Jump to content

Bdr187

Honorary Members
  • Posts

    32
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Things seem to be working better, haven't encountered any problems.
  2. ComboFix 11-03-13.02 - Administrator 03/14/2011 12:39:31.3.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.637 [GMT -4:00] Running from: c:\documents and settings\administrator.AUCTIONINN\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\administrator.AUCTIONINN\Desktop\CFScript.txt . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\docume~1\ADMINI~1.AUC\LOCALS~1\Temp\IadHide5.dll c:\documents and settings\administrator.AUCTIONINN\Local Settings\temp\IadHide5.dll . . --------------- FCopy --------------- . c:\windows\ServicePackFiles\i386\sfcfiles.dll --> c:\windows\System32\sfcfiles.dll . ((((((((((((((((((((((((( Files Created from 2011-02-14 to 2011-03-14 ))))))))))))))))))))))))))))))) . . 2011-03-14 16:39 . 2008-04-14 10:42 1614848 ----a-w- c:\windows\system32\sfcfiles.dll 2011-03-13 01:45 . 2010-11-02 15:17 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys 2011-03-13 01:42 . 2010-10-11 14:59 45568 ------w- c:\windows\system32\dllcache\wab.exe 2011-03-12 05:20 . 2011-03-12 05:20 431144 ----a-w- c:\program files\Mozilla Firefox\uninstall\helper.exe 2011-03-12 05:19 . 2011-03-12 05:19 46456 ----a-w- c:\program files\Mozilla Firefox\components\spellchk.dll 2011-03-12 05:19 . 2011-03-12 05:19 34688 ----a-w- c:\program files\Mozilla Firefox\components\myspell.dll 2011-03-12 04:12 . 2011-03-12 05:51 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{78A29A4D-35CE-4C46-9AC9-2692EE35F0BE} 2011-03-12 04:09 . 2011-03-12 05:51 -------- d-----w- c:\program files\Lavasoft 2011-03-12 04:09 . 2011-03-12 04:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2011-03-12 03:30 . 2011-03-12 03:37 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Temp 2011-03-11 17:06 . 2011-03-11 17:06 -------- d-----w- c:\documents and settings\administrator.AUCTIONINN\Application Data\Auslogics 2011-03-11 17:05 . 2011-03-11 17:05 -------- d-----w- c:\program files\Auslogics 2011-03-11 16:53 . 2011-03-11 16:53 -------- d-----w- c:\program files\WinMend 2011-03-10 18:11 . 2011-03-10 18:11 -------- d--h--w- c:\windows\system32\GroupPolicy 2011-03-10 17:46 . 2011-03-10 17:46 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2011-03-10 17:29 . 2011-03-12 04:22 -------- d-----w- c:\documents and settings\Administrator\Application Data\Apple Computer 2011-03-10 17:29 . 2011-03-10 17:29 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Apple Computer 2011-03-10 17:27 . 2011-03-10 17:27 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache 2011-03-08 20:43 . 2011-03-08 20:43 -------- d-----w- c:\program files\Yontoo Layers Client 2011-03-08 19:46 . 2011-03-08 19:46 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe 2011-03-08 19:46 . 2011-03-08 19:46 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AdobeUM 2011-03-04 15:06 . 2011-03-04 15:06 -------- d-----w- c:\documents and settings\administrator.AUCTIONINN\Application Data\oovootb 2011-03-03 18:53 . 2011-03-03 18:53 -------- d-----w- c:\documents and settings\administrator.AUCTIONINN\Application Data\Malwarebytes 2011-03-03 18:53 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-03-03 18:53 . 2011-03-03 18:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2011-03-03 18:53 . 2011-03-03 18:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-03-03 18:53 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-02-09 13:53 . 2004-08-04 08:00 270848 ----a-w- c:\windows\system32\sbe.dll 2011-02-09 13:53 . 2004-08-04 08:00 186880 ----a-w- c:\windows\system32\encdec.dll 2011-02-02 07:58 . 2004-08-04 08:00 2067456 ----a-w- c:\windows\system32\mstscax.dll 2011-01-27 11:57 . 2004-08-04 08:00 677888 ----a-w- c:\windows\system32\mstsc.exe 2011-01-21 14:44 . 2004-08-04 08:00 439296 ----a-w- c:\windows\system32\shimgvw.dll 2011-01-07 14:09 . 2004-08-04 08:00 290048 ----a-w- c:\windows\system32\atmfd.dll 2010-12-31 13:10 . 2004-08-04 08:00 1854976 ----a-w- c:\windows\system32\win32k.sys 2010-12-22 12:34 . 2004-08-04 08:00 301568 ----a-w- c:\windows\system32\kerberos.dll 2010-12-20 23:59 . 2004-08-04 08:00 916480 ----a-w- c:\windows\system32\wininet.dll 2010-12-20 23:59 . 2004-08-04 08:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2010-12-20 23:59 . 2004-08-04 08:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2010-12-20 17:26 . 2004-08-04 08:00 730112 ----a-w- c:\windows\system32\lsasrv.dll 2010-12-20 12:55 . 2004-08-04 08:00 385024 ----a-w- c:\windows\system32\html.iec 2011-03-12 05:19 . 2006-09-25 20:42 66408 ----a-w- c:\program files\mozilla firefox\components\jar50.dll 2011-03-12 05:19 . 2006-09-25 20:42 54112 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll 2011-03-12 05:19 . 2011-03-12 05:19 34688 ----a-w- c:\program files\mozilla firefox\components\myspell.dll 2011-03-12 05:19 . 2011-03-12 05:19 46456 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll 2011-03-12 05:19 . 2006-09-25 20:42 171880 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-07-01 36864] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AGRSMMSG"="AGRSMMSG.exe" [2005-04-13 88209] "SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-06 149280] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-03 122939] "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-02 102492] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-02 692316] "eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 290816] "Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2004-11-19 233534] "LogitechCommunicationsManager"="c:\program files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-06-26 497200] "LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2006-06-26 614960] "LVCOMSX"="c:\program files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-06-26 243248] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-03-26 49152] "hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-03-13 81920] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160] "TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2010-11-02 274608] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-12-21 155648] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-12-21 126976] . c:\documents and settings\milzyc\Start Menu\Programs\Startup\ VZAccess Manager.lnk - c:\program files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe [N/A] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-7-1 196608] . [HKLM\~\startupfolder\C:^Documents and Settings^administrator.AUCTIONINN^Start Menu^Programs^Startup^Dora the Explorer_ Dance to the Rescue Registration.lnk] path=c:\documents and settings\administrator.AUCTIONINN\Start Menu\Programs\Startup\Dora the Explorer_ Dance to the Rescue Registration.lnk backup=c:\windows\pss\Dora the Explorer_ Dance to the Rescue Registration.lnkStartup . [HKLM\~\startupfolder\C:^Documents and Settings^administrator.AUCTIONINN^Start Menu^Programs^Startup^VZAccess Manager.lnk] path=c:\documents and settings\administrator.AUCTIONINN\Start Menu\Programs\Startup\VZAccess Manager.lnk backup=c:\windows\pss\VZAccess Manager.lnkStartup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent] 2006-06-21 02:36 1207080 ----a-w- c:\progra~1\MICROS~3\wcescomm.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\FrostWire\\FrostWire.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service "443:TCP"= 443:TCP:*:Disabled:ooVoo TCP port 443 "443:UDP"= 443:UDP:*:Disabled:ooVoo UDP port 443 "37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP port 37674 "37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP port 37674 "37675:UDP"= 37675:UDP:*:Disabled:ooVoo UDP port 37675 . R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [5/3/2004 12:26 PM 80384] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/4/2010 2:49 PM 135664] S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?] S3 pwi_bus;Curitel PC Card Composite Device driver (WDM);c:\windows\system32\drivers\pwi_bus.sys [12/5/2006 11:12 AM 55344] S3 pwi_mdfl;Curitel PC Card Filter;c:\windows\system32\drivers\pwi_mdfl.sys [12/5/2006 11:12 AM 9200] S3 pwi_mdm;Curitel PC Card Drivers;c:\windows\system32\drivers\pwi_mdm.sys [12/5/2006 11:12 AM 89936] S3 pwi_oflt;Curitel PC Card OHCI Filter;c:\windows\system32\drivers\pwi_oflt.sys [12/5/2006 11:12 AM 9472] S3 pwi_serd;Curitel PC Card Diagnostic Serial Port (WDM);c:\windows\system32\drivers\pwi_serd.sys [12/5/2006 11:12 AM 69632] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder . 2010-11-20 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50] . 2011-03-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 18:49] . 2011-03-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 18:49] . 2011-03-14 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-18.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-10-20 22:32] . 2011-03-14 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1143423117-2145742611-1760610739-500.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-10-20 22:32] . 2011-03-14 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-269360215-3030256761-234219110-500.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-10-20 22:32] . 2010-11-21 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-18.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-10-20 22:32] . 2011-03-12 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1143423117-2145742611-1760610739-500.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-10-20 22:32] . 2011-03-12 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-269360215-3030256761-234219110-500.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-10-20 22:32] . 2011-03-14 c:\windows\Tasks\User_Feed_Synchronization-{E740A38F-31CF-4AF5-B20A-4EF5A1D69451}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 09:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.ask.com?o=14196&l=dis uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uDefault_Search_URL = hxxp://www.google.com/ie uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/ uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll FF - ProfilePath - c:\documents and settings\administrator.AUCTIONINN\Application Data\Mozilla\Firefox\Profiles\f0bc7g4u.default\ FF - prefs.js: browser.startup.homepage - hxxp://m.www.yahoo.com/ FF - prefs.js: keyword.URL - hxxp://search.mywebstart.net/?sid=10101070100&s= FF - user.js: browser.search.order.1 - Search FF - user.js: keyword.URL - hxxp://search.mywebstart.net/?sid=10101070100&s= . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-03-14 12:59 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????5?6?7?6??????? ?4?B?????????????hLC? ?????? . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(2860) c:\windows\system32\WININET.dll c:\program files\Common Files\Logitech\LVMVFM\LVPrcInj.dll c:\docume~1\ADMINI~1.AUC\LOCALS~1\Temp\IadHide5.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Analog Devices\SoundMAX\SMAgent.exe c:\program files\Windows Media Player\WMPNetwk.exe c:\windows\AGRSMMSG.exe c:\program files\HPQ\SHARED\HPQWMI.exe c:\program files\Microsoft ActiveSync\wcescomm.exe c:\progra~1\MICROS~3\rapimgr.exe c:\program files\Logitech\QuickCam10\COCIManager.exe c:\program files\iPod\bin\iPodService.exe . ************************************************************************** . Completion time: 2011-03-14 13:08:17 - machine was rebooted ComboFix-quarantined-files.txt 2011-03-14 17:08 ComboFix2.txt 2011-03-14 02:00 ComboFix3.txt 2011-03-14 01:20 . Pre-Run: 14,801,928,192 bytes free Post-Run: 14,734,897,152 bytes free . - - End Of File - - C9D44C59CA14BC77AFBC26AE04A13D18
  3. ComboFix 11-03-12.01 - Administrator 03/13/2011 21:33:00.2.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.625 [GMT -4:00] Running from: c:\documents and settings\administrator.AUCTIONINN\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\administrator.AUCTIONINN\Desktop\CFScript.txt . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\docume~1\ADMINI~1.AUC\LOCALS~1\Temp\IadHide5.dll c:\documents and settings\administrator.AUCTIONINN\Local Settings\Temp\IadHide5.dll . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_mjju . . ((((((((((((((((((((((((( Files Created from 2011-02-14 to 2011-03-14 ))))))))))))))))))))))))))))))) . . 2011-03-13 01:45 . 2010-11-02 15:17 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys 2011-03-13 01:42 . 2010-10-11 14:59 45568 ------w- c:\windows\system32\dllcache\wab.exe 2011-03-12 05:20 . 2011-03-12 05:20 431144 ----a-w- c:\program files\Mozilla Firefox\uninstall\helper.exe 2011-03-12 05:19 . 2011-03-12 05:19 46456 ----a-w- c:\program files\Mozilla Firefox\components\spellchk.dll 2011-03-12 05:19 . 2011-03-12 05:19 34688 ----a-w- c:\program files\Mozilla Firefox\components\myspell.dll 2011-03-12 04:12 . 2011-03-12 05:51 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{78A29A4D-35CE-4C46-9AC9-2692EE35F0BE} 2011-03-12 04:09 . 2011-03-12 05:51 -------- d-----w- c:\program files\Lavasoft 2011-03-12 04:09 . 2011-03-12 04:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2011-03-12 03:30 . 2011-03-12 03:37 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Temp 2011-03-11 17:06 . 2011-03-11 17:06 -------- d-----w- c:\documents and settings\administrator.AUCTIONINN\Application Data\Auslogics 2011-03-11 17:05 . 2011-03-11 17:05 -------- d-----w- c:\program files\Auslogics 2011-03-11 16:53 . 2011-03-11 16:53 -------- d-----w- c:\program files\WinMend 2011-03-10 18:11 . 2011-03-10 18:11 -------- d--h--w- c:\windows\system32\GroupPolicy 2011-03-10 17:46 . 2011-03-10 17:46 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2011-03-10 17:29 . 2011-03-12 04:22 -------- d-----w- c:\documents and settings\Administrator\Application Data\Apple Computer 2011-03-10 17:29 . 2011-03-10 17:29 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Apple Computer 2011-03-10 17:27 . 2011-03-10 17:27 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache 2011-03-08 20:43 . 2011-03-08 20:43 -------- d-----w- c:\program files\Yontoo Layers Client 2011-03-08 19:46 . 2011-03-08 19:46 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe 2011-03-08 19:46 . 2011-03-08 19:46 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AdobeUM 2011-03-04 15:06 . 2011-03-04 15:06 -------- d-----w- c:\documents and settings\administrator.AUCTIONINN\Application Data\oovootb 2011-03-03 18:53 . 2011-03-03 18:53 -------- d-----w- c:\documents and settings\administrator.AUCTIONINN\Application Data\Malwarebytes 2011-03-03 18:53 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-03-03 18:53 . 2011-03-03 18:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2011-03-03 18:53 . 2011-03-03 18:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-03-03 18:53 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-02-09 13:53 . 2004-08-04 08:00 270848 ----a-w- c:\windows\system32\sbe.dll 2011-02-09 13:53 . 2004-08-04 08:00 186880 ----a-w- c:\windows\system32\encdec.dll 2011-02-02 07:58 . 2004-08-04 08:00 2067456 ----a-w- c:\windows\system32\mstscax.dll 2011-01-27 11:57 . 2004-08-04 08:00 677888 ----a-w- c:\windows\system32\mstsc.exe 2011-01-21 14:44 . 2004-08-04 08:00 439296 ----a-w- c:\windows\system32\shimgvw.dll 2011-01-07 14:09 . 2004-08-04 08:00 290048 ----a-w- c:\windows\system32\atmfd.dll 2010-12-31 13:10 . 2004-08-04 08:00 1854976 ----a-w- c:\windows\system32\win32k.sys 2010-12-22 12:34 . 2004-08-04 08:00 301568 ----a-w- c:\windows\system32\kerberos.dll 2010-12-20 23:59 . 2004-08-04 08:00 916480 ----a-w- c:\windows\system32\wininet.dll 2010-12-20 23:59 . 2004-08-04 08:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2010-12-20 23:59 . 2004-08-04 08:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2010-12-20 17:26 . 2004-08-04 08:00 730112 ----a-w- c:\windows\system32\lsasrv.dll 2010-12-20 12:55 . 2004-08-04 08:00 385024 ----a-w- c:\windows\system32\html.iec 2011-03-12 05:19 . 2006-09-25 20:42 66408 ----a-w- c:\program files\mozilla firefox\components\jar50.dll 2011-03-12 05:19 . 2006-09-25 20:42 54112 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll 2011-03-12 05:19 . 2011-03-12 05:19 34688 ----a-w- c:\program files\mozilla firefox\components\myspell.dll 2011-03-12 05:19 . 2011-03-12 05:19 46456 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll 2011-03-12 05:19 . 2006-09-25 20:42 171880 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll . . ------- Sigcheck ------- . [7] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfcfiles.dll [7] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\sfcfiles.dll [7] 2004-08-04 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfcfiles.dll . c:\windows\System32\sfcfiles.dll ... is missing !! . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-07-01 36864] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AGRSMMSG"="AGRSMMSG.exe" [2005-04-13 88209] "SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-06 149280] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-03 122939] "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-02 102492] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-02 692316] "eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 290816] "Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2004-11-19 233534] "LogitechCommunicationsManager"="c:\program files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-06-26 497200] "LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2006-06-26 614960] "LVCOMSX"="c:\program files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-06-26 243248] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-03-26 49152] "hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-03-13 81920] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160] "TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2010-11-02 274608] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-12-21 155648] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-12-21 126976] . c:\documents and settings\milzyc\Start Menu\Programs\Startup\ VZAccess Manager.lnk - c:\program files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe [N/A] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-7-1 196608] . [HKLM\~\startupfolder\C:^Documents and Settings^administrator.AUCTIONINN^Start Menu^Programs^Startup^Dora the Explorer_ Dance to the Rescue Registration.lnk] path=c:\documents and settings\administrator.AUCTIONINN\Start Menu\Programs\Startup\Dora the Explorer_ Dance to the Rescue Registration.lnk backup=c:\windows\pss\Dora the Explorer_ Dance to the Rescue Registration.lnkStartup . [HKLM\~\startupfolder\C:^Documents and Settings^administrator.AUCTIONINN^Start Menu^Programs^Startup^VZAccess Manager.lnk] path=c:\documents and settings\administrator.AUCTIONINN\Start Menu\Programs\Startup\VZAccess Manager.lnk backup=c:\windows\pss\VZAccess Manager.lnkStartup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent] 2006-06-21 02:36 1207080 ----a-w- c:\progra~1\MICROS~3\wcescomm.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\FrostWire\\FrostWire.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service "443:TCP"= 443:TCP:*:Disabled:ooVoo TCP port 443 "443:UDP"= 443:UDP:*:Disabled:ooVoo UDP port 443 "37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP port 37674 "37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP port 37674 "37675:UDP"= 37675:UDP:*:Disabled:ooVoo UDP port 37675 . R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [5/3/2004 12:26 PM 80384] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/4/2010 2:49 PM 135664] S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?] S3 pwi_bus;Curitel PC Card Composite Device driver (WDM);c:\windows\system32\drivers\pwi_bus.sys [12/5/2006 11:12 AM 55344] S3 pwi_mdfl;Curitel PC Card Filter;c:\windows\system32\drivers\pwi_mdfl.sys [12/5/2006 11:12 AM 9200] S3 pwi_mdm;Curitel PC Card Drivers;c:\windows\system32\drivers\pwi_mdm.sys [12/5/2006 11:12 AM 89936] S3 pwi_oflt;Curitel PC Card OHCI Filter;c:\windows\system32\drivers\pwi_oflt.sys [12/5/2006 11:12 AM 9472] S3 pwi_serd;Curitel PC Card Diagnostic Serial Port (WDM);c:\windows\system32\drivers\pwi_serd.sys [12/5/2006 11:12 AM 69632] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder . 2010-11-20 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50] . 2011-03-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 18:49] . 2011-03-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 18:49] . 2011-03-14 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-18.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-10-20 22:32] . 2011-03-14 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1143423117-2145742611-1760610739-500.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-10-20 22:32] . 2011-03-14 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-269360215-3030256761-234219110-500.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-10-20 22:32] . 2010-11-21 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-18.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-10-20 22:32] . 2011-03-12 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1143423117-2145742611-1760610739-500.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-10-20 22:32] . 2011-03-12 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-269360215-3030256761-234219110-500.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-10-20 22:32] . 2011-03-14 c:\windows\Tasks\User_Feed_Synchronization-{E740A38F-31CF-4AF5-B20A-4EF5A1D69451}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 09:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.ask.com?o=14196&l=dis uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uDefault_Search_URL = hxxp://www.google.com/ie uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/ uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll FF - ProfilePath - c:\documents and settings\administrator.AUCTIONINN\Application Data\Mozilla\Firefox\Profiles\f0bc7g4u.default\ FF - prefs.js: browser.startup.homepage - hxxp://m.www.yahoo.com/ FF - prefs.js: keyword.URL - hxxp://search.mywebstart.net/?sid=10101070100&s= FF - user.js: browser.search.order.1 - Search FF - user.js: keyword.URL - hxxp://search.mywebstart.net/?sid=10101070100&s= . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-03-13 21:52 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????5?6?7?6??????? ?4?B?????????????hLC? ?????? . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(8032) c:\windows\system32\WININET.dll c:\program files\Common Files\Logitech\LVMVFM\LVPrcInj.dll c:\docume~1\ADMINI~1.AUC\LOCALS~1\Temp\IadHide5.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Analog Devices\SoundMAX\SMAgent.exe c:\program files\Windows Media Player\WMPNetwk.exe c:\windows\AGRSMMSG.exe c:\program files\HPQ\SHARED\HPQWMI.exe c:\program files\Microsoft ActiveSync\wcescomm.exe c:\progra~1\MICROS~3\rapimgr.exe c:\program files\Logitech\QuickCam10\COCIManager.exe c:\program files\iPod\bin\iPodService.exe c:\windows\system32\imapi.exe . ************************************************************************** . Completion time: 2011-03-13 22:00:33 - machine was rebooted ComboFix-quarantined-files.txt 2011-03-14 02:00 ComboFix2.txt 2011-03-14 01:20 . Pre-Run: 14,962,786,304 bytes free Post-Run: 14,960,144,384 bytes free . - - End Of File - - 8CE23D9DE793B27E2052530340586D42
