Bdr187
Honorary Members-
Posts
32 -
Joined
-
Last visited
Reputation
0 Neutral-
Things seem to be working better, haven't encountered any problems.
-
ComboFix 11-03-13.02 - Administrator 03/14/2011 12:39:31.3.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.637 [GMT -4:00] Running from: c:\documents and settings\administrator.AUCTIONINN\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\administrator.AUCTIONINN\Desktop\CFScript.txt . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\docume~1\ADMINI~1.AUC\LOCALS~1\Temp\IadHide5.dll c:\documents and settings\administrator.AUCTIONINN\Local Settings\temp\IadHide5.dll . . --------------- FCopy --------------- . c:\windows\ServicePackFiles\i386\sfcfiles.dll --> c:\windows\System32\sfcfiles.dll . ((((((((((((((((((((((((( Files Created from 2011-02-14 to 2011-03-14 ))))))))))))))))))))))))))))))) . . 2011-03-14 16:39 . 2008-04-14 10:42 1614848 ----a-w- c:\windows\system32\sfcfiles.dll 2011-03-13 01:45 . 2010-11-02 15:17 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys 2011-03-13 01:42 . 2010-10-11 14:59 45568 ------w- c:\windows\system32\dllcache\wab.exe 2011-03-12 05:20 . 2011-03-12 05:20 431144 ----a-w- c:\program files\Mozilla Firefox\uninstall\helper.exe 2011-03-12 05:19 . 2011-03-12 05:19 46456 ----a-w- c:\program files\Mozilla Firefox\components\spellchk.dll 2011-03-12 05:19 . 2011-03-12 05:19 34688 ----a-w- c:\program files\Mozilla Firefox\components\myspell.dll 2011-03-12 04:12 . 2011-03-12 05:51 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{78A29A4D-35CE-4C46-9AC9-2692EE35F0BE} 2011-03-12 04:09 . 2011-03-12 05:51 -------- d-----w- c:\program files\Lavasoft 2011-03-12 04:09 . 2011-03-12 04:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2011-03-12 03:30 . 2011-03-12 03:37 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Temp 2011-03-11 17:06 . 2011-03-11 17:06 -------- d-----w- c:\documents and settings\administrator.AUCTIONINN\Application Data\Auslogics 2011-03-11 17:05 . 2011-03-11 17:05 -------- d-----w- c:\program files\Auslogics 2011-03-11 16:53 . 2011-03-11 16:53 -------- d-----w- c:\program files\WinMend 2011-03-10 18:11 . 2011-03-10 18:11 -------- d--h--w- c:\windows\system32\GroupPolicy 2011-03-10 17:46 . 2011-03-10 17:46 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2011-03-10 17:29 . 2011-03-12 04:22 -------- d-----w- c:\documents and settings\Administrator\Application Data\Apple Computer 2011-03-10 17:29 . 2011-03-10 17:29 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Apple Computer 2011-03-10 17:27 . 2011-03-10 17:27 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache 2011-03-08 20:43 . 2011-03-08 20:43 -------- d-----w- c:\program files\Yontoo Layers Client 2011-03-08 19:46 . 2011-03-08 19:46 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe 2011-03-08 19:46 . 2011-03-08 19:46 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AdobeUM 2011-03-04 15:06 . 2011-03-04 15:06 -------- d-----w- c:\documents and settings\administrator.AUCTIONINN\Application Data\oovootb 2011-03-03 18:53 . 2011-03-03 18:53 -------- d-----w- c:\documents and settings\administrator.AUCTIONINN\Application Data\Malwarebytes 2011-03-03 18:53 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-03-03 18:53 . 2011-03-03 18:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2011-03-03 18:53 . 2011-03-03 18:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-03-03 18:53 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-02-09 13:53 . 2004-08-04 08:00 270848 ----a-w- c:\windows\system32\sbe.dll 2011-02-09 13:53 . 2004-08-04 08:00 186880 ----a-w- c:\windows\system32\encdec.dll 2011-02-02 07:58 . 2004-08-04 08:00 2067456 ----a-w- c:\windows\system32\mstscax.dll 2011-01-27 11:57 . 2004-08-04 08:00 677888 ----a-w- c:\windows\system32\mstsc.exe 2011-01-21 14:44 . 2004-08-04 08:00 439296 ----a-w- c:\windows\system32\shimgvw.dll 2011-01-07 14:09 . 2004-08-04 08:00 290048 ----a-w- c:\windows\system32\atmfd.dll 2010-12-31 13:10 . 2004-08-04 08:00 1854976 ----a-w- c:\windows\system32\win32k.sys 2010-12-22 12:34 . 2004-08-04 08:00 301568 ----a-w- c:\windows\system32\kerberos.dll 2010-12-20 23:59 . 2004-08-04 08:00 916480 ----a-w- c:\windows\system32\wininet.dll 2010-12-20 23:59 . 2004-08-04 08:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2010-12-20 23:59 . 2004-08-04 08:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2010-12-20 17:26 . 2004-08-04 08:00 730112 ----a-w- c:\windows\system32\lsasrv.dll 2010-12-20 12:55 . 2004-08-04 08:00 385024 ----a-w- c:\windows\system32\html.iec 2011-03-12 05:19 . 2006-09-25 20:42 66408 ----a-w- c:\program files\mozilla firefox\components\jar50.dll 2011-03-12 05:19 . 2006-09-25 20:42 54112 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll 2011-03-12 05:19 . 2011-03-12 05:19 34688 ----a-w- c:\program files\mozilla firefox\components\myspell.dll 2011-03-12 05:19 . 2011-03-12 05:19 46456 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll 2011-03-12 05:19 . 2006-09-25 20:42 171880 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-07-01 36864] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AGRSMMSG"="AGRSMMSG.exe" [2005-04-13 88209] "SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-06 149280] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-03 122939] "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-02 102492] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-02 692316] "eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 290816] "Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2004-11-19 233534] "LogitechCommunicationsManager"="c:\program files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-06-26 497200] "LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2006-06-26 614960] "LVCOMSX"="c:\program files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-06-26 243248] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-03-26 49152] "hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-03-13 81920] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160] "TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2010-11-02 274608] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-12-21 155648] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-12-21 126976] . c:\documents and settings\milzyc\Start Menu\Programs\Startup\ VZAccess Manager.lnk - c:\program files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe [N/A] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-7-1 196608] . [HKLM\~\startupfolder\C:^Documents and Settings^administrator.AUCTIONINN^Start Menu^Programs^Startup^Dora the Explorer_ Dance to the Rescue Registration.lnk] path=c:\documents and settings\administrator.AUCTIONINN\Start Menu\Programs\Startup\Dora the Explorer_ Dance to the Rescue Registration.lnk backup=c:\windows\pss\Dora the Explorer_ Dance to the Rescue Registration.lnkStartup . [HKLM\~\startupfolder\C:^Documents and Settings^administrator.AUCTIONINN^Start Menu^Programs^Startup^VZAccess Manager.lnk] path=c:\documents and settings\administrator.AUCTIONINN\Start Menu\Programs\Startup\VZAccess Manager.lnk backup=c:\windows\pss\VZAccess Manager.lnkStartup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent] 2006-06-21 02:36 1207080 ----a-w- c:\progra~1\MICROS~3\wcescomm.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\FrostWire\\FrostWire.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service "443:TCP"= 443:TCP:*:Disabled:ooVoo TCP port 443 "443:UDP"= 443:UDP:*:