\H8SRTd.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\H8SRTd.sys\modules@H8SRTd \\?\globalroot\systemroot\system32\drivers\H8SRTgwrqrdymyb.sys
Reg HKLM\SYSTEM\ControlSet004\Services\H8SRTd.sys\modules@H8SRTc \\?\globalroot\systemroot\system32\H8SRTltpwakyavb.dll
Reg HKLM\SYSTEM\ControlSet004\Services\H8SRTd.sys\modules@H8SRTsrcr \\?\globalroot\systemroot\system32\H8SRTuwtitablqt.dat
Reg HKLM\SYSTEM\ControlSet004\Services\H8SRTd.sys\modules@h8srtserf \\?\globalroot\systemroot\system32\H8SRTvpqmujenjk.dll
Reg HKLM\SYSTEM\ControlSet004\Services\H8SRTd.sys\modules@h8srtbbr \\?\globalroot\systemroot\system32\H8SRTdbosntydov.dll
Reg HKLM\SYSTEM\ControlSet005\Services\H8SRTd.sys@start 1
Reg HKLM\SYSTEM\ControlSet005\Services\H8SRTd.sys@type 1
Reg HKLM\SYSTEM\ControlSet005\Services\H8SRTd.sys@imagepath \systemroot\system32\drivers\H8SRTgwrqrdymyb.sys
Reg HKLM\SYSTEM\ControlSet005\Services\H8SRTd.sys@group file system
Reg HKLM\SYSTEM\ControlSet005\Services\H8SRTd.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\H8SRTd.sys\modules@H8SRTd \\?\globalroot\systemroot\system32\drivers\H8SRTgwrqrdymyb.sys
Reg HKLM\SYSTEM\ControlSet005\Services\H8SRTd.sys\modules@H8SRTc \\?\globalroot\systemroot\system32\H8SRTltpwakyavb.dll
Reg HKLM\SYSTEM\ControlSet005\Services\H8SRTd.sys\modules@H8SRTsrcr \\?\globalroot\systemroot\system32\H8SRTuwtitablqt.dat
Reg HKLM\SYSTEM\ControlSet005\Services\H8SRTd.sys\modules@h8srtserf \\?\globalroot\systemroot\system32\H8SRTvpqmujenjk.dll
Reg HKLM\SYSTEM\ControlSet005\Services\H8SRTd.sys\modules@h8srtbbr \\?\globalroot\systemroot\system32\H8SRTdbosntydov.dll
Reg HKLM\SYSTEM\ControlSet006\Services\H8SRTd.sys@start 1
Reg HKLM\SYSTEM\ControlSet006\Services\H8SRTd.sys@type 1
Reg HKLM\SYSTEM\ControlSet006\Services\H8SRTd.sys@imagepath \systemroot\system32\drivers\H8SRTgwrqrdymyb.sys
Reg HKLM\SYSTEM\ControlSet006\Services\H8SRTd.sys@group file system
Reg HKLM\SYSTEM\ControlSet006\Services\H8SRTd.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\H8SRTd.sys\modules@H8SRTd \\?\globalroot\systemroot\system32\drivers\H8SRTgwrqrdymyb.sys
Reg HKLM\SYSTEM\ControlSet006\Services\H8SRTd.sys\modules@H8SRTc \\?\globalroot\systemroot\system32\H8SRTltpwakyavb.dll
Reg HKLM\SYSTEM\ControlSet006\Services\H8SRTd.sys\modules@H8SRTsrcr \\?\globalroot\systemroot\system32\H8SRTuwtitablqt.dat
Reg HKLM\SYSTEM\ControlSet006\Services\H8SRTd.sys\modules@h8srtserf \\?\globalroot\systemroot\system32\H8SRTvpqmujenjk.dll
Reg HKLM\SYSTEM\ControlSet006\Services\H8SRTd.sys\modules@h8srtbbr \\?\globalroot\systemroot\system32\H8SRTdbosntydov.dll
Reg HKLM\SYSTEM\ControlSet007\Services\H8SRTd.sys@start 1
Reg HKLM\SYSTEM\ControlSet007\Services\H8SRTd.sys@type 1
Reg HKLM\SYSTEM\ControlSet007\Services\H8SRTd.sys@imagepath \systemroot\system32\drivers\H8SRTgwrqrdymyb.sys
Reg HKLM\SYSTEM\ControlSet007\Services\H8SRTd.sys@group file system
Reg HKLM\SYSTEM\ControlSet007\Services\H8SRTd.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\H8SRTd.sys\modules@H8SRTd \\?\globalroot\systemroot\system32\drivers\H8SRTgwrqrdymyb.sys
Reg HKLM\SYSTEM\ControlSet007\Services\H8SRTd.sys\modules@H8SRTc \\?\globalroot\systemroot\system32\H8SRTltpwakyavb.dll
Reg HKLM\SYSTEM\ControlSet007\Services\H8SRTd.sys\modules@H8SRTsrcr \\?\globalroot\systemroot\system32\H8SRTuwtitablqt.dat
Reg HKLM\SYSTEM\ControlSet007\Services\H8SRTd.sys\modules@h8srtserf \\?\globalroot\systemroot\system32\H8SRTvpqmujenjk.dll
Reg HKLM\SYSTEM\ControlSet007\Services\H8SRTd.sys\modules@h8srtbbr \\?\globalroot\systemroot\system32\H8SRTdbosntydov.dll
Reg HKLM\SYSTEM\ControlSet007\Services\H8SRTd.sys\modules@h8srtmsg \\?\globalroot\systemroot\system32\H8SRTeecbnrsbvp.dll