  4. Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 6043 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 3/13/2011 1:51:37 PM mbam-log-2011-03-13 (13-51-37).txt Scan type: Quick scan Objects scanned: 187815 Time elapsed: 41 minute(s), 59 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) . DDS (Ver_11-03-05.01) - NTFSx86 Run by Administrator at 13:53:24.95 on Sun 03/13/2011 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_16 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.545 [GMT -4:00] . . ============== Running Processes =============== . C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\WINDOWS\system32\svchost.exe -k hpdevmgmt C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\Explorer.EXE C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe C:\Program Files\Logitech\QuickCam10\QuickCam10.exe C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\HPQ\SHARED\HPQWMI.exe C:\Program Files\Real\RealPlayer\update\realsched.exe C:\WINDOWS\system32\igfxtray.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\PROGRA~1\MICROS~3\rapimgr.exe C:\Program Files\Logitech\QuickCam10\COCIManager.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\administrator.AUCTIONINN\Desktop\dds.scr . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.ask.com?o=14196&l=dis uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uDefault_Search_URL = hxxp://www.google.com/ie uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/ uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchAssistant = hxxp://www.google.com/ie TB: ooVoo Toolbar: {a1fb2f9a-d35e-11dd-8935-e46a56d89593} - uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [LDM] c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe" mRun: [AGRSMMSG] AGRSMMSG.exe mRun: [soundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe mRun: [soundMAX] c:\program files\analog devices\soundmax\Smax4.exe /tray mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [dla] c:\windows\system32\dla\tfswctrl.exe mRun: [synTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [eabconfg.cpl] c:\program files\hpq\quick launch buttons\EabServr.exe /Start mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe mRun: [hpWirelessAssistant] "%ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe" mRun: [LogitechCommunicationsManager] "c:\program files\common files\logitech\lcommgr\Communications_Helper.exe" mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam10\QuickCam10.exe" /hide mRun: [LVCOMSX] "c:\program files\common files\logitech\lcommgr\LVComSX.exe" mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LDMConf.exe IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://a1540.g.akamai.net/7/1540/52/20070711/qtinstall.info.apple.com/qtactivex/qtplugin.cab DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll Notify: igfxcui - igfxsrvc.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\docume~1\admini~1.auc\applic~1\mozilla\firefox\profiles\f0bc7g4u.default\ FF - prefs.js: browser.search.selectedEngine - Search FF - prefs.js: browser.startup.homepage - hxxp://m.www.yahoo.com/ FF - prefs.js: keyword.URL - hxxp://search.mywebstart.net/?sid=10101070100&s= FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll FF - component: c:\progra~1\mozill~1\extensions\talkback@mozilla.org\components\qfaservices.dll FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon2\components\hpClipBook.dll FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon2\components\hpClipBookDB.dll FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon2\components\hpSmartSelect.dll FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon2\components\hpSmartWebPrinting.dll . ---- FIREFOX POLICIES ---- FF - user.js: browser.search.selectedEngine - Search FF - user.js: browser.search.order.1 - Search FF - user.js: keyword.URL - hxxp://search.mywebstart.net/?sid=10101070100&s= ============= SERVICES / DRIVERS =============== . R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2004-5-3 80384] S0 mjju;mjju; [x] S0 qdtnrrvor;qdtnrrvor;c:\windows\system32\drivers\qdtnrrvor.sys [2010-11-23 0] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-4 135664] S2 Ias;Ias;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336] S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program files\lavasoft\ad-aware\KernExplorer.sys [?] S3 pwi_bus;Curitel PC Card Composite Device driver (WDM);c:\windows\system32\drivers\pwi_bus.sys [2006-12-5 55344] S3 pwi_mdfl;Curitel PC Card Filter;c:\windows\system32\drivers\pwi_mdfl.sys [2006-12-5 9200] S3 pwi_mdm;Curitel PC Card Drivers;c:\windows\system32\drivers\pwi_mdm.sys [2006-12-5 89936] S3 pwi_oflt;Curitel PC Card OHCI Filter;c:\windows\system32\drivers\pwi_oflt.sys [2006-12-5 9472] S3 pwi_serd;Curitel PC Card Diagnostic Serial Port (WDM);c:\windows\system32\drivers\pwi_serd.sys [2006-12-5 69632] . =============== Created Last 30 ================ . 2011-03-13 01:45:47 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys 2011-03-13 01:44:47 55296 ----a-w- c:\windows\system32\SET7B.tmp 2011-03-13 01:44:39 1991680 ----a-w- c:\windows\system32\SET80.tmp 2011-03-13 01:44:34 916480 ----a-w- c:\windows\system32\SET75.tmp 2011-03-13 01:44:32 602112 ----a-w- c:\windows\system32\SET7C.tmp 2011-03-13 01:44:30 1210880 ----a-w- c:\windows\system32\SET76.tmp 2011-03-13 01:44:26 5961216 ----a-w- c:\windows\system32\SET7A.tmp 2011-03-13 01:42:08 45568 ------w- c:\windows\system32\dllcache\wab.exe 2011-03-12 05:20:20 431144 ----a-w- c:\program files\mozilla firefox\uninstall\helper.exe 2011-03-12 05:19:24 46456 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll 2011-03-12 05:19:23 34688 ----a-w- c:\program files\mozilla firefox\components\myspell.dll 2011-03-12 04:12:46 -------- dc-h--w- c:\docume~1\alluse~1\applic~1\{78A29A4D-35CE-4C46-9AC9-2692EE35F0BE} 2011-03-12 04:09:50 -------- d-----w- c:\program files\Lavasoft 2011-03-11 17:06:50 -------- d-----w- c:\docume~1\admini~1.auc\applic~1\Auslogics 2011-03-11 17:05:05 -------- d-----w- c:\program files\Auslogics 2011-03-11 16:53:49 -------- d-----w- c:\program files\WinMend 2011-03-10 18:11:23 -------- d--h--w- c:\windows\system32\GroupPolicy 2011-03-08 20:46:00 0 ----a-w- c:\windows\isopozadutodi.dll 2011-03-08 20:44:14 -------- d-----w- c:\program files\Search Toolbar 2011-03-08 20:43:50 -------- d-----w- c:\program files\Yontoo Layers Client 2011-03-08 20:43:48 -------- d-----w- c:\docume~1\alluse~1\applic~1\Tarma Installer 2011-03-08 19:44:24 0 ----a-w- c:\windows\upekifas.dll 2011-03-04 15:06:15 -------- d-----w- c:\docume~1\admini~1.auc\applic~1\oovootb 2011-03-03 18:53:33 -------- d-----w- c:\docume~1\admini~1.auc\applic~1\Malwarebytes 2011-03-03 18:53:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-03-03 18:53:13 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes 2011-03-03 18:53:10 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-03-03 18:53:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-03-02 20:45:57 0 ----a-w- c:\windows\ayusoxiwuv.dll 2011-03-02 20:40:55 0 ----a-w- c:\windows\obohexopakenup.dll . ==================== Find3M ==================== . 2011-02-11 15:08:53 0 ----a-w- c:\windows\ezunopaf.dll 2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll 2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll 2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll 2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe 2011-01-21 14:44:37 8462336 ----a-w- c:\windows\system32\SETB4.tmp 2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll 2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll 2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys 2010-12-22 12:34:28 301568 ----a-w- c:\windows\system32\SETD3.tmp 2010-12-21 10:29:20 11080704 ----a-w- c:\windows\system32\SET82.tmp 2010-12-20 23:59:19 43520 ----a-w- c:\windows\system32\licmgr10.dll 2010-12-20 23:59:19 1469440 ------w- c:\windows\system32\inetcpl.cpl 2010-12-20 17:26:00 730112 ----a-w- c:\windows\system32\lsasrv.dll 2010-12-20 12:55:26 385024 ----a-w- c:\windows\system32\html.iec . ============= FINISH: 13:54:09.31 ===============
  5. Thank you for your help. Here are my logs: 2011/03/12 20:28:20.0546 2052 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28 2011/03/12 20:28:20.0562 2052 ================================================================================ 2011/03/12 20:28:20.0562 2052 SystemInfo: 2011/03/12 20:28:20.0562 2052 2011/03/12 20:28:20.0562 2052 OS Version: 5.1.2600 ServicePack: 3.0 2011/03/12 20:28:20.0562 2052 Product type: Workstation 2011/03/12 20:28:20.0562 2052 ComputerName: OPSHPLAPTOP 2011/03/12 20:28:20.0562 2052 UserName: Administrator 2011/03/12 20:28:20.0562 2052 Windows directory: C:\WINDOWS 2011/03/12 20:28:20.0562 2052 System windows directory: C:\WINDOWS 2011/03/12 20:28:20.0562 2052 Processor architecture: Intel x86 2011/03/12 20:28:20.0562 2052 Number of processors: 1 2011/03/12 20:28:20.0562 2052 Page size: 0x1000 2011/03/12 20:28:20.0562 2052 Boot type: Normal boot 2011/03/12 20:28:20.0562 2052 ================================================================================ 2011/03/12 20:28:20.0906 2052 Initialize success 2011/03/12 20:28:30.0859 0580 ================================================================================ 2011/03/12 20:28:30.0859 0580 Scan started 2011/03/12 20:28:30.0859 0580 Mode: Manual; 2011/03/12 20:28:30.0859 0580 ================================================================================ 2011/03/12 20:28:33.0640 0580 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 2011/03/12 20:28:34.0250 0580 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys 2011/03/12 20:28:35.0359 0580 aeaudio (ad707942e4ccb28d77cee5ed989c9e55) C:\WINDOWS\system32\drivers\aeaudio.sys 2011/03/12 20:28:36.0187 0580 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 2011/03/12 20:28:36.0953 0580 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys 2011/03/12 20:28:38.0140 0580 AgereSoftModem (029e01cb2938bec5af31bf47b6af0159) C:\WINDOWS\system32\DRIVERS\AGRSM.sys 2011/03/12 20:28:40.0953 0580 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys 2011/03/12 20:28:42.0109 0580 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 2011/03/12 20:28:44.0625 0580 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 2011/03/12 20:28:45.0593 0580 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 2011/03/12 20:28:46.0765 0580 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 2011/03/12 20:28:47.0328 0580 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 2011/03/12 20:28:48.0031 0580 b57w2k (2fa609c3411ec5f77f42d0b04d304ae5) C:\WINDOWS\system32\DRIVERS\b57xp32.sys 2011/03/12 20:28:48.0656 0580 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 2011/03/12 20:28:49.0796 0580 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 2011/03/12 20:28:50.0375 0580 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 2011/03/12 20:28:51.0890 0580 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 2011/03/12 20:28:52.0500 0580 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 2011/03/12 20:28:53.0125 0580 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2011/03/12 20:28:54.0250 0580 ClntMgmt.sys (573da08641afc8d940e0431945867906) C:\WINDOWS\System32\Drivers\ClntMgmt.sys 2011/03/12 20:28:54.0781 0580 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys 2011/03/12 20:28:55.0859 0580 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys 2011/03/12 20:28:58.0078 0580 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 2011/03/12 20:28:59.0140 0580 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 2011/03/12 20:29:00.0312 0580 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 2011/03/12 20:29:00.0921 0580 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 2011/03/12 20:29:01.0484 0580 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 2011/03/12 20:29:02.0687 0580 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 2011/03/12 20:29:03.0296 0580 drvmcdb (f41619ae216b51d68dda163805eefaa9) C:\WINDOWS\system32\drivers\drvmcdb.sys 2011/03/12 20:29:03.0875 0580 drvnddm (b295700e684ed1984db1d6be40354421) C:\WINDOWS\system32\drivers\drvnddm.sys 2011/03/12 20:29:04.0453 0580 eabfiltr (81b7808d3b5892388f33273119c2dc31) C:\WINDOWS\system32\drivers\EABFiltr.sys 2011/03/12 20:29:05.0046 0580 eabusb (1ba14da377b66278335d4b9e8824cd42) C:\WINDOWS\system32\drivers\eabusb.sys 2011/03/12 20:29:05.0765 0580 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 2011/03/12 20:29:06.0375 0580 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 2011/03/12 20:29:07.0000 0580 FilterService (64795f5368272d034a108d34c0f4e44f) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys 2011/03/12 20:29:07.0562 0580 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 2011/03/12 20:29:08.0281 0580 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 2011/03/12 20:29:08.0890 0580 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 2011/03/12 20:29:09.0546 0580 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 2011/03/12 20:29:10.0156 0580 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 2011/03/12 20:29:10.0750 0580 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 2011/03/12 20:29:11.0343 0580 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 2011/03/12 20:29:12.0015 0580 GTIPCI21 (7d074058804ad398f93ca0a08af83ff2) C:\WINDOWS\system32\DRIVERS\gtipci21.sys 2011/03/12 20:29:12.0640 0580 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 2011/03/12 20:29:13.0859 0580 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys 2011/03/12 20:29:14.0437 0580 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys 2011/03/12 20:29:15.0046 0580 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys 2011/03/12 20:29:15.0796 0580 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 2011/03/12 20:29:17.0609 0580 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 2011/03/12 20:29:18.0656 0580 ialm (c600649ca5ba2a7c9b280e9f90c5db25) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys 2011/03/12 20:29:19.0750 0580 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 2011/03/12 20:29:20.0828 0580 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys 2011/03/12 20:29:21.0359 0580 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 2011/03/12 20:29:21.0968 0580 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 2011/03/12 20:29:22.0703 0580 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2011/03/12 20:29:23.0281 0580 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 2011/03/12 20:29:23.0921 0580 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 2011/03/12 20:29:24.0562 0580 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2011/03/12 20:29:25.0281 0580 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys 2011/03/12 20:29:25.0812 0580 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 2011/03/12 20:29:26.0390 0580 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2011/03/12 20:29:26.0921 0580 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2011/03/12 20:29:27.0531 0580 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 2011/03/12 20:29:28.0234 0580 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 2011/03/12 20:29:28.0921 0580 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 2011/03/12 20:29:31.0000 0580 LVcKap (2d0ab9d29e6b0c42cce955b5a8e0d62d) C:\WINDOWS\system32\DRIVERS\LVcKap.sys 2011/03/12 20:29:33.0765 0580 LVMVDrv (a3963e3d997c3646e1d3338eb88a48e9) C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys 2011/03/12 20:29:36.0250 0580 lvpopflt (2154ea3701f4f1f8f2ab7750b41f149b) C:\WINDOWS\system32\DRIVERS\lvpopflt.sys 2011/03/12 20:29:37.0703 0580 LVPr2Mon (39c767bd6d99c23d28e71b6e0cba3129) C:\WINDOWS\system32\drivers\LVPr2Mon.sys 2011/03/12 20:29:38.0328 0580 lvselsus (6e59bc28a41f8a2b702d345a5604652f) C:\WINDOWS\system32\DRIVERS\lvselsus.sys 2011/03/12 20:29:39.0015 0580 LVUSBSta (6ad3f5275f117f08c12eab2233a9e3fb) C:\WINDOWS\system32\drivers\lvusbsta.sys 2011/03/12 20:29:40.0156 0580 LVUVC (b48e599a8cf96876760c7ee62c1352ec) C:\WINDOWS\system32\DRIVERS\lvuvc.sys 2011/03/12 20:29:41.0843 0580 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 2011/03/12 20:29:42.0453 0580 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 2011/03/12 20:29:43.0015 0580 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 2011/03/12 20:29:43.0546 0580 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 2011/03/12 20:29:44.0140 0580 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 2011/03/12 20:29:45.0515 0580 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 2011/03/12 20:29:46.0406 0580 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2011/03/12 20:29:47.0187 0580 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 2011/03/12 20:29:47.0812 0580 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 2011/03/12 20:29:48.0343 0580 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2011/03/12 20:29:48.0953 0580 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 2011/03/12 20:29:49.0531 0580 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 2011/03/12 20:29:50.0250 0580 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys 2011/03/12 20:29:50.0875 0580 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys 2011/03/12 20:29:51.0453 0580 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 2011/03/12 20:29:52.0203 0580 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 2011/03/12 20:29:52.0890 0580 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 2011/03/12 20:29:53.0421 0580 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 2011/03/12 20:29:54.0078 0580 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 2011/03/12 20:29:54.0687 0580 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 2011/03/12 20:29:55.0312 0580 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys 2011/03/12 20:29:55.0890 0580 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 2011/03/12 20:29:56.0515 0580 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 2011/03/12 20:29:57.0218 0580 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys 2011/03/12 20:29:57.0843 0580 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 2011/03/12 20:29:58.0703 0580 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 2011/03/12 20:29:59.0625 0580 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 2011/03/12 20:30:00.0265 0580 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2011/03/12 20:30:01.0015 0580 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2011/03/12 20:30:01.0687 0580 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 2011/03/12 20:30:02.0453 0580 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys 2011/03/12 20:30:03.0093 0580 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 2011/03/12 20:30:03.0656 0580 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 2011/03/12 20:30:04.0296 0580 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 2011/03/12 20:30:05.0343 0580 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 2011/03/12 20:30:05.0921 0580 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys 2011/03/12 20:30:09.0562 0580 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 2011/03/12 20:30:10.0281 0580 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 2011/03/12 20:30:10.0859 0580 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 2011/03/12 20:30:11.0437 0580 pwi_bus (0af65a778e8e3a651666ebb7f7ce7bfe) C:\WINDOWS\system32\DRIVERS\pwi_bus.sys 2011/03/12 20:30:12.0062 0580 pwi_mdfl (f6fd82b7e85290882e5ae1820ca2c447) C:\WINDOWS\system32\DRIVERS\pwi_mdfl.sys 2011/03/12 20:30:12.0703 0580 pwi_mdm (78765d89d30d9e4886b6f4580e6b1f67) C:\WINDOWS\system32\DRIVERS\pwi_mdm.sys 2011/03/12 20:30:13.0343 0580 pwi_oflt (c671e19546554047c4ea8213695225a6) C:\WINDOWS\system32\DRIVERS\pwi_oflt.sys 2011/03/12 20:30:13.0921 0580 pwi_serd (b1704382cf18b1ab3245537e5f7f9f23) C:\WINDOWS\system32\DRIVERS\pwi_serd.sys 2011/03/12 20:30:14.0531 0580 PxHelp20 (30cbae0a34359f1cd19d1576245149ed) C:\WINDOWS\system32\Drivers\PxHelp20.sys 2011/03/12 20:30:15.0109 0580 QCDonner (fddd1aeb9f81ef1e6e48ae1edc2a97d6) C:\WINDOWS\system32\DRIVERS\OVCD.sys 2011/03/12 20:30:18.0953 0580 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2011/03/12 20:30:19.0531 0580 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys 2011/03/12 20:30:20.0281 0580 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2011/03/12 20:30:20.0859 0580 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 2011/03/12 20:30:21.0390 0580 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 2011/03/12 20:30:22.0031 0580 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 2011/03/12 20:30:22.0593 0580 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2011/03/12 20:30:23.0250 0580 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 2011/03/12 20:30:24.0046 0580 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 2011/03/12 20:30:24.0750 0580 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 2011/03/12 20:30:25.0375 0580 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys 2011/03/12 20:30:26.0000 0580 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 2011/03/12 20:30:26.0609 0580 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 2011/03/12 20:30:27.0203 0580 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys 2011/03/12 20:30:27.0796 0580 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 2011/03/12 20:30:28.0906 0580 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys 2011/03/12 20:30:29.0484 0580 SMCIRDA (a8eb0aa07632a4c936ff6f8eda5bdead) C:\WINDOWS\system32\DRIVERS\smcirda.sys 2011/03/12 20:30:30.0312 0580 smwdm (858934c454bdc6664c752bf0cd3eaeae) C:\WINDOWS\system32\drivers\smwdm.sys 2011/03/12 20:30:31.0046 0580 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS 2011/03/12 20:30:32.0203 0580 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 2011/03/12 20:30:32.0843 0580 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 2011/03/12 20:30:33.0687 0580 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys 2011/03/12 20:30:34.0406 0580 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys 2011/03/12 20:30:34.0968 0580 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys 2011/03/12 20:30:35.0562 0580 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 2011/03/12 20:30:36.0140 0580 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 2011/03/12 20:30:36.0734 0580 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 2011/03/12 20:30:39.0578 0580 SynTP (1dbc86da355b5db35174f862c110fd09) C:\WINDOWS\system32\DRIVERS\SynTP.sys 2011/03/12 20:30:40.0234 0580 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 2011/03/12 20:30:41.0015 0580 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 2011/03/12 20:30:41.0843 0580 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 2011/03/12 20:30:42.0453 0580 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 2011/03/12 20:30:43.0062 0580 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 2011/03/12 20:30:43.0609 0580 tfsnboio (2aceb9567639ff2db9d862104a80227a) C:\WINDOWS\system32\dla\tfsnboio.sys 2011/03/12 20:30:44.0250 0580 tfsncofs (d9f936eac2a6d55e3de87bedff8137a9) C:\WINDOWS\system32\dla\tfsncofs.sys 2011/03/12 20:30:44.0828 0580 tfsndrct (0fd9805bc047ada2cff540d4b7fa71fb) C:\WINDOWS\system32\dla\tfsndrct.sys 2011/03/12 20:30:45.0328 0580 tfsndres (f8b907198e2540a4a340f1e6775f7b71) C:\WINDOWS\system32\dla\tfsndres.sys 2011/03/12 20:30:45.0859 0580 tfsnifs (fb11349b31346290d098941f0216cc45) C:\WINDOWS\system32\dla\tfsnifs.sys 2011/03/12 20:30:46.0375 0580 tfsnopio (1994265f3a90e23a9434bba687f1a069) C:\WINDOWS\system32\dla\tfsnopio.sys 2011/03/12 20:30:46.0875 0580 tfsnpool (0b3d2bd550aa63bfd25ae8c5afbf7f76) C:\WINDOWS\system32\dla\tfsnpool.sys 2011/03/12 20:30:47.0453 0580 tfsnudf (716edddba259a2d699332df95301edda) C:\WINDOWS\system32\dla\tfsnudf.sys 2011/03/12 20:30:48.0062 0580 tfsnudfa (a8ee7bbdd0b8c01e38221d0dca2e7aaa) C:\WINDOWS\system32\dla\tfsnudfa.sys 2011/03/12 20:30:48.0812 0580 tifm21 (a900f20ac0ed38223fbb87d2884cafb9) C:\WINDOWS\system32\drivers\tifm21.sys 2011/03/12 20:30:49.0968 0580 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 2011/03/12 20:30:51.0312 0580 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 2011/03/12 20:30:52.0156 0580 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys 2011/03/12 20:30:52.0765 0580 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys 2011/03/12 20:30:53.0406 0580 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 2011/03/12 20:30:54.0015 0580 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 2011/03/12 20:30:54.0625 0580 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 2011/03/12 20:30:55.0171 0580 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys 2011/03/12 20:30:55.0734 0580 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 2011/03/12 20:30:56.0281 0580 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 2011/03/12 20:30:56.0859 0580 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2011/03/12 20:30:57.0406 0580 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 2011/03/12 20:30:57.0937 0580 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys 2011/03/12 20:30:58.0515 0580 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 2011/03/12 20:30:59.0156 0580 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys 2011/03/12 20:30:59.0703 0580 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 2011/03/12 20:31:02.0125 0580 w29n51 (c89da341fcc883a3d79dc11727484fc2) C:\WINDOWS\system32\DRIVERS\w29n51.sys 2011/03/12 20:31:04.0531 0580 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 2011/03/12 20:31:05.0703 0580 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 2011/03/12 20:31:06.0562 0580 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 2011/03/12 20:31:07.0156 0580 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys 2011/03/12 20:31:07.0890 0580 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 2011/03/12 20:31:08.0515 0580 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 2011/03/12 20:31:09.0140 0580 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 2011/03/12 20:31:09.0265 0580 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0) 2011/03/12 20:31:09.0281 0580 ================================================================================ 2011/03/12 20:31:09.0281 0580 Scan finished 2011/03/12 20:31:09.0281 0580 ================================================================================ 2011/03/12 20:31:09.0312 3672 Detected object count: 1 2011/03/12 20:31:40.0718 3672 \HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot 2011/03/12 20:31:40.0718 3672 \HardDisk0 - ok 2011/03/12 20:31:40.0718 3672 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure 2011/03/12 20:32:18.0937 1668 Deinitialize success . DDS (Ver_11-03-05.01) - NTFSx86 Run by Administrator at 20:44:38.96 on Sat 03/12/2011 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_16 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.609 [GMT -5:00] . . ============== Running Processes =============== . C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\WINDOWS\system32\svchost.exe -k hpdevmgmt C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe C:\Program Files\Logitech\QuickCam10\QuickCam10.exe C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\HPQ\SHARED\HPQWMI.exe C:\Program Files\Real\RealPlayer\update\realsched.exe C:\WINDOWS\system32\igfxtray.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\PROGRA~1\MICROS~3\rapimgr.exe C:\Program Files\Logitech\QuickCam10\COCIManager.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\administrator.AUCTIONINN\Desktop\dds.scr . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.ask.com?o=14196&l=dis uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uDefault_Search_URL = hxxp://www.google.com/ie uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/ uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchAssistant = hxxp://www.google.com/ie TB: ooVoo Toolbar: {a1fb2f9a-d35e-11dd-8935-e46a56d89593} - uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [LDM] c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe" mRun: [AGRSMMSG] AGRSMMSG.exe mRun: [soundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe mRun: [soundMAX] c:\program files\analog devices\soundmax\Smax4.exe /tray mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [dla] c:\windows\system32\dla\tfswctrl.exe mRun: [synTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [eabconfg.cpl] c:\program files\hpq\quick launch buttons\EabServr.exe /Start mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe mRun: [hpWirelessAssistant] "%ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe" mRun: [LogitechCommunicationsManager] "c:\program files\common files\logitech\lcommgr\Communications_Helper.exe" mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam10\QuickCam10.exe" /hide mRun: [LVCOMSX] "c:\program files\common files\logitech\lcommgr\LVComSX.exe" mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LDMConf.exe IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://a1540.g.akamai.net/7/1540/52/20070711/qtinstall.info.apple.com/qtactivex/qtplugin.cab DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll Notify: igfxcui - igfxsrvc.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\docume~1\admini~1.auc\applic~1\mozilla\firefox\profiles\f0bc7g4u.default\ FF - prefs.js: browser.search.selectedEngine - Search FF - prefs.js: browser.startup.homepage - hxxp://m.www.yahoo.com/ FF - prefs.js: keyword.URL - hxxp://search.mywebstart.net/?sid=10101070100&s= FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll FF - component: c:\progra~1\mozill~1\extensions\talkback@mozilla.org\components\qfaservices.dll FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon2\components\hpClipBook.dll FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon2\components\hpClipBookDB.dll FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon2\components\hpSmartSelect.dll FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon2\components\hpSmartWebPrinting.dll . ---- FIREFOX POLICIES ---- FF - user.js: browser.search.selectedEngine - Search FF - user.js: browser.search.order.1 - Search FF - user.js: keyword.URL - hxxp://search.mywebstart.net/?sid=10101070100&s= ============= SERVICES / DRIVERS =============== . R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2004-5-3 80384] S0 mjju;mjju; [x] S0 qdtnrrvor;qdtnrrvor;c:\windows\system32\drivers\qdtnrrvor.sys [2010-11-23 0] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-4 135664] S2 Ias;Ias;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336] S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program files\lavasoft\ad-aware\KernExplorer.sys [?] S3 pwi_bus;Curitel PC Card Composite Device driver (WDM);c:\windows\system32\drivers\pwi_bus.sys [2006-12-5 55344] S3 pwi_mdfl;Curitel PC Card Filter;c:\windows\system32\drivers\pwi_mdfl.sys [2006-12-5 9200] S3 pwi_mdm;Curitel PC Card Drivers;c:\windows\system32\drivers\pwi_mdm.sys [2006-12-5 89936] S3 pwi_oflt;Curitel PC Card OHCI Filter;c:\windows\system32\drivers\pwi_oflt.sys [2006-12-5 9472] S3 pwi_serd;Curitel PC Card Diagnostic Serial Port (WDM);c:\windows\system32\drivers\pwi_serd.sys [2006-12-5 69632] . =============== Created Last 30 ================ . 2011-03-12 05:20:20 431144 ----a-w- c:\program files\mozilla firefox\uninstall\helper.exe 2011-03-12 05:19:24 46456 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll 2011-03-12 05:19:23 34688 ----a-w- c:\program files\mozilla firefox\components\myspell.dll 2011-03-12 04:12:46 -------- dc-h--w- c:\docume~1\alluse~1\applic~1\{78A29A4D-35CE-4C46-9AC9-2692EE35F0BE} 2011-03-12 04:09:50 -------- d-----w- c:\program files\Lavasoft 2011-03-11 17:06:50 -------- d-----w- c:\docume~1\admini~1.auc\applic~1\Auslogics 2011-03-11 17:05:05 -------- d-----w- c:\program files\Auslogics 2011-03-11 16:53:49 -------- d-----w- c:\program files\WinMend 2011-03-10 18:11:23 -------- d--h--w- c:\windows\system32\GroupPolicy 2011-03-08 20:46:00 0 ----a-w- c:\windows\isopozadutodi.dll 2011-03-08 20:44:14 -------- d-----w- c:\program files\Search Toolbar 2011-03-08 20:43:50 -------- d-----w- c:\program files\Yontoo Layers Client 2011-03-08 20:43:48 -------- d-----w- c:\docume~1\alluse~1\applic~1\Tarma Installer 2011-03-08 19:44:24 0 ----a-w- c:\windows\upekifas.dll 2011-03-04 15:06:15 -------- d-----w- c:\docume~1\admini~1.auc\applic~1\oovootb 2011-03-03 18:53:33 -------- d-----w- c:\docume~1\admini~1.auc\applic~1\Malwarebytes 2011-03-03 18:53:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-03-03 18:53:13 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes 2011-03-03 18:53:10 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-03-03 18:53:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-03-02 20:45:57 0 ----a-w- c:\windows\ayusoxiwuv.dll 2011-03-02 20:40:55 0 ----a-w- c:\windows\obohexopakenup.dll 2011-02-11 15:08:53 0 ----a-w- c:\windows\ezunopaf.dll . ==================== Find3M ==================== . . ============= FINISH: 20:47:12.62 ===============
  6. A friend recently gave me her computer to try and fix. It had the "Thinkpoint" malware infection which I thought I was rid off but I still seem to be having problems. I ran a bunch of scans and seemed to be rid of malicious files but once I tried to use the internet something just wasn't right. I started getting some redirects which I know is signs of malware infection. I ran through the steps (malwarebytes scan, defogger, dds, attach, and gmer). Im not sure if the GMER scanned finished correctly because it gave me a message that it detected rootkit activity. Any help is much appreciated. Here are my logs: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 6028 Windows 5.1.2600 Service Pack 3 (Safe Mode) Internet Explorer 8.0.6001.18702 3/12/2011 1:15:04 AM mbam-log-2011-03-12 (01-15-04).txt Scan type: Quick scan Objects scanned: 184395 Time elapsed: 22 minute(s), 10 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: c:\WINDOWS\Temp\1820 (PUP.WhiteSmoke) -> Quarantined and deleted successfully. . DDS (Ver_11-03-05.01) - NTFSx86 Run by Administrator at 1:30:42.14 on Sat 03/12/2011 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_16 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.491 [GMT -5:00] . . ============== Running Processes =============== . C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\WINDOWS\system32\svchost.exe -k hpdevmgmt C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\Explorer.EXE C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe C:\Program Files\Logitech\QuickCam10\QuickCam10.exe C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Real\RealPlayer\update\realsched.exe C:\WINDOWS\system32\igfxtray.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\Program Files\HPQ\SHARED\HPQWMI.exe C:\PROGRA~1\MICROS~3\rapimgr.exe C:\Program Files\Logitech\QuickCam10\COCIManager.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe C:\Documents and Settings\administrator.AUCTIONINN\Desktop\dds.scr . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.ask.com?o=14196&l=dis uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uDefault_Search_URL = hxxp://www.google.com/ie uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/ uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchAssistant = hxxp://www.google.com/ie TB: ooVoo Toolbar: {a1fb2f9a-d35e-11dd-8935-e46a56d89593} - uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [LDM] c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe" mRun: [AGRSMMSG] AGRSMMSG.exe mRun: [soundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe mRun: [soundMAX] c:\program files\analog devices\soundmax\Smax4.exe /tray mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [dla] c:\windows\system32\dla\tfswctrl.exe mRun: [synTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [eabconfg.cpl] c:\program files\hpq\quick launch buttons\EabServr.exe /Start mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe mRun: [hpWirelessAssistant] "%ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe" mRun: [LogitechCommunicationsManager] "c:\program files\common files\logitech\lcommgr\Communications_Helper.exe" mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam10\QuickCam10.exe" /hide mRun: [LVCOMSX] "c:\program files\common files\logitech\lcommgr\LVComSX.exe" mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LDMConf.exe IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://a1540.g.akamai.net/7/1540/52/20070711/qtinstall.info.apple.com/qtactivex/qtplugin.cab DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll Notify: igfxcui - igfxsrvc.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\docume~1\admini~1.auc\applic~1\mozilla\firefox\profiles\f0bc7g4u.default\ FF - prefs.js: browser.search.selectedEngine - Search FF - prefs.js: browser.startup.homepage - hxxp://m.www.yahoo.com/ FF - prefs.js: keyword.URL - hxxp://search.mywebstart.net/?sid=10101070100&s= FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll FF - component: c:\progra~1\mozill~1\extensions\talkback@mozilla.org\components\qfaservices.dll FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon2\components\hpClipBook.dll FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon2\components\hpClipBookDB.dll FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon2\components\hpSmartSelect.dll FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon2\components\hpSmartWebPrinting.dll . ---- FIREFOX POLICIES ---- FF - user.js: browser.search.selectedEngine - Search FF - user.js: browser.search.order.1 - Search FF - user.js: keyword.URL - hxxp://search.mywebstart.net/?sid=10101070100&s= ============= SERVICES / DRIVERS =============== . R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2004-5-3 80384] S0 mjju;mjju; [x] S0 qdtnrrvor;qdtnrrvor;c:\windows\system32\drivers\qdtnrrvor.sys [2010-11-23 0] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-4 135664] S2 Ias;Ias;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336] S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program files\lavasoft\ad-aware\KernExplorer.sys [?] S3 pwi_bus;Curitel PC Card Composite Device driver (WDM);c:\windows\system32\drivers\pwi_bus.sys [2006-12-5 55344] S3 pwi_mdfl;Curitel PC Card Filter;c:\windows\system32\drivers\pwi_mdfl.sys [2006-12-5 9200] S3 pwi_mdm;Curitel PC Card Drivers;c:\windows\system32\drivers\pwi_mdm.sys [2006-12-5 89936] S3 pwi_oflt;Curitel PC Card OHCI Filter;c:\windows\system32\drivers\pwi_oflt.sys [2006-12-5 9472] S3 pwi_serd;Curitel PC Card Diagnostic Serial Port (WDM);c:\windows\system32\drivers\pwi_serd.sys [2006-12-5 69632] . =============== Created Last 30 ================ . 2011-03-12 05:20:20 431144 ----a-w- c:\program files\mozilla firefox\uninstall\helper.exe 2011-03-12 05:19:24 46456 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll 2011-03-12 05:19:23 34688 ----a-w- c:\program files\mozilla firefox\components\myspell.dll 2011-03-12 04:12:46 -------- dc-h--w- c:\docume~1\alluse~1\applic~1\{78A29A4D-35CE-4C46-9AC9-2692EE35F0BE} 2011-03-12 04:09:50 -------- d-----w- c:\program files\Lavasoft 2011-03-11 17:06:50 -------- d-----w- c:\docume~1\admini~1.auc\applic~1\Auslogics 2011-03-11 17:05:05 -------- d-----w- c:\program files\Auslogics 2011-03-11 16:53:49 -------- d-----w- c:\program files\WinMend 2011-03-10 18:11:23 -------- d--h--w- c:\windows\system32\GroupPolicy 2011-03-08 20:46:00 0 ----a-w- c:\windows\isopozadutodi.dll 2011-03-08 20:44:14 -------- d-----w- c:\program files\Search Toolbar 2011-03-08 20:43:50 -------- d-----w- c:\program files\Yontoo Layers Client 2011-03-08 20:43:48 -------- d-----w- c:\docume~1\alluse~1\applic~1\Tarma Installer 2011-03-08 19:44:24 0 ----a-w- c:\windows\upekifas.dll 2011-03-04 15:06:15 -------- d-----w- c:\docume~1\admini~1.auc\applic~1\oovootb 2011-03-03 18:53:33 -------- d-----w- c:\docume~1\admini~1.auc\applic~1\Malwarebytes 2011-03-03 18:53:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-03-03 18:53:13 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes 2011-03-03 18:53:10 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-03-03 18:53:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-03-02 20:45:57 0 ----a-w- c:\windows\ayusoxiwuv.dll 2011-03-02 20:40:55 0 ----a-w- c:\windows\obohexopakenup.dll 2011-02-11 15:08:53 0 ----a-w- c:\windows\ezunopaf.dll . ==================== Find3M ==================== . . =================== ROOTKIT ==================== . Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Windows 5.1.2600 Disk: FUJITSU_MHV2040AH rev.00830096 -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-4 . device: opened successfully user: MBR read successfully . Disk trace: called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86B50446]<< _asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x86b56504]; MOV EAX, [0x86b56580]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; } 1 ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\Harddisk0\DR0[0x86AF8AB8] 3 CLASSPNP[0xF7637FD7] -> ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\00000088[0x86B729E8] 5 ACPI[0xF749E620] -> ntkrnlpa!IofCallDriver[0x804EE130] -> [0x86B76940] \Driver\atapi[0x86B66398] -> IRP_MJ_CREATE -> 0x86B50446 kernel: MBR read successfully _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x137; MOV BP, 0x62a; ROR BYTE [bP+0x0], CL; INC BP; } detected disk devices: \Device\Ide\IdeDeviceP0T0L0-4 -> \??\IDE#DiskFUJITSU_MHV2040AH_______________________00830096#5&e876a3d&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found detected hooks: \Driver\atapi DriverStartIo -> 0x86B50292 user != kernel MBR !!! sectors 78140158 (+255): user != kernel Warning: possible TDL4 rootkit infection ! TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix. . ============= FINISH: 1:33:02.15 =============== attach.zip