Reg HKLM\SYSTEM\ControlSet008\Services\H8SRTd.sys@start 1
Reg HKLM\SYSTEM\ControlSet008\Services\H8SRTd.sys@type 1
Reg HKLM\SYSTEM\ControlSet008\Services\H8SRTd.sys@imagepath \systemroot\system32\drivers\H8SRTgwrqrdymyb.sys
Reg HKLM\SYSTEM\ControlSet008\Services\H8SRTd.sys@group file system
Reg HKLM\SYSTEM\ControlSet008\Services\H8SRTd.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet008\Services\H8SRTd.sys\modules@H8SRTd \\?\globalroot\systemroot\system32\drivers\H8SRTgwrqrdymyb.sys
Reg HKLM\SYSTEM\ControlSet008\Services\H8SRTd.sys\modules@H8SRTc \\?\globalroot\systemroot\system32\H8SRTltpwakyavb.dll
Reg HKLM\SYSTEM\ControlSet008\Services\H8SRTd.sys\modules@H8SRTsrcr \\?\globalroot\systemroot\system32\H8SRTuwtitablqt.dat
Reg HKLM\SYSTEM\ControlSet008\Services\H8SRTd.sys\modules@h8srtserf \\?\globalroot\systemroot\system32\H8SRTvpqmujenjk.dll
Reg HKLM\SYSTEM\ControlSet008\Services\H8SRTd.sys\modules@h8srtbbr \\?\globalroot\systemroot\system32\H8SRTdbosntydov.dll
Reg HKLM\SYSTEM\ControlSet008\Services\H8SRTd.sys\modules@h8srtmsg \\?\globalroot\systemroot\system32\H8SRTeecbnrsbvp.dll
---- EOF - GMER 1.0.15 ----
Rootkit scan 2010-02-08 21:55:08
Windows 5.1.2600 Service Pack 3
Running: z91m709t.exe; Driver: C:\DOCUME~1\Admin\LOCALS~1\Temp\pwloifob.sys
---- System - GMER 1.0.15 ----
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xF85A487E]
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xF85A4C10]
---- Kernel code sections - GMER 1.0.15 ----
init C:\WINDOWS\system32\drivers\tifm21.sys entry point in "init" section [0xF7C69ABF]
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Company)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Company)
AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 2
Reg HKLM\SYSTEM\CurrentControlSet\control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\CurrentControlSet\control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 7
Reg HKLM\SYSTEM\CurrentControlSet\control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\CurrentControlSet\control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 35
Reg HKLM\SYSTEM\CurrentControlSet\control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\CurrentControlSet\control\Class\{4D36E969-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 4
Reg HKLM\SYSTEM\CurrentControlSet\control\Class\{4D36E969-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\CurrentControlSet\control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 4
Reg HKLM\SYSTEM\CurrentControlSet\control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\CurrentControlSet\control\Class\{4D36E97B-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 4
Reg HKLM\SYSTEM\CurrentControlSet\control\Class\{4D36E97B-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\CurrentControlSet\control\Class\{4D36E980-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 7
Reg HKLM\SYSTEM\CurrentControlSet\control\Class\{4D36E980-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\CurrentControlSet\Services\MRxDAV\EncryptedDirectories@
Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 2
Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 7
Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 35
Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E969-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 4
Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E969-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 4
Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E97B-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 4
Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E97B-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E980-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 7
Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E980-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset002\Services\MRxDAV\EncryptedDirectories@
Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys@start 1
Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys@type 1
Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys@imagepath \systemroot\system32\drivers\H8SRTgwrqrdymyb.sys
Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys@group file system
Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys\modules@H8SRTd \\?\globalroot\systemroot\system32\drivers\H8SRTgwrqrdymyb.sys
Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys\modules@H8SRTc \\?\globalroot\systemroot\system32\H8SRTltpwakyavb.dll
Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys\modules@H8SRTsrcr \\?\globalroot\systemroot\system32\H8SRTuwtitablqt.dat
Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys\modules@h8srtserf \\?\globalroot\systemroot\system32\H8SRTvpqmujenjk.dll
Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys\modules@h8srtbbr \\?\globalroot\systemroot\system32\H8SRTdbosntydov.dll
Reg HKLM\SYSTEM\ControlSet004\Services\H8SRTd.sys@start 1
Reg HKLM\SYSTEM\ControlSet004\Services\H8SRTd.sys@type 1
Reg HKLM\SYSTEM\ControlSet004\Services\H8SRTd.sys@imagepath \systemroot\system32\drivers\H8SRTgwrqrdymyb.sys
Reg HKLM\SYSTEM\ControlSet004\Services\H8SRTd.sys@group file system
Reg HKLM\SYSTEM\ControlSet004\Services\H8SRTd.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\H8SRTd.sys\modules@H8SRTd \\?\globalroot\systemroot\system32\drivers\H8SRTgwrqrdymyb.sys
Reg HKLM\SYSTEM\ControlSet004\Services\H8SRTd.sys\modules@H8SRTc \\?\globalroot\systemroot\system32\H8SRTltpwakyavb.dll
Reg HKLM\SYSTEM\ControlSet004\Services\H8SRTd.sys\modules@H8SRTsrcr \\?\globalroot\systemroot\system32\H8SRTuwtitablqt.dat
Reg HKLM\SYSTEM\ControlSet004\Services\H8SRTd.sys\modules@h8srtserf \\?\globalroot\systemroot\system32\H8SRTvpqmujenjk.dll
Reg HKLM\SYSTEM\ControlSet004\Services\H8SRTd.sys\modules@h8srtbbr \\?\globalroot\systemroot\system32\H8SRTdbosntydov.dll
Reg HKLM\SYSTEM\ControlSet005\Services\H8SRTd.sys@start 1
Reg HKLM\SYSTEM\ControlSet005\Services\H8SRTd.sys@type 1
Reg HKLM\SYSTEM\ControlSet005\Services\H8SRTd.sys@imagepath \systemroot\system32\drivers\H8SRTgwrqrdymyb.sys
Reg HKLM\SYSTEM\ControlSet005\Services\H8SRTd.sys@group file system
Reg HKLM\SYSTEM\ControlSet005\Services\H8SRTd.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\H8SRTd.sys\modules@H8SRTd \\?\globalroot\systemroot\system32\drivers\H8SRTgwrqrdymyb.sys
Reg HKLM\SYSTEM\ControlSet005\Services\H8SRTd.sys\modules@H8SRTc \\?\globalroot\systemroot\system32\H8SRTltpwakyavb.dll
Reg HKLM\SYSTEM\ControlSet005\Services\H8SRTd.sys\modules@H8SRTsrcr \\?\globalroot\systemroot\system32\H8SRTuwtitablqt.dat
Reg HKLM\SYSTEM\ControlSet005\Services\H8SRTd.sys\modules@h8srtserf \\?\globalroot\systemroot\system32\H8SRTvpqmujenjk.dll
Reg HKLM\SYSTEM\ControlSet005\Services\H8SRTd.sys\modules@h8srtbbr \\?\globalroot\systemroot\system32\H8SRTdbosntydov.dll
Reg HKLM\SYSTEM\ControlSet006\Services\H8SRTd.sys@start 1
Reg HKLM\SYSTEM\ControlSet006\Services\H8SRTd.sys@type 1
Reg HKLM\SYSTEM\ControlSet006\Services\H8SRTd.sys@imagepath \systemroot\system32\drivers\H8SRTgwrqrdymyb.sys
Reg HKLM\SYSTEM\ControlSet006\Services\H8SRTd.sys@group file system