  7. Thanks a bunch for all your help! Much appreciated!
  8. I think that did the trick. No more redirects and now the Chrome browser is working. Here is the log: ComboFix 10-06-17.03 - BDR 06/18/2010 22:10:51.1.1 - x86 Running from: c:\documents and settings\BDR\Desktop\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Lister\g2mdlhlpx.exe c:\documents and settings\Lister\Local Settings\Application Data\Windows Server c:\documents and settings\Lister\Start Menu\Programs\Startup\ntuser_mssec.exe c:\documents and settings\Lister\Start Menu\Programs\Startup\sisytj32.exe c:\windows\system32\1.txt c:\windows\system32\1891678095.dat c:\windows\system32\2.txt c:\windows\system32\3618941941.dat c:\windows\system32\acctresy.exe c:\windows\system32\acleditx.exe c:\windows\system32\admwproxo.exe c:\windows\system32\Cache c:\windows\system32\lowsec c:\windows\system32\lowsec\local.ds c:\windows\system32\lowsec\user.ds c:\windows\system32\sdra64.exe c:\windows\system32\system c:\windows\system32\win.com Infected copy of c:\windows\system32\DRIVERS\intelppm.sys was found and disinfected Restored copy from - Kitty had a snack . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_MSSQLSERVERUPNPHOST -------\Legacy_OSEW3SVC -------\Legacy_SENSANTIVIRSCHEDULERSERVICE -------\Service_MSSQLServerupnphost -------\Service_oseW3SVC -------\Service_SENSAntiVirSchedulerService ((((((((((((((((((((((((( Files Created from 2010-05-19 to 2010-06-19 ))))))))))))))))))))))))))))))) . 2010-06-19 02:07 . 2008-04-13 18:31 36352 ----a-w- c:\windows\system32\drivers\intelppm.sys 2010-06-19 02:07 . 2008-04-13 18:31 36352 ----a-w- c:\windows\system32\dllcache\intelppm.sys 2010-06-19 01:59 . 2010-06-19 01:59 -------- d-----w- c:\documents and settings\BDR\Application Data\Malwarebytes 2010-06-18 18:45 . 2010-06-19 02:09 0 ----a-w- c:\windows\system32\aaclientf.sys 2010-06-18 03:02 . 2010-06-18 03:48 -------- d-----w- c:\documents and settings\BDR\Application Data\BitTorrent 2010-06-18 01:57 . 2010-06-18 01:57 -------- d-----w- c:\documents and settings\BDR\Application Data\vlc 2010-06-18 01:57 . 2010-06-18 01:57 -------- d-----w- c:\documents and settings\BDR\Application Data\DivX 2010-06-18 01:46 . 2010-06-18 01:47 -------- d-----w- c:\documents and settings\BDR\Local Settings\Application Data\Adobe 2010-06-18 01:43 . 2010-06-18 01:43 -------- d-sh--w- c:\documents and settings\BDR\IECompatCache 2010-06-18 01:42 . 2010-06-18 01:42 -------- d-sh--w- c:\documents and settings\BDR\PrivacIE 2010-06-18 01:38 . 2010-06-18 01:38 -------- d-----w- c:\documents and settings\BDR\Application Data\Avira 2010-06-18 01:36 . 2010-06-18 01:36 19200 ----a-w- c:\documents and settings\BDR\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-06-16 17:42 . 2010-06-19 02:10 828018 --sha-w- c:\windows\system32\acctresyb.sys 2010-06-16 05:09 . 2010-06-07 20:16 220024 ----a-w- c:\windows\sigcheck.exe 2010-06-16 04:39 . 2010-06-16 04:39 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla 2010-06-15 19:07 . 2010-06-18 01:49 -------- d-----w- c:\documents and settings\BDR\Local Settings\Application Data\Temp 2010-06-15 19:07 . 2010-06-15 19:13 -------- d-----w- c:\documents and settings\BDR\Local Settings\Application Data\Google 2010-06-15 18:53 . 2010-06-15 18:53 -------- d-----w- c:\documents and settings\BDR\Local Settings\Application Data\Mozilla 2010-06-15 04:58 . 2010-06-15 04:58 -------- d-----w- c:\program files\Java 2010-06-15 04:02 . 2010-06-15 05:28 664 ----a-w- c:\windows\system32\d3d9caps.dat 2010-06-15 03:32 . 2010-06-15 03:32 -------- d-----w- C:\_OTL 2010-06-12 01:04 . 2010-06-12 01:04 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe 2010-06-11 19:16 . 2010-06-11 19:16 -------- d-----w- c:\documents and settings\Administrator\Application Data\Avira 2010-06-11 19:09 . 2010-06-11 19:09 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2010-06-11 10:29 . 2010-06-11 10:29 -------- d-----w- c:\windows\system32\wbem\Repository 2010-06-11 08:44 . 2010-06-11 10:28 -------- d-----w- c:\windows\system32\NtmsData 2010-06-11 02:50 . 2010-06-11 02:50 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache 2010-06-11 01:50 . 2010-06-11 01:50 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache 2010-06-10 22:20 . 2010-05-06 10:41 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll 2010-06-06 03:11 . 2010-06-06 03:11 -------- d--h--w- c:\windows\PIF 2010-06-06 03:07 . 2010-06-10 19:48 -------- d-----w- c:\documents and settings\Lister\Application Data\vlc 2010-06-06 03:05 . 2010-06-06 03:05 -------- d-----w- c:\program files\VideoLAN 2010-06-06 03:03 . 2010-06-07 02:42 -------- d-----w- c:\documents and settings\Lister\Application Data\DivX 2010-06-06 03:03 . 2010-04-27 18:40 133616 ------w- c:\windows\system32\pxafs.dll 2010-06-06 03:03 . 2010-04-27 18:40 126448 ------w- c:\windows\system32\pxinsi64.exe 2010-06-06 03:03 . 2010-04-27 18:40 123888 ------w- c:\windows\system32\pxcpyi64.exe 2010-06-06 03:02 . 2010-06-06 03:02 -------- d-----w- c:\program files\Common Files\DivX Shared 2010-06-06 02:58 . 2010-06-06 03:03 -------- d-----w- c:\program files\DivX 2010-06-06 02:57 . 2010-06-06 03:04 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX 2010-05-26 18:53 . 2010-06-06 03:03 -------- d-----w- c:\program files\Mozilla Thunderbird 2010-05-20 15:17 . 2010-05-20 15:17 -------- d-sh--w- c:\documents and settings\Lister\IECompatCache . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-06-15 04:58 . 2010-04-30 01:47 411368 ----a-w- c:\windows\system32\deployJava1.dll 2010-06-14 17:32 . 2004-08-04 08:00 361600 ----a-w- c:\windows\system32\drivers\tcpip.sys 2010-06-09 17:13 . 2010-04-19 03:49 -------- d-----w- c:\documents and settings\Lister\Application Data\BitTorrent 2010-06-06 03:04 . 2010-06-06 03:04 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll 2010-06-06 03:02 . 2010-06-06 03:02 57409 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe 2010-06-06 03:02 . 2010-06-06 03:02 54101 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MPEG2Plugin\Uninstaller.exe 2010-06-06 03:02 . 2010-06-06 03:02 52963 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe 2010-06-06 03:02 . 2010-06-06 03:02 54073 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe 2010-06-06 03:02 . 2010-06-06 03:02 56969 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ASPEncoder\Uninstaller.exe 2010-06-06 02:58 . 2010-06-06 03:03 1062184 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll 2010-06-06 02:57 . 2010-04-19 03:47 -------- d-----w- c:\program files\Xvid 2010-06-06 02:57 . 2010-06-06 03:03 895256 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe 2010-05-27 11:13 . 2010-05-27 11:13 503808 ----a-w- c:\documents and settings\Lister\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-673e8d63-n\msvcp71.dll 2010-05-27 11:13 . 2010-05-27 11:13 499712 ----a-w- c:\documents and settings\Lister\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-673e8d63-n\jmc.dll 2010-05-27 11:13 . 2010-05-27 11:13 348160 ----a-w- c:\documents and settings\Lister\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-673e8d63-n\msvcr71.dll 2010-05-27 11:13 . 2010-05-27 11:13 12800 ----a-w- c:\documents and settings\Lister\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-49c26213-n\decora-d3d.dll 2010-05-27 11:13 . 2010-05-27 11:13 61440 ----a-w- c:\documents and settings\Lister\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-49c26213-n\decora-sse.dll 2010-05-26 18:54 . 2007-08-13 19:40 -------- d-----w- c:\documents and settings\Lister\Application Data\Thunderbird 2010-05-22 04:27 . 2010-05-18 01:10 -------- d-----w- c:\documents and settings\Lister\Application Data\AVI ReComp 2010-05-18 01:09 . 2010-05-18 01:09 -------- d-----w- c:\program files\AVI ReComp 2010-05-18 01:09 . 2010-05-18 01:09 -------- d-----w- c:\program files\Gabest 2010-05-18 01:09 . 2010-05-18 01:09 -------- d-----w- c:\program files\AviSynth 2.5 2010-05-18 00:56 . 2010-05-18 00:56 -------- d-----w- c:\program files\Common Files\Solveig Multimedia 2010-05-18 00:56 . 2010-05-18 00:56 -------- d-----w- c:\program files\Solveig Multimedia 2010-05-18 00:52 . 2010-05-18 00:52 -------- d-----w- c:\program files\FREE Hi-Q Recorder 2010-05-18 00:46 . 2010-05-18 00:46 -------- d-----w- c:\program files\Quick AVI Splitter 2010-05-06 10:41 . 2004-08-04 08:00 916480 ----a-w- c:\windows\system32\wininet.dll 2010-05-02 05:22 . 2004-08-04 08:00 1851264 ----a-w- c:\windows\system32\win32k.sys 2010-04-30 02:08 . 2010-04-30 02:08 -------- d-----w- c:\program files\CCleaner 2010-04-30 01:47 . 2010-04-30 01:47 503808 ----a-w- c:\documents and settings\Lister\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5a0a9bca-n\msvcp71.dll 2010-04-30 01:47 . 2010-04-30 01:47 499712 ----a-w- c:\documents and settings\Lister\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5a0a9bca-n\jmc.dll 2010-04-30 01:47 . 2010-04-30 01:47 348160 ----a-w- c:\documents and settings\Lister\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5a0a9bca-n\msvcr71.dll 2010-04-30 01:47 . 2010-04-30 01:47 61440 ----a-w- c:\documents and settings\Lister\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-62635b9f-n\decora-sse.dll 2010-04-30 01:47 . 2010-04-30 01:47 12800 ----a-w- c:\documents and settings\Lister\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-62635b9f-n\decora-d3d.dll 2010-04-30 01:46 . 2010-04-30 01:46 79488 ----a-w- c:\documents and settings\Lister\Application Data\Sun\Java\jre1.6.0_20\gtapi.dll 2010-04-30 01:46 . 2010-04-30 01:46 152576 ----a-w- c:\documents and settings\Lister\Application Data\Sun\Java\jre1.6.0_20\lzma.dll 2010-04-27 18:40 . 2009-09-15 16:10 9200 ------w- c:\windows\system32\drivers\cdralw2k.sys 2010-04-27 18:40 . 2009-09-15 16:10 9072 ------w- c:\windows\system32\drivers\cdr4_xp.sys 2010-04-27 18:40 . 2008-11-20 19:19 45648 ------w- c:\windows\system32\drivers\PxHelp20.sys 2010-04-27 03:15 . 2010-04-19 03:49 -------- d-----w- c:\program files\BitTorrent 2010-04-25 18:20 . 2005-05-19 15:54 19200 -c--a-w- c:\documents and settings\Lister\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-04-25 18:19 . 2010-04-25 18:19 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet 2010-04-25 18:05 . 2010-04-25 18:05 -------- d-----w- c:\documents and settings\All Users\Application Data\ALM 2010-04-25 18:04 . 2005-06-15 20:27 -------- d-----w- c:\program files\Common Files\Adobe 2010-04-25 17:39 . 2010-04-25 17:39 -------- d-----w- c:\program files\Adobe Media Player 2010-04-25 17:33 . 2010-04-25 17:33 -------- d-----w- c:\program files\Common Files\Adobe AIR 2010-04-25 17:31 . 2010-04-25 17:31 -------- d-----w- c:\program files\Common Files\Macrovision Shared 2010-04-25 17:14 . 2010-04-25 17:14 -------- d-----w- c:\documents and settings\Lister\Application Data\Ashampoo 2010-04-25 17:13 . 2010-04-25 17:13 -------- d-----w- c:\documents and settings\All Users\Application Data\ashampoo 2010-04-25 17:12 . 2010-04-25 17:12 -------- d-----w- c:\program files\Ashampoo 2010-04-20 05:30 . 2004-08-04 08:00 285696 ----a-w- c:\windows\system32\atmfd.dll 2010-03-30 04:46 . 2009-09-23 20:11 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-03-30 04:45 . 2009-09-23 20:11 20824 ----a-w- c:\windows\system32\drivers\mbam.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Google Update"="c:\documents and settings\BDR\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-06-15 136176] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 88209] "srmclean"="c:\cpqs\Scom\srmclean.exe" [2001-07-24 36864] "SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-06 524800] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792] "AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\klmdb.sys] @="Driver" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= R2 PVDMAutoSvc;PaperVision Automation Server;c:\program files\Digitech Systems\Common Files\PVDMAUTOSVC.EXE [x] S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336] . Contents of the 'Scheduled Tasks' folder 2010-06-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1535821286-3378883779-1973138654-1007Core.job - c:\documents and settings\Lister\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-06-18 01:18] 2010-06-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1535821286-3378883779-1973138654-1007UA.job - c:\documents and settings\Lister\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-06-18 01:18] 2010-06-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1535821286-3378883779-1973138654-1018Core.job - c:\documents and settings\BDR\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-06-15 19:07] 2010-06-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1535821286-3378883779-1973138654-1018UA.job - c:\documents and settings\BDR\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-06-15 19:07] 2010-06-19 c:\windows\Tasks\User_Feed_Synchronization-{3CEE98FE-820D-476B-80C3-A47DCB8D2626}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 08:31] 2010-06-19 c:\windows\Tasks\User_Feed_Synchronization-{AD9B2600-D458-4D89-AE8F-76494E1C43E6}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 08:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://go.compaq.com/1Q00CDT/0409/bl7.asp mSearch Bar = hxxp://go.compaq.com/1Q00CDT/0409/bl8.asp IE: Add to filterlist (WebWasher) - http://-Web.Washer-/ie_add IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\BDR\Application Data\Mozilla\Firefox\Profiles\34l4k4yx.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/ FF - plugin: c:\documents and settings\BDR\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); . - - - - ORPHANS REMOVED - - - - MSConfigStartUp-Skype - c:\program files\Skype\Phone\Skype.exe MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre1.6.0_07\bin\jusched.exe MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-06-18 22:23 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(520) c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll - - - - - - - > 'explorer.exe'(2820) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Avira\AntiVir Desktop\avguard.exe c:\windows\system32\inetsrv\inetinfo.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\mssql7\binn\sqlservr.exe c:\program files\Avira\AntiVir Desktop\avshadow.exe c:\windows\AGRSMMSG.exe c:\mssql7\Binn\sqlmangr.exe . ************************************************************************** . Completion time: 2010-06-18 22:27:20 - machine was rebooted ComboFix-quarantined-files.txt 2010-06-19 02:27 Pre-Run: 17,326,874,624 bytes free Post-Run: 17,468,321,792 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect - - End Of File - - C97B5F2C8939DE10CB460A7DC2C8E71F
  9. Still redirecting - I check my roomates computer and asked the other one, they are not having the same issue. GooredFix by jpshortstuff (08.01.10.1) Log created at 14:41 on 18/06/2010 (BDR) Firefox version 3.5.9 (en-US) ========== GooredScan ========== (none) ========== GooredLog ========== C:\Program Files\Mozilla Firefox\extensions\ {972ce4c6-7e08-4474-a285-3208198ce6fd} [13:36 16/10/2008] {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [05:00 15/06/2010] C:\Documents and Settings\BDR\Application Data\Mozilla\Firefox\Profiles\34l4k4yx.default\extensions\ (none) [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [04:59 15/06/2010] -=E.O.F=-
  10. If I do that, will I have to re-do the setup and network key? I am using a wireless router and I have two other roomates that are using it. What do you think it will accomplish by resetting the router?
  11. I am still getting some redirects when using search engines on Mozilla Firefox. Also, recently Avira quarantined the file C:\SystemVolumeInformation\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP7\A0012364.exe for a TR/Meredrop.A.10870
  12. Well, still experiencing some issues with that particular user account. Certain things won't load correctly or work. For example the add/remove programs list doesn't load up correctly and sometimes I have trouble logging off or shutting down. Also, things seem to take longer to install. I created a new user account and things seem to be running smoother, altough I still can't get google chrome to run. I have uninstalled and re-installed it but everytime I bring it up it crashes.
  13. i ran otl - without changing Standard Registry and Drivers to all, here are the results: OTL logfile created on: 6/17/2010 3:26:34 PM - Run 4 OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\Lister\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 88.00% Memory free 4.00 Gb Paging File | 4.00 Gb Available in Paging File | 93.00% Paging File free Paging file location(s): C:\pagefile.sys 756 1512 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 37.26 Gb Total Space | 16.76 Gb Free Space | 44.98% Space Free | Partition Type: NTFS Drive D: | 562.06 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Drive E: | 145.87 Gb Total Space | 115.62 Gb Free Space | 79.26% Space Free | Partition Type: NTFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: LISTINGPA0113 Current User Name: Lister Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2010/06/14 13:40:47 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lister\Desktop\OTL.exe PRC - [2010/06/02 20:50:58 | 001,144,104 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe PRC - [2010/04/21 21:52:42 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2010/03/02 10:28:31 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2010/02/24 09:28:09 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2010/01/14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2008/04/13 20:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [1998/11/27 23:43:52 | 004,964,624 | ---- | M] (Microsoft Corporation) -- C:\MSSQL7\Binn\sqlservr.exe PRC - [1998/11/13 02:06:48 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\MSSQL7\Binn\sqlmangr.exe ========== Modules (SafeList) ========== MOD - [2010/06/14 13:40:47 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lister\Desktop\OTL.exe MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- -- (PVDMAutoSvc) SRV - [2010/04/25 13:31:55 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2010/04/21 21:52:42 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010/02/24 09:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2008/04/13 20:12:36 | 000,092,160 | --S- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\acctresy.exe -- (MSSQLServerupnphost) SRV - [2008/04/13 20:12:36 | 000,079,872 | --S- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\acleditx.exe -- (oseW3SVC) SRV - [2008/04/13 20:12:36 | 000,079,360 | --S- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\admwproxo.exe -- (SENSAntiVirSchedulerService) SRV - [2008/04/13 20:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC) SRV - [2008/04/13 20:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP) SRV - [2008/04/13 20:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN) SRV - [1998/11/27 23:43:52 | 004,964,624 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\MSSQL7\Binn\sqlservr.exe -- (MSSQLServer) SRV - [1998/11/13 02:09:58 | 000,339,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\MSSQL7\Binn\sqlagent.exe -- (SQLServerAgent) ========== Driver Services (SafeList) ========== DRV - [2010/03/01 09:05:24 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2010/02/16 13:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009/05/11 11:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2009/05/11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2008/08/14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\adfs.sys -- (adfs) DRV - [2008/04/13 14:36:38 | 000,020,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hidbatt.sys -- (HidBatt) DRV - [2007/10/02 04:06:40 | 000,451,968 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73) DRV - [2005/03/04 12:02:20 | 001,066,278 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2004/12/22 01:32:12 | 000,369,024 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX) DRV - [2004/08/03 13:29:50 | 000,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wVchNTxx.sys -- (iAimFP4) DRV - [2004/08/03 13:29:48 | 000,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wSiINTxx.sys -- (iAimFP3) DRV - [2004/08/03 13:29:46 | 000,025,471 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV10nt.sys -- (iAimTV5) DRV - [2004/08/03 13:29:46 | 000,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys -- (iAimTV4) DRV - [2004/08/03 13:29:46 | 000,022,271 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV06nt.sys -- (iAimTV6) DRV - [2004/08/03 13:29:44 | 000,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV04nt.sys -- (iAimTV3) DRV - [2004/08/03 13:29:44 | 000,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV02NT.sys -- (iAimTV1) DRV - [2004/08/03 13:29:42 | 000,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV01nt.sys -- (iAimTV0) DRV - [2004/08/03 13:29:42 | 000,011,871 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV09NT.sys -- (iAimFP7) DRV - [2004/08/03 13:29:40 | 000,011,807 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV07nt.sys -- (iAimFP5) DRV - [2004/08/03 13:29:40 | 000,011,295 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV08NT.sys -- (iAimFP6) DRV - [2004/08/03 13:29:38 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\i81xnt5.sys -- (i81x) DRV - [2004/08/03 13:29:38 | 000,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV01nt.sys -- (iAimFP0) DRV - [2004/08/03 13:29:38 | 000,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV02NT.sys -- (iAimFP1) DRV - [2004/08/03 13:29:38 | 000,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV05NT.sys -- (iAimFP2) DRV - [2002/05/08 14:44:42 | 000,105,472 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\adpu320.sys -- (adpu320) DRV - [2002/04/04 02:32:06 | 000,028,416 | R--- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symmpi.sys -- (Symmpi) DRV - [2001/08/17 12:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3) DRV - [2001/08/17 12:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi) DRV - [2001/08/17 12:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx) DRV - [2001/08/17 12:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810) DRV - [2001/08/17 03:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Intel® 82801 Audio Driver Install Service (WDM) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/" FF - prefs.js..extensions.enabledItems: anycolor.pavlos256@gmail.com:0.3.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.8 FF - prefs.js..extensions.enabledItems: {e2c58150-9d72-11dd-ad8b-0800200c9a66}:1.2.2 FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/15 00:23:55 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/29 21:47:17 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/05/26 14:53:50 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010/06/05 23:03:45 | 000,000,000 | ---D | M] [2010/05/26 14:54:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lister\Application Data\Mozilla\Extensions [2010/05/26 14:54:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Lister\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2010/06/17 01:02:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lister\Application Data\Mozilla\Firefox\Profiles\76k5crmz.default\extensions [2010/05/20 16:48:06 | 000,000,000 | ---D | M] (Web Developer) -- C:\Documents and Settings\Lister\Application Data\Mozilla\Firefox\Profiles\76k5crmz.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12} [2009/06/29 16:02:07 | 000,000,000 | ---D | M] (Black Steel) -- C:\Documents and Settings\Lister\Application Data\Mozilla\Firefox\Profiles\76k5crmz.default\extensions\{e2c58150-9d72-11dd-ad8b-0800200c9a66} [2009/06/29 16:11:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lister\Application Data\Mozilla\Firefox\Profiles\76k5crmz.default\extensions\anycolor.pavlos256@gmail.com [2010/06/17 01:02:47 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010/06/15 01:01:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010/06/15 00:59:03 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll O1 HOSTS File: ([2010/06/14 23:38:16 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [setRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [srmclean] C:\cpqs\scom\srmclean.exe () O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk = C:\MSSQL7\Binn\sqlmangr.exe (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\Lister\Start Menu\Programs\Startup\sisytj32.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.) O15 - HKCU\..Trusted Domains: infopia.com ([app] https in Trusted sites) O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Jojo's%20Fashion%20Show/Images/stg_drm.ocx (SpinTop DRM Control) O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} http://auctioninn.expressdynamics.com/glob...rts/ScriptX.cab (MeadCo ScriptX) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Mahjong%20World/Images/armhelper.ocx (ArmHelper Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\sdra64.exe) - C:\WINDOWS\system32\sdra64.exe () O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - File not found O24 - Desktop WallPaper: C:\Documents and Settings\Lister\My Documents\Downloads\wallpaper-phils500px2.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Lister\My Documents\Downloads\wallpaper-phils500px2.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2003/07/16 11:38:10 | 000,000,110 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ] O33 - MountPoints2\{a6132d6c-f271-11db-8e54-000ffe1ad6f5}\Shell\AutoRun\command - "" = E:\GETMYPIX.EXE -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010/06/16 01:09:37 | 000,220,024 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\sigcheck.exe [2010/06/16 00:57:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\maxdriver [2010/06/15 01:00:55 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl [2010/06/15 01:00:52 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2010/06/15 01:00:52 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2010/06/15 01:00:52 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2010/06/15 00:58:14 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2010/06/14 23:32:53 | 000,000,000 | ---D | C] -- C:\_OTL [2010/06/14 13:41:28 | 000,572,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Lister\Desktop\OTL.exe [2010/06/14 13:30:48 | 000,000,000 | -HSD | C] -- C:\WINDOWS\System32\lowsec [2010/06/14 13:24:36 | 000,998,736 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\Lister\Desktop\TDSSKiller.exe [2010/06/14 07:18:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia [2010/06/14 07:18:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe [2010/06/11 15:08:23 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC [2010/06/11 06:38:28 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Lister\Recent [2010/06/11 06:08:36 | 000,000,000 | ---D | C] -- C:\ComboFix [2010/06/11 06:06:01 | 000,000,000 | ---D | C] -- C:\Qoobox [2010/06/11 04:44:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData [2010/06/10 21:50:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lister\Local Settings\Application Data\Windows Server [2010/06/10 18:20:24 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll [2010/06/05 23:11:21 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF [2010/06/05 23:07:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lister\Application Data\vlc [2010/06/05 23:05:54 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN [2010/06/05 23:03:49 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Lister\My Documents\My Videos [2010/06/05 23:03:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lister\Application Data\DivX [2010/06/05 23:03:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lister\My Documents\DivX Movies [2010/06/05 23:03:16 | 002,120,176 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxsfs.dll [2010/06/05 23:03:16 | 000,133,616 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxafs.dll [2010/06/05 23:03:16 | 000,126,448 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxinsi64.exe [2010/06/05 23:03:16 | 000,123,888 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxcpyi64.exe [2010/06/05 23:03:16 | 000,068,592 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxinsa64.exe [2010/06/05 23:03:16 | 000,068,080 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxcpya64.exe [2010/06/05 23:02:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared [2010/06/05 22:58:25 | 000,000,000 | ---D | C] -- C:\Program Files\DivX [2010/06/05 22:57:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DivX [2010/06/03 23:53:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lister\Desktop\infinitos [2010/06/02 15:50:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lister\Desktop\photos [2010/05/26 14:53:46 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird [2010/05/25 11:31:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lister\Desktop\Copy of final-project [2010/05/23 14:54:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lister\Desktop\final-project [2010/05/23 14:12:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lister\Desktop\final-project3 [2010/05/22 00:53:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lister\Desktop\photoshop class [2010/05/20 13:14:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lister\Desktop\modelportfolio [2010/05/20 11:51:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lister\Desktop\WJTL [2010/05/20 11:17:34 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Lister\IECompatCache [1 C:\Documents and Settings\Lister\*.tmp files -> C:\Documents and Settings\Lister\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010/06/17 15:32:22 | 000,283,118 | ---- | M] () -- C:\WINDOWS\System32\aaclientf.sys [2010/06/17 15:31:06 | 000,255,543 | -HS- | M] () -- C:\WINDOWS\System32\acctresyb.sys [2010/06/17 15:25:52 | 000,425,684 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010/06/17 15:25:52 | 000,068,202 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010/06/17 15:25:51 | 000,502,068 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010/06/17 15:23:18 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{3CEE98FE-820D-476B-80C3-A47DCB8D2626}.job [2010/06/17 15:23:09 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010/06/17 15:21:37 | 000,000,372 | --S- | M] () -- C:\WINDOWS\System32\3618941941.dat [2010/06/17 15:20:40 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010/06/17 15:20:37 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010/06/17 01:12:00 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1535821286-3378883779-1973138654-1018UA.job [2010/06/17 01:10:38 | 004,307,242 | -H-- | M] () -- C:\Documents and Settings\Lister\Local Settings\Application Data\IconCache.db [2010/06/17 00:30:47 | 000,000,280 | --S- | M] () -- C:\WINDOWS\System32\1891678095.dat [2010/06/17 00:14:26 | 004,980,736 | ---- | M] () -- C:\Documents and Settings\Lister\ntuser.dat [2010/06/17 00:14:26 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Lister\ntuser.ini [2010/06/16 00:57:43 | 000,013,719 | ---- | M] () -- C:\WINDOWS\look.bat [2010/06/16 00:55:49 | 001,138,992 | ---- | M] () -- C:\Documents and Settings\Lister\Desktop\maxlook.exe [2010/06/15 15:12:05 | 000,000,918 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1535821286-3378883779-1973138654-1018Core.job [2010/06/15 14:04:45 | 000,016,384 | ---- | M] () -- C:\Documents and Settings\Lister\Desktop\paradise.xls [2010/06/15 01:28:11 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2010/06/15 00:58:58 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2010/06/15 00:58:58 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2010/06/15 00:58:58 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2010/06/15 00:58:58 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl [2010/06/15 00:58:56 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll [2010/06/14 23:38:16 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts [2010/06/14 13:40:47 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lister\Desktop\OTL.exe [2010/06/11 21:19:48 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Lister\defogger_reenable [2010/06/11 21:01:52 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Lister\Desktop\qb6qvrow.exe [2010/06/11 21:01:06 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Lister\Desktop\dds.scr [2010/06/11 21:00:00 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Lister\Desktop\Defogger.exe [2010/06/10 22:07:39 | 001,997,136 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010/06/10 15:43:52 | 000,056,832 | ---- | M] () -- C:\Documents and Settings\Lister\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/06/09 23:18:57 | 000,038,787 | ---- | M] () -- C:\Documents and Settings\Lister\My Documents\cdrw5-28-10.ashprj [2010/06/09 18:15:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\Norton PC Checkup Weekday Scanner.job [2010/06/07 16:16:54 | 000,220,024 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\sigcheck.exe [2010/06/06 17:56:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\Norton PC Checkup Weekend Scanner.job [2010/06/05 23:06:22 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk [2010/06/05 23:03:49 | 000,001,472 | ---- | M] () -- C:\Documents and Settings\Lister\Desktop\DivX Movies.lnk [2010/06/05 23:03:31 | 000,000,777 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Player.lnk [2010/06/05 23:03:10 | 000,000,817 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Converter.lnk [2010/05/31 10:41:12 | 000,998,736 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\Lister\Desktop\TDSSKiller.exe [2010/05/26 22:00:00 | 000,035,328 | ---- | M] () -- C:\Documents and Settings\Lister\Desktop\consignments.xls [2010/05/26 14:53:53 | 000,001,668 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Thunderbird.lnk [2010/05/24 16:10:00 | 000,049,664 | ---- | M] () -- C:\Documents and Settings\Lister\My Documents\uc.doc [2010/05/23 22:11:58 | 000,007,118 | ---- | M] () -- C:\Documents and Settings\Lister\My Documents\bradmix5-20.ashprj [1 C:\Documents and Settings\Lister\*.tmp files -> C:\Documents and Settings\Lister\*.tmp -> ] ========== Files Created - No Company Name ========== [2010/06/16 13:42:00 | 000,255,135 | -HS- | C] () -- C:\WINDOWS\System32\acctresyb.sys [2010/06/16 13:42:00 | 000,000,468 | ---- | C] () -- C:\WINDOWS\System32\aaclientf.sys [2010/06/16 00:57:31 | 000,013,719 | ---- | C] () -- C:\WINDOWS\look.bat [2010/06/16 00:56:24 | 001,138,992 | ---- | C] () -- C:\Documents and Settings\Lister\Desktop\maxlook.exe [2010/06/15 15:07:41 | 000,000,970 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1535821286-3378883779-1973138654-1018UA.job [2010/06/15 15:07:40 | 000,000,918 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1535821286-3378883779-1973138654-1018Core.job [2010/06/15 00:02:56 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2010/06/14 13:19:33 | 000,000,372 | --S- | C] () -- C:\WINDOWS\System32\3618941941.dat [2010/06/11 21:19:48 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Lister\defogger_reenable [2010/06/11 21:19:40 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Lister\Desktop\dds.scr [2010/06/11 21:19:40 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Lister\Desktop\qb6qvrow.exe [2010/06/11 21:19:40 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Lister\Desktop\Defogger.exe [2010/06/10 22:10:54 | 004,980,736 | ---- | C] () -- C:\Documents and Settings\Lister\ntuser.dat [2010/06/10 21:46:42 | 000,000,280 | --S- | C] () -- C:\WINDOWS\System32\1891678095.dat [2010/06/10 21:46:25 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\dhxiuw.dat [2010/06/05 23:06:21 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk [2010/06/05 23:03:49 | 000,001,472 | ---- | C] () -- C:\Documents and Settings\Lister\Desktop\DivX Movies.lnk [2010/06/05 23:03:31 | 000,000,777 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Player.lnk [2010/06/05 23:03:10 | 000,000,817 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Converter.lnk [2010/06/01 15:18:09 | 000,016,384 | ---- | C] () -- C:\Documents and Settings\Lister\Desktop\paradise.xls [2010/05/28 14:06:54 | 000,038,787 | ---- | C] () -- C:\Documents and Settings\Lister\My Documents\cdrw5-28-10.ashprj [2010/05/26 14:57:53 | 000,035,328 | ---- | C] () -- C:\Documents and Settings\Lister\Desktop\consignments.xls [2010/05/26 14:53:53 | 000,001,668 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Thunderbird.lnk [2010/05/24 16:10:00 | 000,049,664 | ---- | C] () -- C:\Documents and Settings\Lister\My Documents\uc.doc [2010/05/21 16:39:44 | 000,007,118 | ---- | C] () -- C:\Documents and Settings\Lister\My Documents\bradmix5-20.ashprj [2010/05/20 11:17:19 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{3CEE98FE-820D-476B-80C3-A47DCB8D2626}.job [2009/12/02 14:49:58 | 000,000,021 | ---- | C] () -- C:\WINDOWS\.picasa.ini [2009/06/07 10:24:04 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2009/06/07 10:16:12 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2009/02/13 22:30:24 | 000,000,121 | ---- | C] () -- C:\WINDOWS\System32\IeeeU.sys [2009/02/08 17:45:38 | 000,000,071 | ---- | C] () -- C:\WINDOWS\System32\tencent.sys [2009/02/08 08:48:29 | 000,000,087 | ---- | C] () -- C:\WINDOWS\System32\liuliuwang.sys [2009/02/08 08:47:05 | 000,000,059 | ---- | C] () -- C:\WINDOWS\System32\dRfT.sys [2009/02/07 19:49:42 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\lopd.sys [2009/01/30 23:50:13 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\Ls09.sys [2009/01/28 14:50:44 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2009/01/27 17:01:21 | 000,000,065 | ---- | C] () -- C:\WINDOWS\System32\IU.sys [2009/01/23 20:44:44 | 000,000,005 | ---- | C] () -- C:\WINDOWS\System32\dboy1.sys [2009/01/23 20:44:42 | 000,000,076 | ---- | C] () -- C:\WINDOWS\System32\v6XXaks8.sys [2009/01/20 17:34:39 | 000,011,521 | ---- | C] () -- C:\WINDOWS\MSUMLT_Q.ini [2006/06/06 11:36:33 | 000,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini [2006/06/06 11:36:33 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini [2006/06/06 11:36:08 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini [2006/06/06 11:36:08 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini [2006/06/06 11:36:07 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini [2006/01/12 18:24:35 | 000,000,070 | ---- | C] () -- C:\WINDOWS\bi_group.ini [2006/01/12 18:15:57 | 000,257,536 | ---- | C] () -- C:\WINDOWS\System32\BiImg.dll [2005/05/08 14:32:06 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2005/05/08 14:28:55 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2005/05/08 14:27:42 | 000,001,058 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2003/02/03 16:26:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll [2003/01/07 18:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI ========== Custom Scans ========== < MD5 for: REDBOOK.SYS > [2004/08/04 09:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:redbook.sys [2004/08/04 04:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:redbook.sys [2008/07/12 11:15:43 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:redbook.sys [2008/07/12 11:15:43 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:redbook.sys [2004/08/04 01:59:38 | 000,057,472 | ---- | M] (Microsoft Corporation) MD5=B31B4588E4086D8D84ADBF9845C2402B -- C:\WINDOWS\$NtServicePackUninstall$\redbook.sys [2008/04/13 14:40:27 | 000,057,600 | ---- | M] (Microsoft Corporation) MD5=F828DD7E1419B6653894A8F97A0094C5 -- C:\WINDOWS\ServicePackFiles\i386\redbook.sys [2008/04/13 14:40:28 | 000,057,600 | ---- | M] (Microsoft Corporation) MD5=F828DD7E1419B6653894A8F97A0094C5 -- C:\WINDOWS\system32\dllcache\redbook.sys [2008/04/13 14:40:27 | 000,057,600 | ---- | M] (Microsoft Corporation) MD5=F828DD7E1419B6653894A8F97A0094C5 -- C:\WINDOWS\system32\drivers\REDBOOK.SYS [2008/04/13 14:40:27 | 000,057,600 | ---- | M] () MD5=FD6603E11F3AAB8DF4D279D3AC95BF06 -- C:\WINDOWS\maxdriver\redbook.sys < End of report >
  14. ========== FILES ========== File C:\WINDOWS\system32\drivers\redbook.sys successfully replaced with C:\WINDOWS\ServicePackFiles\i386\redbook.sys ========== COMMANDS ========== OTL by OldTimer - Version 3.2.6.0 log created on 06172010_001328 OTL logfile created on: 6/17/2010 12:22:37 AM - Run 3 OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\Lister\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 87.00% Memory free 4.00 Gb Paging File | 4.00 Gb Available in Paging File | 91.00% Paging File free Paging file location(s): C:\pagefile.sys 756 1512 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 37.26 Gb Total Space | 16.77 Gb Free Space | 45.00% Space Free | Partition Type: NTFS Drive D: | 562.06 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Drive E: | 145.87 Gb Total Space | 115.62 Gb Free Space | 79.26% Space Free | Partition Type: NTFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: LISTINGPA0113 Current User Name: Lister Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2010/06/14 13:40:47 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lister\Desktop\OTL.exe PRC - [2010/06/02 20:50:58 | 001,144,104 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe PRC - [2010/04/26 21:45:27 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2010/04/21 21:52:42 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2010/03/02 10:28:31 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2010/02/24 09:28:09 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2010/01/14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2008/04/13 20:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [1998/11/27 23:43:52 | 004,964,624 | ---- | M] (Microsoft Corporation) -- C:\MSSQL7\Binn\sqlservr.exe PRC - [1998/11/13 02:06:48 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\MSSQL7\Binn\sqlmangr.exe ========== Modules (SafeList) ========== MOD - [2010/06/14 13:40:47 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lister\Desktop\OTL.exe MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- -- (PVDMAutoSvc) SRV - [2010/04/25 13:31:55 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2010/04/21 21:52:42 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010/02/24 09:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2008/04/13 20:12:36 | 000,092,160 | --S- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\acctresy.exe -- (MSSQLServerupnphost) SRV - [2008/04/13 20:12:36 | 000,079,872 | --S- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\acleditx.exe -- (oseW3SVC) SRV - [2008/04/13 20:12:36 | 000,079,360 | --S- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\admwproxo.exe -- (SENSAntiVirSchedulerService) SRV - [2008/04/13 20:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC) SRV - [2008/04/13 20:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP) SRV - [2008/04/13 20:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN) SRV - [1998/11/27 23:43:52 | 004,964,624 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\MSSQL7\Binn\sqlservr.exe -- (MSSQLServer) SRV - [1998/11/13 02:09:58 | 000,339,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\MSSQL7\Binn\sqlagent.exe -- (SQLServerAgent) ========== Driver Services (All) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | Disabled | Stopped] -- -- (ultra) DRV - File not found [Kernel | Disabled | Stopped] -- -- (TosIde) DRV - File not found [Kernel | Disabled | Stopped] -- -- (Sparrow) DRV - File not found [Kernel | Disabled | Stopped] -- -- (Simbad) DRV - File not found [Kernel | Disabled | Stopped] -- -- (ql1280) DRV - File not found [Kernel | Disabled | Stopped] -- -- (ql1240) DRV - File not found [Kernel | Disabled | Stopped] -- -- (ql12160) DRV - File not found [Kernel | Disabled | Stopped] -- -- (Ql10wnt) DRV - File not found [Kernel | Disabled | Stopped] -- -- (ql1080) DRV - File not found [Kernel | Disabled | Stopped] -- -- (perc2hib) DRV - File not found [Kernel | Disabled | Stopped] -- -- (perc2) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | Disabled | Stopped] -- -- (mraid35x) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | Disabled | Stopped] -- -- (ini910u) DRV - File not found [Kernel | Disabled | Stopped] -- -- (i2omp) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | Disabled | Stopped] -- -- (hpn) DRV - File not found [Kernel | Disabled | Stopped] -- -- (dac960nt) DRV - File not found [Kernel | Disabled | Stopped] -- -- (Cpqarray) DRV - File not found [Kernel | Disabled | Stopped] -- -- (CmdIde) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - File not found [Kernel | Disabled | Stopped] -- -- (cd20xrnt) DRV - File not found [Kernel | Disabled | Stopped] -- -- (Atdisk) DRV - File not found [Kernel | Disabled | Stopped] -- -- (asc3550) DRV - File not found [Kernel | Disabled | Stopped] -- -- (asc3350p) DRV - File not found [Kernel | Disabled | Stopped] -- -- (asc) DRV - File not found [Kernel | Disabled | Stopped] -- -- (amsint) DRV - File not found [Kernel | Disabled | Stopped] -- -- (AliIde) DRV - File not found [Kernel | Disabled | Stopped] -- -- (Aha154x) DRV - File not found [Kernel | Disabled | Stopped] -- -- (abp480n5) DRV - File not found [Kernel | Disabled | Stopped] -- -- (Abiosdsk) DRV - [2010/06/14 13:32:37 | 000,361,600 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip.sys -- (Tcpip) DRV - [2010/04/27 14:40:40 | 000,045,648 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20) DRV - [2010/03/01 09:05:24 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2010/02/24 09:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\mrxsmb.sys -- (MRxSmb) DRV - [2010/02/16 13:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009/12/31 12:50:03 | 000,353,792 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\srv.sys -- (Srv) DRV - [2009/10/20 12:20:16 | 000,265,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\http.sys -- (HTTP) DRV - [2009/06/24 07:18:41 | 000,092,928 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ksecdd.sys -- (KSecDD) DRV - [2009/05/11 11:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2009/05/11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2008/08/14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\adfs.sys -- (adfs) DRV - [2008/08/14 06:04:36 | 000,138,496 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\afd.sys -- (AFD) DRV - [2008/04/13 20:13:22 | 000,139,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rdpwd.sys -- (RDPWD) DRV - [2008/04/13 20:13:21 | 000,021,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tdtcp.sys -- (TDTCP) DRV - [2008/04/13 20:13:20 | 000,040,840 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\termdd.sys -- (TermDD) DRV - [2008/04/13 20:13:20 | 000,012,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tdpipe.sys -- (TDPIPE) DRV - [2008/04/13 15:39:48 | 000,014,592 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid) DRV - [2008/04/13 15:28:39 | 000,175,744 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\rdbss.sys -- (Rdbss) DRV - [2008/04/13 15:21:00 | 000,162,816 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\netbt.sys -- (NetBT) DRV - [2008/04/13 15:20:42 | 000,091,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ndiswan.sys -- (NdisWan) DRV - [2008/04/13 15:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ndis.sys -- (NDIS) DRV - [2008/04/13 15:19:48 | 000,048,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\raspptp.sys -- (PptpMiniport) WAN Miniport (PPTP) DRV - [2008/04/13 15:19:43 | 000,051,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rasl2tp.sys -- (Rasl2tp) WAN Miniport (L2TP) DRV - [2008/04/13 15:19:42 | 000,075,264 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ipsec.sys -- (IPSec) DRV - [2008/04/13 15:18:00 | 000,052,480 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\i8042prt.sys -- (i8042prt) DRV - [2008/04/13 15:17:18 | 000,083,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wdmaud.sys -- (wdmaud) DRV - [2008/04/13 15:17:05 | 000,105,344 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\mup.sys -- (Mup) DRV - [2008/04/13 15:15:55 | 000,060,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sysaudio.sys -- (sysaudio) DRV - [2008/04/13 15:15:53 | 000,574,976 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\ntfs.sys -- (Ntfs) DRV - [2008/04/13 15:15:45 | 000,064,512 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\serial.sys -- (Serial) DRV - [2008/04/13 15:14:29 | 000,143,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\fastfat.sys -- (Fastfat) DRV - [2008/04/13 15:14:21 | 000,063,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\cdfs.sys -- (Cdfs) DRV - [2008/04/13 15:00:19 | 000,030,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\modem.sys -- (Modem) DRV - [2008/04/13 14:57:32 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\raspppoe.sys -- (RasPppoe) DRV - [2008/04/13 14:57:29 | 000,040,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ndproxy.sys -- (NDProxy) DRV - [2008/04/13 14:57:27 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\asyncmac.sys -- (AsyncMac) DRV - [2008/04/13 14:57:27 | 000,010,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ndistapi.sys -- (NdisTapi) DRV - [2008/04/13 14:57:21 | 000,034,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanarp.sys -- (Wanarp) DRV - [2008/04/13 14:57:15 | 000,152,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ipnat.sys -- (IpNat) DRV - [2008/04/13 14:57:07 | 000,020,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ipinip.sys -- (IpInIp) DRV - [2008/04/13 14:56:32 | 000,035,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msgpc.sys -- (Gpc) DRV - [2008/04/13 14:56:02 | 000,034,688 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\netbios.sys -- (NetBIOS) DRV - [2008/04/13 14:55:58 | 000,014,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ndisuio.sys -- (Ndisuio) DRV - [2008/04/13 14:54:28 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irenum.sys -- (IRENUM) DRV - [2008/04/13 14:53:34 | 000,036,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ip6fw.sys -- (Ip6Fw) DRV - [2008/04/13 14:51:25 | 000,059,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atmarpc.sys -- (Atmarpc) DRV - [2008/04/13 14:45:40 | 000,032,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbccgp.sys -- (usbccgp) DRV - [2008/04/13 14:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbstor.sys -- (USBSTOR) DRV - [2008/04/13 14:45:37 | 