Reg HKLM\SYSTEM\ControlSet006\Services\H8SRTd.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\H8SRTd.sys\modules@H8SRTd \\?\globalroot\systemroot\system32\drivers\H8SRTgwrqrdymyb.sys
Reg HKLM\SYSTEM\ControlSet006\Services\H8SRTd.sys\modules@H8SRTc \\?\globalroot\systemroot\system32\H8SRTltpwakyavb.dll
Reg HKLM\SYSTEM\ControlSet006\Services\H8SRTd.sys\modules@H8SRTsrcr \\?\globalroot\systemroot\system32\H8SRTuwtitablqt.dat
Reg HKLM\SYSTEM\ControlSet006\Services\H8SRTd.sys\modules@h8srtserf \\?\globalroot\systemroot\system32\H8SRTvpqmujenjk.dll
Reg HKLM\SYSTEM\ControlSet006\Services\H8SRTd.sys\modules@h8srtbbr \\?\globalroot\systemroot\system32\H8SRTdbosntydov.dll
Reg HKLM\SYSTEM\ControlSet007\Services\H8SRTd.sys@start 1
Reg HKLM\SYSTEM\ControlSet007\Services\H8SRTd.sys@type 1
Reg HKLM\SYSTEM\ControlSet007\Services\H8SRTd.sys@imagepath \systemroot\system32\drivers\H8SRTgwrqrdymyb.sys
Reg HKLM\SYSTEM\ControlSet007\Services\H8SRTd.sys@group file system
Reg HKLM\SYSTEM\ControlSet007\Services\H8SRTd.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\H8SRTd.sys\modules@H8SRTd \\?\globalroot\systemroot\system32\drivers\H8SRTgwrqrdymyb.sys
Reg HKLM\SYSTEM\ControlSet007\Services\H8SRTd.sys\modules@H8SRTc \\?\globalroot\systemroot\system32\H8SRTltpwakyavb.dll
Reg HKLM\SYSTEM\ControlSet007\Services\H8SRTd.sys\modules@H8SRTsrcr \\?\globalroot\systemroot\system32\H8SRTuwtitablqt.dat
Reg HKLM\SYSTEM\ControlSet007\Services\H8SRTd.sys\modules@h8srtserf \\?\globalroot\systemroot\system32\H8SRTvpqmujenjk.dll
Reg HKLM\SYSTEM\ControlSet007\Services\H8SRTd.sys\modules@h8srtbbr \\?\globalroot\systemroot\system32\H8SRTdbosntydov.dll
Reg HKLM\SYSTEM\ControlSet007\Services\H8SRTd.sys\modules@h8srtmsg \\?\globalroot\systemroot\system32\H8SRTeecbnrsbvp.dll
Reg HKLM\SYSTEM\ControlSet008\Services\H8SRTd.sys@start 1
Reg HKLM\SYSTEM\ControlSet008\Services\H8SRTd.sys@type 1
Reg HKLM\SYSTEM\ControlSet008\Services\H8SRTd.sys@imagepath \systemroot\system32\drivers\H8SRTgwrqrdymyb.sys
Reg HKLM\SYSTEM\ControlSet008\Services\H8SRTd.sys@group file system
Reg HKLM\SYSTEM\ControlSet008\Services\H8SRTd.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet008\Services\H8SRTd.sys\modules@H8SRTd \\?\globalroot\systemroot\system32\drivers\H8SRTgwrqrdymyb.sys
Reg HKLM\SYSTEM\ControlSet008\Services\H8SRTd.sys\modules@H8SRTc \\?\globalroot\systemroot\system32\H8SRTltpwakyavb.dll
Reg HKLM\SYSTEM\ControlSet008\Services\H8SRTd.sys\modules@H8SRTsrcr \\?\globalroot\systemroot\system32\H8SRTuwtitablqt.dat
Reg HKLM\SYSTEM\ControlSet008\Services\H8SRTd.sys\modules@h8srtserf \\?\globalroot\systemroot\system32\H8SRTvpqmujenjk.dll
Reg HKLM\SYSTEM\ControlSet008\Services\H8SRTd.sys\modules@h8srtbbr \\?\globalroot\systemroot\system32\H8SRTdbosntydov.dll
Reg HKLM\SYSTEM\ControlSet008\Services\H8SRTd.sys\modules@h8srtmsg \\?\globalroot\systemroot\system32\H8SRTeecbnrsbvp.dll
---- EOF - GMER 1.0.15 ----
#15
- Full Member
-
- Group: Member+
- Posts: 25
- Joined: 05-December 09
Posted 09 February 2010 - 10:04 AM
Safe mode seems to be working just fine although the internet doesn't seem to be working in that mode at all when set to networking. I did the system file checker and it did nothing after it got done scanning. I'm assuming that's a good thing. Only problem is when the comp is started up in normal boot, after the windows loading page, a page comes up saying "/systemroot/.../Autochk.exe program not found skipping...". I'm not sure how important that is, but the wireless still isn't working.
I was wondering if you thought a destructive recovery would be advisable once the CD gets here?
I was wondering if you thought a destructive recovery would be advisable once the CD gets here?