000,059,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbhub.sys -- (usbhub) DRV - [2008/04/13 14:45:35 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbehci.sys -- (usbehci) DRV - [2008/04/13 14:45:35 | 000,020,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbuhci.sys -- (usbuhci) DRV - [2008/04/13 14:45:27 | 000,010,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hidusb.sys -- (HidUsb) DRV - [2008/04/13 14:45:13 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\drmkaud.sys -- (drmkaud) DRV - [2008/04/13 14:45:09 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\kmixer.sys -- (kmixer) DRV - [2008/04/13 14:45:09 | 000,056,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swmidi.sys -- (swmidi) DRV - [2008/04/13 14:45:07 | 000,006,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\splitter.sys -- (splitter) DRV - [2008/04/13 14:45:01 | 000,052,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dmusic.sys -- (DMusic) DRV - [2008/04/13 14:44:48 | 000,799,744 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dmboot.sys -- (dmboot) DRV - [2008/04/13 14:44:46 | 000,153,344 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\dmio.sys -- (dmio) DRV - [2008/04/13 14:44:40 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\vga.sys -- (VgaSave) DRV - [2008/04/13 14:41:01 | 000,052,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\volsnap.sys -- (VolSnap) DRV - [2008/04/13 14:40:58 | 000,042,112 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\imapi.sys -- (Imapi) DRV - [2008/04/13 14:40:49 | 000,019,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\partmgr.sys -- (PartMgr) DRV - [2008/04/13 14:40:48 | 000,011,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\sfloppy.sys -- (Sfloppy) DRV - [2008/04/13 14:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\disk.sys -- (Disk) DRV - [2008/04/13 14:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdrom.sys -- (Cdrom) DRV - [2008/04/13 14:40:31 | 000,005,376 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\viaide.sys -- (ViaIde) DRV - [2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\atapi.sys -- (atapi) DRV - [2008/04/13 14:40:29 | 000,005,504 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\intelide.sys -- (IntelIde) DRV - [2008/04/13 14:40:28 | 000,057,600 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\redbook.sys -- (redbook) DRV - [2008/04/13 14:40:25 | 000,027,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\fdc.sys -- (Fdc) DRV - [2008/04/13 14:40:25 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\flpydisk.sys -- (Flpydisk) DRV - [2008/04/13 14:40:12 | 000,015,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\serenum.sys -- (serenum) DRV - [2008/04/13 14:40:10 | 000,080,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\parport.sys -- (Parport) DRV - [2008/04/13 14:39:53 | 000,004,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\swenum.sys -- (swenum) DRV - [2008/04/13 14:39:52 | 000,007,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mskssrv.sys -- (MSKSSRV) DRV - [2008/04/13 14:39:51 | 000,004,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mspqm.sys -- (MSPQM) DRV - [2008/04/13 14:39:50 | 000,005,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mspclock.sys -- (MSPCLOCK) DRV - [2008/04/13 14:39:47 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kbdclass.sys -- (Kbdclass) DRV - [2008/04/13 14:39:47 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mouclass.sys -- (Mouclass) DRV - [2008/04/13 14:39:46 | 000,384,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\update.sys -- (Update) DRV - [2008/04/13 14:39:46 | 000,042,368 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mountmgr.sys -- (MountMgr) DRV - [2008/04/13 14:36:52 | 000,073,472 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sr.sys -- (sr) DRV - [2008/04/13 14:36:46 | 000,015,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mssmbios.sys -- (mssmbios) DRV - [2008/04/13 14:36:44 | 000,068,224 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\pci.sys -- (PCI) DRV - [2008/04/13 14:36:43 | 000,120,192 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\pcmcia.sys -- (Pcmcia) DRV - [2008/04/13 14:36:41 | 000,037,248 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\isapnp.sys -- (isapnp) DRV - [2008/04/13 14:36:38 | 000,020,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hidbatt.sys -- (HidBatt) DRV - [2008/04/13 14:36:37 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\compbatt.sys -- (Compbatt) DRV - [2008/04/13 14:36:35 | 000,187,776 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ACPI.sys -- (ACPI) DRV - [2008/04/13 14:33:28 | 000,044,544 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fips.sys -- (Fips) DRV - [2008/04/13 14:32:59 | 000,129,792 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\fltmgr.sys -- (FltMgr) DRV - [2008/04/13 14:32:51 | 000,196,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rdpdr.sys -- (rdpdr) DRV - [2008/04/13 14:32:44 | 000,180,608 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mrxdav.sys -- (MRxDAV) DRV - [2008/04/13 14:32:39 | 000,030,848 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\npfs.sys -- (Npfs) DRV - [2008/04/13 14:32:39 | 000,019,072 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\msfs.sys -- (Msfs) DRV - [2008/04/13 14:32:36 | 000,066,048 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\udfs.sys -- (Udfs) DRV - [2008/04/13 14:31:32 | 000,036,352 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\intelppm.sys -- (intelppm) DRV - [2008/04/13 14:31:31 | 000,042,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\p3.sys -- (P3) DRV - [2008/04/13 12:39:23 | 000,142,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\aec.sys -- (aec) DRV - [2007/11/13 06:25:53 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv) DRV - [2007/10/02 04:06:40 | 000,451,968 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73) DRV - [2006/09/28 19:00:34 | 000,082,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WudfRd.sys -- (WudfRd) DRV - [2006/09/28 18:55:50 | 000,077,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WudfPf.sys -- (WudfPf) DRV - [2005/03/04 12:02:20 | 001,066,278 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2004/12/22 01:32:12 | 000,369,024 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX) DRV - [2004/08/04 04:00:00 | 000,125,056 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ftdisk.sys -- (Ftdisk) DRV - [2004/08/04 04:00:00 | 000,032,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ipfltdrv.sys -- (IpFilterDriver) DRV - [2004/08/04 04:00:00 | 000,032,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwlnkfwd.sys -- (NwlnkFwd) DRV - [2004/08/04 04:00:00 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\cdaudio.sys -- (Cdaudio) DRV - [2004/08/04 04:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink) DRV - [2004/08/04 04:00:00 | 000,016,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\raspti.sys -- (Raspti) DRV - [2004/08/04 04:00:00 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\cbidf2k.sys -- (cbidf2k) DRV - [2004/08/04 04:00:00 | 000,012,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwlnkflt.sys -- (NwlnkFlt) DRV - [2004/08/04 04:00:00 | 000,011,648 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\acpiec.sys -- (ACPIEC) DRV - [2004/08/04 04:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\rasacd.sys -- (RasAcd) DRV - [2004/08/04 04:00:00 | 000,006,784 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\parvdm.sys -- (ParVdm) DRV - [2004/08/04 04:00:00 | 000,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\dmload.sys -- (dmload) DRV - [2004/08/04 04:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\rdpcdd.sys -- (RDPCDD) DRV - [2004/08/04 04:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mnmdd.sys -- (mnmdd) DRV - [2004/08/04 04:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\beep.sys -- (Beep) DRV - [2004/08/04 04:00:00 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\null.sys -- (Null) DRV - [2004/08/03 13:29:50 | 000,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wVchNTxx.sys -- (iAimFP4) DRV - [2004/08/03 13:29:48 | 000,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wSiINTxx.sys -- (iAimFP3) DRV - [2004/08/03 13:29:46 | 000,025,471 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV10nt.sys -- (iAimTV5) DRV - [2004/08/03 13:29:46 | 000,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys -- (iAimTV4) DRV - [2004/08/03 13:29:46 | 000,022,271 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV06nt.sys -- (iAimTV6) DRV - [2004/08/03 13:29:44 | 000,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV04nt.sys -- (iAimTV3) DRV - [2004/08/03 13:29:44 | 000,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV02NT.sys -- (iAimTV1) DRV - [2004/08/03 13:29:42 | 000,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV01nt.sys -- (iAimTV0) DRV - [2004/08/03 13:29:42 | 000,011,871 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV09NT.sys -- (iAimFP7) DRV - [2004/08/03 13:29:40 | 000,011,807 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV07nt.sys -- (iAimFP5) DRV - [2004/08/03 13:29:40 | 000,011,295 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV08NT.sys -- (iAimFP6) DRV - [2004/08/03 13:29:38 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\i81xnt5.sys -- (i81x) DRV - [2004/08/03 13:29:38 | 000,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV01nt.sys -- (iAimFP0) DRV - [2004/08/03 13:29:38 | 000,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV02NT.sys -- (iAimFP1) DRV - [2004/08/03 13:29:38 | 000,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV05NT.sys -- (iAimFP2) DRV - [2003/09/17 21:44:00 | 000,145,408 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B) Intel® DRV - [2003/08/29 18:09:00 | 000,578,304 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm) DRV - [2003/08/03 19:16:08 | 000,120,094 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ialmsbw.sys -- ({6080A529-897E-4629-A488-ABA0C29B635E}) Intel® Graphics Platform (SoftBIOS) DRV - [2003/08/03 19:16:00 | 000,096,858 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ialmkchw.sys -- ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91}) Intel® Graphics Chipset (KCH) DRV - [2003/08/03 19:15:04 | 000,091,419 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm) DRV - [2002/05/08 14:44:42 | 000,105,472 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\adpu320.sys -- (adpu320) DRV - [2002/04/04 02:32:06 | 000,028,416 | R--- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symmpi.sys -- (Symmpi) DRV - [2002/04/01 10:15:00 | 000,004,816 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (aeaudio) DRV - [2001/08/17 16:51:52 | 000,003,328 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\pciide.sys -- (PCIIde) DRV - [2001/08/17 13:48:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mouhid.sys -- (mouhid) DRV - [2001/08/17 12:07:44 | 000,020,192 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dpti2o.sys -- (dpti2o) DRV - [2001/08/17 12:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3) DRV - [2001/08/17 12:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi) DRV - [2001/08/17 12:07:38 | 000,056,960 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aic78xx.sys -- (aic78xx) DRV - [2001/08/17 12:07:36 | 000,055,168 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aic78u2.sys -- (aic78u2) DRV - [2001/08/17 12:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx) DRV - [2001/08/17 12:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810) DRV - [2001/08/17 12:07:32 | 000,101,888 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\adpu160m.sys -- (adpu160m) DRV - [2001/08/17 04:59:44 | 000,003,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\audstub.sys -- (audstub) DRV - [2001/08/17 03:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Intel® 82801 Audio Driver Install Service (WDM) ========== Standard Registry (All) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/" FF - prefs.js..extensions.enabledItems: anycolor.pavlos256@gmail.com:0.3.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.8 FF - prefs.js..extensions.enabledItems: {e2c58150-9d72-11dd-ad8b-0800200c9a66}:1.2.2 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.9 FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010/06/15 00:59:09 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/15 00:23:55 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/29 21:47:17 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/05/26 14:53:50 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010/06/05 23:03:45 | 000,000,000 | ---D | M] [2010/05/26 14:54:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lister\Application Data\Mozilla\Extensions [2010/05/26 14:54:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Lister\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2008/10/16 09:36:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Lister\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2010/06/16 00:52:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lister\Application Data\Mozilla\Firefox\Profiles\76k5crmz.default\extensions [2010/05/20 16:48:06 | 000,000,000 | ---D | M] (Web Developer) -- C:\Documents and Settings\Lister\Application Data\Mozilla\Firefox\Profiles\76k5crmz.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12} [2009/06/29 16:02:07 | 000,000,000 | ---D | M] (Black Steel) -- C:\Documents and Settings\Lister\Application Data\Mozilla\Firefox\Profiles\76k5crmz.default\extensions\{e2c58150-9d72-11dd-ad8b-0800200c9a66} [2009/06/29 16:11:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lister\Application Data\Mozilla\Firefox\Profiles\76k5crmz.default\extensions\anycolor.pavlos256@gmail.com [2010/06/16 00:28:58 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010/04/26 21:45:41 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2010/06/15 01:01:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010/04/26 21:45:24 | 000,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll [2010/04/26 21:45:24 | 000,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll [2010/06/15 00:59:03 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2010/04/26 21:45:34 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll [2010/04/26 21:45:35 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml [2010/04/26 21:45:35 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml [2010/04/26 21:45:35 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml [2010/04/26 21:45:35 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml [2010/04/26 21:45:35 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml [2010/04/26 21:45:35 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml [2010/04/26 21:45:35 | 000,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml O1 HOSTS File: ([2010/06/14 23:38:16 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation) O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AGRSMMSG] C:\WINDOWS\AGRSMMSG.exe (Agere Systems) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [setRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [srmclean] C:\cpqs\scom\srmclean.exe () O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation) O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk = C:\MSSQL7\Binn\sqlmangr.exe (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\Lister\Start Menu\Programs\Startup\ntuser_mssec.exe () O4 - Startup: C:\Documents and Settings\Lister\Start Menu\Programs\Startup\sisytj32.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O15 - HKCU\..Trusted Domains: infopia.com ([app] https in Trusted sites) O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Jojo's%20Fashion%20Show/Images/stg_drm.ocx (SpinTop DRM Control) O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} http://auctioninn.expressdynamics.com/glob...rts/ScriptX.cab (MeadCo ScriptX) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Mahjong%20World/Images/armhelper.ocx (ArmHelper Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\sdra64.exe) - C:\WINDOWS\system32\sdra64.exe () O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation) O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation) O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation) O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation) O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - File not found O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation) O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation) O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation) O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O24 - Desktop Components:0 (My Current Home Page) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\Lister\My Documents\Downloads\wallpaper-phils500px2.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Lister\My Documents\Downloads\wallpaper-phils500px2.bmp O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation) O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation) O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2003/07/16 11:38:10 | 000,000,110 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ] O33 - MountPoints2\{a6132d6c-f271-11db-8e54-000ffe1ad6f5}\Shell\AutoRun\command - "" = E:\GETMYPIX.EXE -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010/06/16 01:09:37 | 000,220,024 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\sigcheck.exe [2010/06/16 00:57:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\maxdriver [2010/06/15 01:00:55 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl [2010/06/15 01:00:52 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2010/06/15 01:00:52 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2010/06/15 01:00:52 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2010/06/15 00:58:14 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2010/06/14 23:32:53 | 000,000,000 | ---D | C] -- C:\_OTL [2010/06/14 13:41:28 | 000,572,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Lister\Desktop\OTL.exe [2010/06/14 13:30:48 | 000,000,000 | -HSD | C] -- C:\WINDOWS\System32\lowsec [2010/06/14 13:24:36 | 000,998,736 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\Lister\Desktop\TDSSKiller.exe [2010/06/14 07:18:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia [2010/06/14 07:18:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe [2010/06/11 15:08:23 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC [2010/06/11 06:38:28 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Lister\Recent [2010/06/11 06:08:36 | 000,000,000 | ---D | C] -- C:\ComboFix [2010/06/11 06:06:01 | 000,000,000 | ---D | C] -- C:\Qoobox [2010/06/11 04:44:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData [2010/06/10 21:50:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lister\Local Settings\Application Data\Windows Server [2010/06/10 18:20:24 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll [2010/06/05 23:11:21 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF [2010/06/05 23:07:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lister\Application Data\vlc [2010/06/05 23:05:54 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN [2010/06/05 23:03:49 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Lister\My Documents\My Videos [2010/06/05 23:03:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lister\Application Data\DivX [2010/06/05 23:03:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lister\My Documents\DivX Movies [2010/06/05 23:03:16 | 002,120,176 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxsfs.dll [2010/06/05 23:03:16 | 000,133,616 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxafs.dll [2010/06/05 23:03:16 | 000,126,448 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxinsi64.exe [2010/06/05 23:03:16 | 000,123,888 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxcpyi64.exe [2010/06/05 23:03:16 | 000,068,592 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxinsa64.exe [2010/06/05 23:03:16 | 000,068,080 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxcpya64.exe [2010/06/05 23:02:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared [2010/06/05 22:58:25 | 000,000,000 | ---D | C] -- C:\Program Files\DivX [2010/06/05 22:57:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DivX [2010/06/03 23:53:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lister\Desktop\infinitos [2010/06/02 15:50:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lister\Desktop\photos [2010/05/26 14:53:46 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird [2010/05/25 11:31:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lister\Desktop\Copy of final-project [2010/05/23 14:54:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lister\Desktop\final-project [2010/05/23 14:12:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lister\Desktop\final-project3 [2010/05/22 00:53:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lister\Desktop\photoshop class [2010/05/20 13:14:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lister\Desktop\modelportfolio [2010/05/20 11:51:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lister\Desktop\WJTL [2010/05/20 11:17:34 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Lister\IECompatCache [1 C:\Documents and Settings\Lister\*.tmp files -> C:\Documents and Settings\Lister\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010/06/17 00:28:31 | 000,390,236 | ---- | M] () -- C:\WINDOWS\System32\aaclientf.sys [2010/06/17 00:27:57 | 000,729,894 | -HS- | M] () -- C:\WINDOWS\System32\acctresyb.sys [2010/06/17 00:21:15 | 000,425,684 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010/06/17 00:21:15 | 000,068,202 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010/06/17 00:21:13 | 000,502,068 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010/06/17 00:20:24 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{3CEE98FE-820D-476B-80C3-A47DCB8D2626}.job [2010/06/17 00:18:28 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010/06/17 00:16:03 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010/06/17 00:16:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010/06/17 00:14:26 | 004,980,736 | ---- | M] () -- C:\Documents and Settings\Lister\ntuser.dat [2010/06/17 00:14:26 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Lister\ntuser.ini [2010/06/17 00:13:55 | 004,307,088 | -H-- | M] () -- C:\Documents and Settings\Lister\Local Settings\Application Data\IconCache.db [2010/06/17 00:12:00 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1535821286-3378883779-1973138654-1018UA.job [2010/06/16 13:42:02 | 000,000,372 | --S- | M] () -- C:\WINDOWS\System32\3618941941.dat [2010/06/16 13:38:24 | 000,000,235 | --S- | M] () -- C:\WINDOWS\System32\1891678095.dat [2010/06/16 00:57:43 | 000,013,719 | ---- | M] () -- C:\WINDOWS\look.bat [2010/06/16 00:55:49 | 001,138,992 | ---- | M] () -- C:\Documents and Settings\Lister\Desktop\maxlook.exe [2010/06/15 15:12:05 | 000,000,918 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1535821286-3378883779-1973138654-1018Core.job [2010/06/15 14:04:45 | 000,016,384 | ---- | M] () -- C:\Documents and Settings\Lister\Desktop\paradise.xls [2010/06/15 01:28:11 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2010/06/15 00:58:58 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2010/06/15 00:58:58 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2010/06/15 00:58:58 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2010/06/15 00:58:58 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl [2010/06/15 00:58:56 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll [2010/06/14 23:38:16 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts [2010/06/14 13:40:47 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lister\Desktop\OTL.exe [2010/06/11 21:19:48 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Lister\defogger_reenable [2010/06/11 21:01:52 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Lister\Desktop\qb6qvrow.exe [2010/06/11 21:01:06 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Lister\Desktop\dds.scr [2010/06/11 21:00:00 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Lister\Desktop\Defogger.exe [2010/06/10 22:07:39 | 001,997,136 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010/06/10 15:43:52 | 000,056,832 | ---- | M] () -- C:\Documents and Settings\Lister\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/06/09 23:18:57 | 000,038,787 | ---- | M] () -- C:\Documents and Settings\Lister\My Documents\cdrw5-28-10.ashprj [2010/06/09 18:15:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\Norton PC Checkup Weekday Scanner.job [2010/06/07 16:16:54 | 000,220,024 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\sigcheck.exe [2010/06/06 17:56:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\Norton PC Checkup Weekend Scanner.job [2010/06/05 23:06:22 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk [2010/06/05 23:03:49 | 000,001,472 | ---- | M] () -- C:\Documents and Settings\Lister\Desktop\DivX Movies.lnk [2010/06/05 23:03:31 | 000,000,777 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Player.lnk [2010/06/05 23:03:10 | 000,000,817 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Converter.lnk [2010/05/31 10:41:12 | 000,998,736 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\Lister\Desktop\TDSSKiller.exe [2010/05/26 22:00:00 | 000,035,328 | ---- | M] () -- C:\Documents and Settings\Lister\Desktop\consignments.xls [2010/05/26 14:53:53 | 000,001,668 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Thunderbird.lnk [2010/05/24 16:10:00 | 000,049,664 | ---- | M] () -- C:\Documents and Settings\Lister\My Documents\uc.doc [2010/05/23 22:11:58 | 000,007,118 | ---- | M] () -- C:\Documents and Settings\Lister\My Documents\bradmix5-20.ashprj [1 C:\Documents and Settings\Lister\*.tmp files -> C:\Documents and Settings\Lister\*.tmp -> ] ========== Files Created - No Company Name ========== [2010/06/16 13:42:00 | 000,727,414 | -HS- | C] () -- C:\WINDOWS\System32\acctresyb.sys [2010/06/16 13:42:00 | 000,061,834 | ---- | C] () -- C:\WINDOWS\System32\aaclientf.sys [2010/06/16 00:57:31 | 000,013,719 | ---- | C] () -- C:\WINDOWS\look.bat [2010/06/16 00:56:24 | 001,138,992 | ---- | C] () -- C:\Documents and Settings\Lister\Desktop\maxlook.exe [2010/06/15 15:07:41 | 000,000,970 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1535821286-3378883779-1973138654-1018UA.job [2010/06/15 15:07:40 | 000,000,918 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1535821286-3378883779-1973138654-1018Core.job [2010/06/15 00:02:56 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2010/06/14 13:19:33 | 000,000,372 | --S- | C] () -- C:\WINDOWS\System32\3618941941.dat [2010/06/11 21:19:48 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Lister\defogger_reenable [2010/06/11 21:19:40 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Lister\Desktop\dds.scr [2010/06/11 21:19:40 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Lister\Desktop\qb6qvrow.exe [2010/06/11 21:19:40 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Lister\Desktop\Defogger.exe [2010/06/10 22:10:54 | 004,980,736 | ---- | C] () -- C:\Documents and Settings\Lister\ntuser.dat [2010/06/10 21:46:42 | 000,000,235 | --S- | C] () -- C:\WINDOWS\System32\1891678095.dat [2010/06/10 21:46:25 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\dhxiuw.dat [2010/06/05 23:06:21 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk [2010/06/05 23:03:49 | 000,001,472 | ---- | C] () -- C:\Documents and Settings\Lister\Desktop\DivX Movies.lnk [2010/06/05 23:03:31 | 000,000,777 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Player.lnk [2010/06/05 23:03:10 | 000,000,817 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Converter.lnk [2010/06/01 15:18:09 | 000,016,384 | ---- | C] () -- C:\Documents and Settings\Lister\Desktop\paradise.xls [2010/05/28 14:06:54 | 000,038,787 | ---- | C] () -- C:\Documents and Settings\Lister\My Documents\cdrw5-28-10.ashprj [2010/05/26 14:57:53 | 000,035,328 | ---- | C] () -- C:\Documents and Settings\Lister\Desktop\consignments.xls [2010/05/26 14:53:53 | 000,001,668 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Thunderbird.lnk [2010/05/24 16:10:00 | 000,049,664 | ---- | C] () -- C:\Documents and Settings\Lister\My Documents\uc.doc [2010/05/21 16:39:44 | 000,007,118 | ---- | C] () -- C:\Documents and Settings\Lister\My Documents\bradmix5-20.ashprj [2010/05/20 11:17:19 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{3CEE98FE-820D-476B-80C3-A47DCB8D2626}.job [2009/12/02 14:49:58 | 000,000,021 | ---- | C] () -- C:\WINDOWS\.picasa.ini [2009/06/07 10:24:04 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2009/06/07 10:16:12 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2009/02/13 22:30:24 | 000,000,121 | ---- | C] () -- C:\WINDOWS\System32\IeeeU.sys [2009/02/08 17:45:38 | 000,000,071 | ---- | C] () -- C:\WINDOWS\System32\tencent.sys [2009/02/08 08:48:29 | 000,000,087 | ---- | C] () -- C:\WINDOWS\System32\liuliuwang.sys [2009/02/08 08:47:05 | 000,000,059 | ---- | C] () -- C:\WINDOWS\System32\dRfT.sys [2009/02/07 19:49:42 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\lopd.sys [2009/01/30 23:50:13 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\Ls09.sys [2009/01/28 14:50:44 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2009/01/27 17:01:21 | 000,000,065 | ---- | C] () -- C:\WINDOWS\System32\IU.sys [2009/01/23 20:44:44 | 000,000,005 | ---- | C] () -- C:\WINDOWS\System32\dboy1.sys [2009/01/23 20:44:42 | 000,000,076 | ---- | C] () -- C:\WINDOWS\System32\v6XXaks8.sys [2009/01/20 17:34:39 | 000,011,521 | ---- | C] () -- C:\WINDOWS\MSUMLT_Q.ini [2006/06/06 11:36:33 | 000,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini [2006/06/06 11:36:33 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini [2006/06/06 11:36:08 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini [2006/06/06 11:36:08 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini [2006/06/06 11:36:07 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini [2006/01/12 18:24:35 | 000,000,070 | ---- | C] () -- C:\WINDOWS\bi_group.ini [2006/01/12 18:15:57 | 000,257,536 | ---- | C] () -- C:\WINDOWS\System32\BiImg.dll [2005/05/08 14:32:06 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2005/05/08 14:28:55 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2005/05/08 14:27:42 | 000,001,058 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2005/05/08 14:21:12 | 000,057,600 | ---- | C] () -- C:\WINDOWS\System32\drivers\redbook.sys [2003/02/03 16:26:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll [2003/01/07 18:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI ========== Custom Scans ========== < MD5 for: REDBOOK.SYS > [2004/08/04 09:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:redbook.sys [2004/08/04 04:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:redbook.sys [2008/07/12 11:15:43 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:redbook.sys [2008/07/12 11:15:43 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:redbook.sys [2004/08/04 01:59:38 | 000,057,472 | ---- | M] (Microsoft Corporation) MD5=B31B4588E4086D8D84ADBF9845C2402B -- C:\WINDOWS\$NtServicePackUninstall$\redbook.sys [2008/04/13 14:40:28 | 000,057,600 | ---- | M] () MD5=EC0F6B19BB73F55CC3F0C455F54F0C5D -- C:\WINDOWS\system32\drivers\redbook.sys [2008/04/13 14:40:27 | 000,057,600 | ---- | M] (Microsoft Corporation) MD5=F828DD7E1419B6653894A8F97A0094C5 -- C:\WINDOWS\ServicePackFiles\i386\redbook.sys [2008/04/13 14:40:28 | 000,057,600 | ---- | M] (Microsoft Corporation) MD5=F828DD7E1419B6653894A8F97A0094C5 -- C:\WINDOWS\system32\dllcache\redbook.sys [2008/04/13 14:40:27 | 000,057,600 | ---- | M] () MD5=FD6603E11F3AAB8DF4D279D3AC95BF06 -- C:\WINDOWS\maxdriver\redbook.sys < End of report >
  15. Below is my OTL log, also Avira has been detecting a 'TR/Patched.Gen" was found in file "C\WINDOWS\maxdriver\redbook.sys, should I remove that file next time alert pops up? OTL logfile created on: 6/16/2010 1:38:44 PM - Run 2 OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\Lister\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 87.00% Memory free 4.00 Gb Paging File | 4.00 Gb Available in Paging File | 91.00% Paging File free Paging file location(s): C:\pagefile.sys 756 1512 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 37.26 Gb Total Space | 16.77 Gb Free Space | 45.02% Space Free | Partition Type: NTFS Drive D: | 562.06 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Drive E: | 145.87 Gb Total Space | 115.62 Gb Free Space | 79.26% Space Free | Partition Type: NTFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: LISTINGPA0113 Current User Name: Lister Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2010/06/14 13:40:47 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lister\Desktop\OTL.exe PRC - [2010/06/02 20:50:58 | 001,144,104 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe PRC - [2010/04/26 21:45:27 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2010/04/21 21:52:42 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2010/03/02 10:28:31 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2010/02/24 09:28:09 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2010/01/14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2008/04/13 20:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [1998/11/27 23:43:52 | 004,964,624 | ---- | M] (Microsoft Corporation) -- C:\MSSQL7\Binn\sqlservr.exe PRC - [1998/11/13 02:06:48 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\MSSQL7\Binn\sqlmangr.exe ========== Modules (SafeList) ========== MOD - [2010/06/14 13:40:47 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lister\Desktop\OTL.exe MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- -- (PVDMAutoSvc) SRV - [2010/04/25 13:31:55 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2010/04/21 21:52:42 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010/02/24 09:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2008/04/13 20:12:36 | 000,092,160 | --S- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\acctresy.exe -- (MSSQLServerupnphost) SRV - [2008/04/13 20:12:36 | 000,079,872 | --S- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\acleditx.exe -- (oseW3SVC) SRV - [2008/04/13 20:12:36 | 000,079,360 | --S- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\admwproxo.exe -- (SENSAntiVirSchedulerService) SRV - [2008/04/13 20:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC) SRV - [2008/04/13 20:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP) SRV - [2008/04/13 20:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN) SRV - [1998/11/27 23:43:52 | 004,964,624 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\MSSQL7\Binn\sqlservr.exe -- (MSSQLServer) SRV - [1998/11/13 02:09:58 | 000,339,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\MSSQL7\Binn\sqlagent.exe -- (SQLServerAgent) ========== Driver Services (All) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | Disabled | Stopped] -- -- (ultra) DRV - File not found [Kernel | Disabled | Stopped] -- -- (TosIde) DRV - File not found [Kernel | Disabled | Stopped] -- -- (Sparrow) DRV - File not found [Kernel | Disabled | Stopped] -- -- (Simbad) DRV - File not found [Kernel | Disabled | Stopped] -- -- (ql1280) DRV - File not found [Kernel | Disabled | Stopped] -- -- (ql1240) DRV - File not found [Kernel | Disabled | Stopped] -- -- (ql12160) DRV - File not found [Kernel | Disabled | Stopped] -- -- (Ql10wnt) DRV - File not found [Kernel | Disabled | Stopped] -- -- (ql1080) DRV - File not found [Kernel | Disabled | Stopped] -- -- (perc2hib) DRV - File not found [Kernel | Disabled | Stopped] -- -- (perc2) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | Disabled | Stopped] -- -- (mraid35x) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | Disabled | Stopped] -- -- (ini910u) DRV - File not found [Kernel | Disabled | Stopped] -- -- (i2omp) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | Disabled | Stopped] -- -- (hpn) DRV - File not found [Kernel | Disabled | Stopped] -- -- (dac960nt) DRV - File not found [Kernel | Disabled | Stopped] -- -- (Cpqarray) DRV - File not found [Kernel | Disabled | Stopped] -- -- (CmdIde) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - File not found [Kernel | Disabled | Stopped] -- -- (cd20xrnt) DRV - File not found [Kernel | Disabled | Stopped] -- -- (Atdisk) DRV - File not found [Kernel | Disabled | Stopped] -- -- (asc3550) DRV - File not found [Kernel | Disabled | Stopped] -- -- (asc3350p) DRV - File not found [Kernel | Disabled | Stopped] -- -- (asc) DRV - File not found [Kernel | Disabled | Stopped] -- -- (amsint) DRV - File not found [Kernel | Disabled | Stopped] -- -- (AliIde) DRV - File not found [Kernel | Disabled | Stopped] -- -- (Aha154x) DRV - File not found [Kernel | Disabled | Stopped] -- -- (abp480n5) DRV - File not found [Kernel | Disabled | Stopped] -- -- (Abiosdsk) DRV - [2010/06/14 13:32:37 | 000,361,600 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip.sys -- (Tcpip) DRV - [2010/04/27 14:40:40 | 000,045,648 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20) DRV - [2010/03/01 09:05:24 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2010/02/24 09:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\mrxsmb.sys -- (MRxSmb) DRV - [2010/02/16 13:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009/12/31 12:50:03 | 000,353,792 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\srv.sys -- (Srv) DRV - [2009/10/20 12:20:16 | 000,265,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\http.sys -- (HTTP) DRV - [2009/06/24 07:18:41 | 000,092,928 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ksecdd.sys -- (KSecDD) DRV - [2009/05/11 11:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2009/05/11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2008/08/14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\adfs.sys -- (adfs) DRV - [2008/08/14 06:04:36 | 000,138,496 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\afd.sys -- (AFD) DRV - [2008/04/13 20:13:22 | 000,139,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rdpwd.sys -- (RDPWD) DRV - [2008/04/13 20:13:21 | 000,021,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tdtcp.sys -- (TDTCP) DRV - [2008/04/13 20:13:20 | 000,040,840 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\termdd.sys -- (TermDD) DRV - [2008/04/13 20:13:20 | 000,012,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tdpipe.sys -- (TDPIPE) DRV - [2008/04/13 15:39:48 | 000,014,592 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid) DRV - [2008/04/13 15:28:39 | 000,175,744 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\rdbss.sys -- (Rdbss) DRV - [2008/04/13 15:21:00 | 000,162,816 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\netbt.sys -- (NetBT) DRV - [2008/04/13 15:20:42 | 000,091,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ndiswan.sys -- (NdisWan) DRV - [2008/04/13 15:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ndis.sys -- (NDIS) DRV - [2008/04/13 15:19:48 | 000,048,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\raspptp.sys -- (PptpMiniport) WAN Miniport (PPTP) DRV - [2008/04/13 15:19:43 | 000,051,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rasl2tp.sys -- (Rasl2tp) WAN Miniport (L2TP) DRV - [2008/04/13 15:19:42 | 000,075,264 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ipsec.sys -- (IPSec) DRV - [2008/04/13 15:18:00 | 000,052,480 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\i8042prt.sys -- (i8042prt) DRV - [2008/04/13 15:17:18 | 000,083,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wdmaud.sys -- (wdmaud) DRV - [2008/04/13 15:17:05 | 000,105,344 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\mup.sys -- (Mup) DRV - [2008/04/13 15:15:55 | 000,060,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sysaudio.sys -- (sysaudio) DRV - [2008/04/13 15:15:53 | 000,574,976 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\ntfs.sys -- (Ntfs) DRV - [2008/04/13 15:15:45 | 000,064,512 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\serial.sys -- (Serial) DRV - [2008/04/13 15:14:29 | 000,143,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\fastfat.sys -- (Fastfat) DRV - [2008/04/13 15:14:21 | 000,063,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\cdfs.sys -- (Cdfs) DRV - [2008/04/13 15:00:19 | 000,030,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\modem.sys -- (Modem) DRV - [2008/04/13 14:57:32 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\raspppoe.sys -- (RasPppoe) DRV - [2008/04/13 14:57:29 | 000,040,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ndproxy.sys -- (NDProxy) DRV - [2008/04/13 14:57:27 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\asyncmac.sys -- (AsyncMac) DRV - [2008/04/13 14:57:27 | 000,010,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ndistapi.sys -- (NdisTapi) DRV - [2008/04/13 14:57:21 | 000,034,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanarp.sys -- (Wanarp) DRV - [2008/04/13 14:57:15 | 000,152,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ipnat.sys -- (IpNat) DRV - [2008/04/13 14:57:07 | 000,020,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ipinip.sys -- (IpInIp) DRV - [2008/04/13 14:56:32 | 000,035,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msgpc.sys -- (Gpc) DRV - [2008/04/13 14:56:02 | 000,034,688 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\netbios.sys -- (NetBIOS) DRV - [2008/04/13 14:55:58 | 000,014,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ndisuio.sys -- (Ndisuio) DRV - [2008/04/13 14:54:28 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irenum.sys -- (IRENUM) DRV - [2008/04/13 14:53:34 | 000,036,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ip6fw.sys -- (Ip6Fw) DRV - [2008/04/13 14:51:25 | 000,059,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atmarpc.sys -- (Atmarpc) DRV - [2008/04/13 14:45:40 | 000,032,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbccgp.sys -- (usbccgp) DRV - [2008/04/13 14:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbstor.sys -- (USBSTOR) DRV - [2008/04/13 14:45:37 | 000,059,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbhub.sys -- (usbhub) DRV - [2008/04/13 14:45:35 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbehci.sys -- (usbehci) DRV - [2008/04/13 14:45:35 | 000,020,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbuhci.sys -- (usbuhci) DRV - [2008/04/13 14:45:27 | 000,010,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hidusb.sys -- (HidUsb) DRV - [2008/04/13 14:45:13 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\drmkaud.sys -- (drmkaud) DRV - [2008/04/13 14:45:09 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\kmixer.sys -- (kmixer) DRV - [2008/04/13 14:45:09 | 000,056,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swmidi.sys -- (swmidi) DRV - [2008/04/13 14:45:07 | 000,006,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\splitter.sys -- (splitter) DRV - [2008/04/13 14:45:01 | 000,052,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dmusic.sys -- (DMusic) DRV - [2008/04/13 14:44:48 | 000,799,744 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dmboot.sys -- (dmboot) DRV - [2008/04/13 14:44:46 | 000,153,344 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\dmio.sys -- (dmio) DRV - [2008/04/13 14:44:40 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\vga.sys -- (VgaSave) DRV - [2008/04/13 14:41:01 | 000,052,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\volsnap.sys -- (VolSnap) DRV - [2008/04/13 14:40:58 | 000,042,112 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\imapi.sys -- (Imapi) DRV - [2008/04/13 14:40:49 | 000,019,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\partmgr.sys -- (PartMgr) DRV - [2008/04/13 14:40:48 | 000,011,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\sfloppy.sys -- (Sfloppy) DRV - [2008/04/13 14:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\disk.sys -- (Disk) DRV - [2008/04/13 14:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdrom.sys -- (Cdrom) DRV - [2008/04/13 14:40:31 | 000,005,376 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\viaide.sys -- (ViaIde) DRV - [2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\atapi.sys -- (atapi) DRV - [2008/04/13 14:40:29 | 000,005,504 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\intelide.sys -- (IntelIde) DRV - [2008/04/13 14:40:27 | 000,057,600 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\redbook.sys -- (redbook) DRV - [2008/04/13 14:40:25 | 000,027,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\fdc.sys -- (Fdc) DRV - [2008/04/13 14:40:25 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\flpydisk.sys -- (Flpydisk) DRV - [2008/04/13 14:40:12 | 000,015,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\serenum.sys -- (serenum) DRV - [2008/04/13 14:40:10 | 000,080,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\parport.sys -- (Parport) DRV - [2008/04/13 14:39:53 | 000,004,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\swenum.sys -- (swenum) DRV - [2008/04/13 14:39:52 | 000,007,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mskssrv.sys -- (MSKSSRV) DRV - [2008/04/13 14:39:51 | 000,004,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mspqm.sys -- (MSPQM) DRV - [2008/04/13 14:39:50 | 000,005,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mspclock.sys -- (MSPCLOCK) DRV - [2008/04/13 14:39:47 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kbdclass.sys -- (Kbdclass) DRV - [2008/04/13 14:39:47 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mouclass.sys -- (Mouclass) DRV - [2008/04/13 14:39:46 | 000,384,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\update.sys -- (Update) DRV - [2008/04/13 14:39:46 | 000,042,368 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mountmgr.sys -- (MountMgr) DRV - [2008/04/13 14:36:52 | 000,073,472 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sr.sys -- (sr) DRV - [2008/04/13 14:36:46 | 000,015,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mssmbios.sys -- (mssmbios) DRV - [2008/04/13 14:36:44 | 000,068,224 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\pci.sys -- (PCI) DRV - [2008/04/13 14:36:43 | 000,120,192 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\pcmcia.sys -- (Pcmcia) DRV - [2008/04/13 14:36:41 | 000,037,248 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\isapnp.sys -- (isapnp) DRV - [2008/04/13 14:36:38 | 000,020,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hidbatt.sys -- (HidBatt) DRV - [2008/04/13 14:36:37 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\compbatt.sys -- (Compbatt) DRV - [2008/04/13 14:36:35 | 000,187,776 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ACPI.sys -- (ACPI) DRV - [2008/04/13 14:33:28 | 000,044,544 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fips.sys -- (Fips) DRV - [2008/04/13 14:32:59 | 000,129,792 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\fltmgr.sys -- (FltMgr) DRV - [2008/04/13 14:32:51 | 000,196,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rdpdr.sys -- (rdpdr) DRV - [2008/04/13 14:32:44 | 000,180,608 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mrxdav.sys -- (MRxDAV) DRV - [2008/04/13 14:32:39 | 000,030,848 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\npfs.sys -- (Npfs) DRV - [2008/04/13 14:32:39 | 000,019,072 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\msfs.sys -- (Msfs) DRV - [2008/04/13 14:32:36 | 000,066,048 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\udfs.sys -- (Udfs) DRV - [2008/04/13 14:31:32 | 000,036,352 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\intelppm.sys -- (intelppm) DRV - [2008/04/13 14:31:31 | 000,042,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\p3.sys -- (P3) DRV - [2008/04/13 12:39:23 | 000,142,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\aec.sys -- (aec) DRV - [2007/11/13 06:25:53 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv) DRV - [2007/10/02 04:06:40 | 000,451,968 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73) DRV - [2006/09/28 19:00:34 | 000,082,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WudfRd.sys -- (WudfRd) DRV - [2006/09/28 18:55:50 | 000,077,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WudfPf.sys -- (WudfPf) DRV - [2005/03/04 12:02:20 | 001,066,278 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2004/12/22 01:32:12 | 000,369,024 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX) DRV - [2004/08/04 04:00:00 | 000,125,056 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ftdisk.sys -- (Ftdisk) DRV - [2004/08/04 04:00:00 | 000,032,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ipfltdrv.sys -- (IpFilterDriver) DRV - [2004/08/04 04:00:00 | 000,032,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwlnkfwd.sys -- (NwlnkFwd) DRV - [2004/08/04 04:00:00 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\cdaudio.sys -- (Cdaudio) DRV - [2004/08/04 04:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink) DRV - [2004/08/04 04:00:00 | 000,016,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\raspti.sys -- (Raspti) DRV - [2004/08/04 04:00:00 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\cbidf2k.sys -- (cbidf2k) DRV - [2004/08/04 04:00:00 | 000,012,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwlnkflt.sys -- (NwlnkFlt) DRV - [2004/08/04 04:00:00 | 000,011,648 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\acpiec.sys -- (ACPIEC) DRV - [2004/08/04 04:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\rasacd.sys -- (RasAcd) DRV - [2004/08/04 04:00:00 | 000,006,784 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\parvdm.sys -- (ParVdm) DRV - [2004/08/04 04:00:00 | 000,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\dmload.sys -- (dmload) DRV - [2004/08/04 04:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\rdpcdd.sys -- (RDPCDD) DRV - [2004/08/04 04:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mnmdd.sys -- (mnmdd) DRV - [2004/08/04 04:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\beep.sys -- (Beep) DRV - [2004/08/04 04:00:00 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\null.sys -- (Null) DRV - [2004/08/03 13:29:50 | 000,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wVchNTxx.sys -- (iAimFP4) DRV - [2004/08/03 13:29:48 | 000,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wSiINTxx.sys -- (iAimFP3) DRV - [2004/08/03 13:29:46 | 000,025,471 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV10nt.sys -- (iAimTV5) DRV - [2004/08/03 13:29:46 | 000,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys -- (iAimTV4) DRV - [2004/08/03 13:29:46 | 000,022,271 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV06nt.sys -- (iAimTV6) DRV - [2004/08/03 13:29:44 | 000,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV04nt.sys -- (iAimTV3) DRV - [2004/08/03 13:29:44 | 000,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV02NT.sys -- (iAimTV1) DRV - [2004/08/03 13:29:42 | 000,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV01nt.sys -- (iAimTV0) DRV - [2004/08/03 13:29:42 | 000,011,871 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV09NT.sys -- (iAimFP7) DRV - [2004/08/03 13:29:40 | 000,011,807 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV07nt.sys -- (iAimFP5) DRV - [2004/08/03 13:29:40 | 000,011,295 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV08NT.sys -- (iAimFP6) DRV - [2004/08/03 13:29:38 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\i81xnt5.sys -- (i81x) DRV - [2004/08/03 13:29:38 | 000,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV01nt.sys -- (iAimFP0) DRV - [2004/08/03 13:29:38 | 000,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV02NT.sys -- (iAimFP1) DRV - [2004/08/03 13:29:38 | 000,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV05NT.sys -- (iAimFP2) DRV - [2003/09/17 21:44:00 | 000,145,408 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B) Intel® DRV - [2003/08/29 18:09:00 | 000,578,304 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm) DRV - [2003/08/03 19:16:08 | 000,120,094 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ialmsbw.sys -- ({6080A529-897E-4629-A488-ABA0C29B635E}) Intel® Graphics Platform (SoftBIOS) DRV - [2003/08/03 19:16:00 | 000,096,858 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ialmkchw.sys -- ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91}) Intel® Graphics Chipset (KCH) DRV - [2003/08/03 19:15:04 | 000,091,419 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm) DRV - [2002/05/08 14:44:42 | 000,105,472 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\adpu320.sys -- (adpu320) DRV - [2002/04/04 02:32:06 | 000,028,416 | R--- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symmpi.sys -- (Symmpi) DRV - [2002/04/01 10:15:00 | 000,004,816 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (aeaudio) DRV - [2001/08/17 16:51:52 | 000,003,328 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\pciide.sys -- (PCIIde) DRV - [2001/08/17 13:48:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mouhid.sys -- (mouhid) DRV - [2001/08/17 12:07:44 | 000,020,192 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dpti2o.sys -- (dpti2o) DRV - [2001/08/17 12:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3) DRV - [2001/08/17 12:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi) DRV - [2001/08/17 12:07:38 | 000,056,960 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aic78xx.sys -- (aic78xx) DRV - [2001/08/17 12:07:36 | 000,055,168 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aic78u2.sys -- (aic78u2) DRV - [2001/08/17 12:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx) DRV - [2001/08/17 12:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810) DRV - [2001/08/17 12:07:32 | 000,101,888 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\adpu160m.sys -- (adpu160m) DRV - [2001/08/17 04:59:44 | 000,003,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\audstub.sys -- (audstub) DRV - [2001/08/17 03:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Intel® 82801 Audio Driver Install Service (WDM) ========== Standard Registry (All) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/" FF - prefs.js..extensions.enabledItems: anycolor.pavlos256@gmail.com:0.3.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.8 FF - prefs.js..extensions.enabledItems: {e2c58150-9d72-11dd-ad8b-0800200c9a66}:1.2.2 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.9 FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010/06/15 00:59:09 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/15 00:23:55 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/29 21:47:17 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/05/26 14:53:50 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010/06/05 23:03:45 | 000,000,000 | ---D | M] [2010/05/26 14:54:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lister\Application Data\Mozilla\Extensions [2010/05/26 14:54:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Lister\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2008/10/16 09:36:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Lister\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2010/06/16 00:52:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lister\Application Data\Mozilla\Firefox\Profiles\76k5crmz.default\extensions [2010/05/20 16:48:06 | 000,000,000 | ---D | M] (Web Developer) -- C:\Documents and Settings\Lister\Application Data\Mozilla\Firefox\Profiles\76k5crmz.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12} [2009/06/29 16:02:07 | 000,000,000 | ---D | M] (Black Steel) -- C:\Documents and Settings\Lister\Application Data\Mozilla\Firefox\Profiles\76k5crmz.default\extensions\{e2c58150-9d72-11dd-ad8b-0800200c9a66} [2009/06/29 16:11:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lister\Application Data\Mozilla\Firefox\Profiles\76k5crmz.default\extensions\anycolor.pavlos256@gmail.com [2010/06/16 00:28:58 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010/04/26 21:45:41 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2010/06/15 01:01:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010/04/26 21:45:24 | 000,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll [2010/04/26 21:45:24 | 000,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll [2010/06/15 00:59:03 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2010/04/26 21:45:34 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll [2010/04/26 21:45:35 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml [2010/04/26 21:45:35 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml [2010/04/26 21:45:35 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml [2010/04/26 21:45:35 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml [2010/04/26 21:45:35 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml [2010/04/26 21:45:35 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml [2010/04/26 21:45:35 | 000,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml O1 HOSTS File: ([2010/06/14 23:38:16 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation) O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AGRSMMSG] C:\WINDOWS\AGRSMMSG.exe (Agere Systems) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [setRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [srmclean] C:\cpqs\scom\srmclean.exe () O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation) O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk = C:\MSSQL7\Binn\sqlmangr.exe (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\Lister\Start Menu\Programs\Startup\ntuser_mssec.exe () O4 - Startup: C:\Documents and Settings\Lister\Start Menu\Programs\Startup\sisytj32.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O15 - HKCU\..Trusted Domains: infopia.com ([app] https in Trusted sites) O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Jojo's%20Fashion%20Show/Images/stg_drm.ocx (SpinTop DRM Control) O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} http://auctioninn.expressdynamics.com/glob...rts/ScriptX.cab (MeadCo ScriptX) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Mahjong%20World/Images/armhelper.ocx (ArmHelper Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\sdra64.exe) - C:\WINDOWS\system32\sdra64.exe () O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation) O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation) O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation) O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation) O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - File not found O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation) O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation) O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation) O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O24 - Desktop Components:0 (My Current Home Page) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\Lister\My Documents\Downloads\wallpaper-phils500px2.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Lister\My Documents\Downloads\wallpaper-phils500px2.bmp O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation) O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation) O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2003/07/16 11:38:10 | 000,000,110 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ] O33 - MountPoints2\{a6132d6c-f271-11db-8e54-000ffe1ad6f5}\Shell\AutoRun\command - "" = E:\GETMYPIX.EXE -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010/06/16 01:09:37 | 000,220,024 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\sigcheck.exe [2010/06/16 00:57:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\maxdriver [2010/06/15 01:00:55 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl [2010/06/15 01:00:52 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2010/06/15 01:00:52 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2010/06/15 01:00:52 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2010/06/15 00:58:14 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2010/06/14 23:32:53 | 000,000,000 | ---D | C] -- C:\_OTL [2010/06/14 13:41:28 | 000,572,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Lister\Desktop\OTL.exe [2010/06/14 13:30:48 | 000,000,000 | -HSD | C] -- C:\WINDOWS\System32\lowsec [2010/06/14 13:24:36 | 000,998,736 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\Lister\Desktop\TDSSKiller.exe [2010/06/14 07:18:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia [2010/06/14 07:18:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe [2010/06/11 15:08:23 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC [2010/06/11 06:38:28 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Lister\Recent [2010/06/11 06:08:36 | 000,000,000 | ---D | C] -- C:\ComboFix [2010/06/11 06:06:01 | 000,000,000 | ---D | C] -- C:\Qoobox [2010/06/11 04:44:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData [2010/06/10 21:50:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lister\Local Settings\Application Data\Windows Server [2010/06/10 18:20:24 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll [2010/06/05 23:11:21 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF [2010/06/05 23:07:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lister\Application Data\vlc [2010/06/05 23:05:54 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN [2010/06/05 23:03:49 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Lister\My Documents\My Videos [2010/06/05 23:03:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lister\Application Data\DivX [2010/06/05 23:03:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lister\My Documents\DivX Movies [2010/06/05 23:03:16 | 002,120,176 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxsfs.dll [2010/06/05 23:03:16 | 000,133,616 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxafs.dll [2010/06/05 23:03:16 | 000,126,448 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxinsi64.exe [2010/06/05 23:03:16 | 000,123,888 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxcpyi64.exe [2010/06/05 23:03:16 | 000,068,592 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxinsa64.exe [2010/06/05 23:03:16 | 000,068,080 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxcpya64.exe [2010/06/05 23:02:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared [2010/06/05 22:58:25 | 000,000,000 | ---D | C] -- C:\Program Files\DivX [2010/06/05 22:57:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DivX [2010/06/03 23:53:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lister\Desktop\infinitos [2010/06/02 15:50:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lister\Desktop\photos [2010/05/26 14:53:46 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird [2010/05/25 11:31:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lister\Desktop\Copy of final-project [2010/05/23 14:54:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lister\Desktop\final-project [2010/05/23 14:12:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lister\Desktop\final-project3 [2010/05/22 00:53:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lister\Desktop\photoshop class [2010/05/20 13:14:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lister\Desktop\modelportfolio [2010/05/20 11:51:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lister\Desktop\WJTL [2010/05/20 11:17:34 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Lister\IECompatCache [2010/05/17 23:12:53 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Lister\PrivacIE [2010/05/17 21:10:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lister\Application Data\AVI ReComp [2010/05/17 21:09:56 | 000,000,000 | ---D | C] -- C:\Program Files\Gabest [2010/05/17 21:09:32 | 000,000,000 | ---D | C] -- C:\Program Files\AviSynth 2.5 [2010/05/17 21:09:23 | 000,000,000 | ---D | C] -- C:\Program Files\AVI ReComp [2010/05/17 20:56:39 | 000,000,000 | ---D | C] -- C:\Program Files\Solveig Multimedia [2010/05/17 20:56:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Solveig Multimedia [2010/05/17 20:52:01 | 000,000,000 | ---D | C] -- C:\Program Files\FREE Hi-Q Recorder [2010/05/17 20:46:54 | 000,000,000 | ---D | C] -- C:\Program Files\Quick AVI Splitter [1 C:\Documents and Settings\Lister\*.tmp files -> C:\Documents and Settings\Lister\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010/06/16 14:19:27 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{3CEE98FE-820D-476B-80C3-A47DCB8D2626}.job [2010/06/16 14:12:00 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1535821286-3378883779-1973138654-1018UA.job [2010/06/16 14:11:53 | 000,455,702 | ---- | M] () -- C:\WINDOWS\System32\aaclientf.sys [2010/06/16 14:06:14 | 000,354,318 | -HS- | M] () -- C:\WINDOWS\System32\acctresyb.sys [2010/06/16 13:42:02 | 000,000,372 | --S- | M] () -- C:\WINDOWS\System32\3618941941.dat [2010/06/16 13:38:24 | 000,000,235 | --S- | M] () -- C:\WINDOWS\System32\1891678095.dat [2010/06/16 01:09:10 | 000,425,684 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010/06/16 01:09:10 | 000,068,202 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010/06/16 01:09:08 | 000,502,068 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010/06/16 01:05:11 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010/06/16 01:04:17 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010/06/16 01:04:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010/06/16 00:57:43 | 000,013,719 | ---- | M] () -- C:\WINDOWS\look.bat [2010/06/16 00:55:49 | 001,138,992 | ---- | M] () -- C:\Documents and Settings\Lister\Desktop\maxlook.exe [2010/06/16 00:33:18 | 004,306,160 | -H-- | M] () -- C:\Documents and Settings\Lister\Local Settings\Application Data\IconCache.db [2010/06/15 15:12:05 | 000,000,918 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1535821286-3378883779-1973138654-1018Core.job [2010/06/15 14:24:48 | 004,980,736 | ---- | M] () -- C:\Documents and Settings\Lister\ntuser.dat [2010/06/15 14:24:48 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Lister\ntuser.ini [2010/06/15 14:04:45 | 000,016,384 | ---- | M] () -- C:\Documents and Settings\Lister\Desktop\paradise.xls [2010/06/15 01:28:11 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2010/06/15 00:58:58 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2010/06/15 00:58:58 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2010/06/15 00:58:58 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2010/06/15 00:58:58 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl [2010/06/15 00:58:56 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll [2010/06/14 23:38:16 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts [2010/06/14 13:40:47 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lister\Desktop\OTL.exe [2010/06/11 21:19:48 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Lister\defogger_reenable [2010/06/11 21:01:52 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Lister\Desktop\qb6qvrow.exe [2010/06/11 21:01:06 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Lister\Desktop\dds.scr [2010/06/11 21:00:00 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Lister\Desktop\Defogger.exe [2010/06/10 22:07:39 | 001,997,136 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010/06/10 15:43:52 | 000,056,832 | ---- | M] () -- C:\Documents and Settings\Lister\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/06/09 23:18:57 | 000,038,787 | ---- | M] () -- C:\Documents and Settings\Lister\My Documents\cdrw5-28-10.ashprj [2010/06/09 18:15:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\Norton PC Checkup Weekday Scanner.job [2010/06/07 16:16:54 | 000,220,024 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\sigcheck.exe [2010/06/06 17:56:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\Norton PC Checkup Weekend Scanner.job [2010/06/05 23:06:22 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk [2010/06/05 23:03:49 | 000,001,472 | ---- | M] () -- C:\Documents and Settings\Lister\Desktop\DivX Movies.lnk [2010/06/05 23:03:31 | 000,000,777 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Player.lnk [2010/06/05 23:03:10 | 000,000,817 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Converter.lnk [2010/05/31 10:41:12 | 000,998,736 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\Lister\Desktop\TDSSKiller.exe [2010/05/26 22:00:00 | 000,035,328 | ---- | M] () -- C:\Documents and Settings\Lister\Desktop\consignments.xls [2010/05/26 14:53:53 | 000,001,668 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Thunderbird.lnk [2010/05/24 16:10:00 | 000,049,664 | ---- | M] () -- C:\Documents and Settings\Lister\My Documents\uc.doc [2010/05/23 22:11:58 | 000,007,118 | ---- | M] () -- C:\Documents and Settings\Lister\My Documents\bradmix5-20.ashprj [2010/05/17 21:09:25 | 000,001,667 | ---- | M] () -- C:\Documents and Settings\Lister\Desktop\AVI ReComp.lnk [2010/05/17 20:56:41 | 000,000,866 | ---- | M] () -- C:\Documents and Settings\Lister\Desktop\SolveigMM AVI Trimmer.lnk [2010/05/17 20:52:02 | 000,000,673 | ---- | M] () -- C:\Documents and Settings\Lister\Desktop\FREE Hi-Q Recorder.lnk [2010/05/17 20:46:55 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\Lister\Desktop\Quick AVI Splitter.lnk [1 C:\Documents and Settings\Lister\*.tmp files -> C:\Documents and Settings\Lister\*.tmp -> ] ========== Files Created - No Company Name ========== [2010/06/16 13:42:00 | 000,309,378 | -HS- | C] () -- C:\WINDOWS\System32\acctresyb.sys [2010/06/16 13:42:00 | 000,066,392 | ---- | C] () -- C:\WINDOWS\System32\aaclientf.sys [2010/06/16 00:57:31 | 000,013,719 | ---- | C] () -- C:\WINDOWS\look.bat [2010/06/16 00:56:24 | 001,138,992 | ---- | C] () -- C:\Documents and Settings\Lister\Desktop\maxlook.exe [2010/06/15 15:07:41 | 000,000,970 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1535821286-3378883779-1973138654-1018UA.job [2010/06/15 15:07:40 | 000,000,918 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1535821286-3378883779-1973138654-1018Core.job [2010/06/15 00:02:56 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2010/06/14 13:19:33 | 000,000,372 | --S- | C] () -- C:\WINDOWS\System32\3618941941.dat [2010/06/11 21:19:48 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Lister\defogger_reenable [2010/06/11 21:19:40 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Lister\Desktop\dds.scr [2010/06/11 21:19:40 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Lister\Desktop\qb6qvrow.exe [2010/06/11 21:19:40 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Lister\Desktop\Defogger.exe [2010/06/10 22:10:54 | 004,980,736 | ---- | C] () -- C:\Documents and Settings\Lister\ntuser.dat [2010/06/10 21:46:42 | 000,000,235 | --S- | C] () -- C:\WINDOWS\System32\1891678095.dat [2010/06/10 21:46:25 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\dhxiuw.dat [2010/06/05 23:06:21 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk [2010/06/05 23:03:49 | 000,001,472 | ---- | C] () -- C:\Documents and Settings\Lister\Desktop\DivX Movies.lnk [2010/06/05 23:03:31 | 000,000,777 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Player.lnk [2010/06/05 23:03:10 | 000,000,817 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Converter.lnk [2010/06/01 15:18:09 | 000,016,384 | ---- | C] () -- C:\Documents and Settings\Lister\Desktop\paradise.xls [2010/05/28 14:06:54 | 000,038,787 | ---- | C] () -- C:\Documents and Settings\Lister\My Documents\cdrw5-28-10.ashprj [2010/05/26 14:57:53 | 000,035,328 | ---- | C] () -- C:\Documents and Settings\Lister\Desktop\consignments.xls [2010/05/26 14:53:53 | 000,001,668 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Thunderbird.lnk [2010/05/24 16:10:00 | 000,049,664 | ---- | C] () -- C:\Documents and Settings\Lister\My Documents\uc.doc [2010/05/21 16:39:44 | 000,007,118 | ---- | C] () -- C:\Documents and Settings\Lister\My Documents\bradmix5-20.ashprj [2010/05/20 11:17:19 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{3CEE98FE-820D-476B-80C3-A47DCB8D2626}.job [2010/05/17 21:09:25 | 000,001,667 | ---- | C] () -- C:\Documents and Settings\Lister\Desktop\AVI ReComp.lnk [2010/05/17 20:56:41 | 000,000,866 | ---- | C] () -- C:\Documents and Settings\Lister\Desktop\SolveigMM AVI Trimmer.lnk [2010/05/17 20:52:02 | 000,000,673 | ---- | C] () -- C:\Documents and Settings\Lister\Desktop\FREE Hi-Q Recorder.lnk [2010/05/17 20:46:55 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Lister\Desktop\Quick AVI Splitter.lnk [2009/12/02 14:49:58 | 000,000,021 | ---- | C] () -- C:\WINDOWS\.picasa.ini [2009/06/07 10:24:04 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2009/06/07 10:16:12 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2009/02/13 22:30:24 | 000,000,121 | ---- | C] () -- C:\WINDOWS\System32\IeeeU.sys [2009/02/08 17:45:38 | 000,000,071 | ---- | C] () -- C:\WINDOWS\System32\tencent.sys [2009/02/08 08:48:29 | 000,000,087 | ---- | C] () -- C:\WINDOWS\System32\liuliuwang.sys [2009/02/08 08:47:05 | 000,000,059 | ---- | C] () -- C:\WINDOWS\System32\dRfT.sys [2009/02/07 19:49:42 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\lopd.sys [2009/01/30 23:50:13 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\Ls09.sys [2009/01/28 14:50:44 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2009/01/27 17:01:21 | 000,000,065 | ---- | C] () -- C:\WINDOWS\System32\IU.sys [2009/01/23 20:44:44 | 000,000,005 | ---- | C] () -- C:\WINDOWS\System32\dboy1.sys [2009/01/23 20:44:42 | 000,000,076 | ---- | C] () -- C:\WINDOWS\System32\v6XXaks8.sys [2009/01/20 17:34:39 | 000,011,521 | ---- | C] () -- C:\WINDOWS\MSUMLT_Q.ini [2006/06/06 11:36:33 | 000,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini [2006/06/06 11:36:33 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini [2006/06/06 11:36:08 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini [2006/06/06 11:36:08 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini [2006/06/06 11:36:07 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini [2006/01/12 18:24:35 | 000,000,070 | ---- | C] () -- C:\WINDOWS\bi_group.ini [2006/01/12 18:15:57 | 000,257,536 | ---- | C] () -- C:\WINDOWS\System32\BiImg.dll [2005/05/08 14:32:06 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2005/05/08 14:28:55 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2005/05/08 14:27:42 | 000,001,058 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2005/05/08 14:21:12 | 000,057,600 | ---- | C] () -- C:\WINDOWS\System32\drivers\redbook.sys [2003/02/03 16:26:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll [2003/01/07 18:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI ========== Custom Scans ========== < MD5 for: REDBOOK.SYS > [2004/08/04 09:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:redbook.sys [2004/08/04 04:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:redbook.sys [2008/07/12 11:15:43 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:redbook.sys [2008/07/12 11:15:43 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:redbook.sys [2004/08/04 01:59:38 | 000,057,472 | ---- | M] (Microsoft Corporation) MD5=B31B4588E4086D8D84ADBF9845C2402B -- C:\WINDOWS\$NtServicePackUninstall$\redbook.sys [2008/04/13 14:40:27 | 000,057,600 | ---- | M] () MD5=EC0F6B19BB73F55CC3F0C455F54F0C5D -- C:\WINDOWS\system32\drivers\redbook.sys [2008/04/13 14:40:27 | 000,057,600 | ---- | M] (Microsoft Corporation) MD5=F828DD7E1419B6653894A8F97A0094C5 -- C:\WINDOWS\ServicePackFiles\i386\redbook.sys [2008/04/13 14:40:27 | 000,057,600 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\maxdriver\redbook.sys < End of report >
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.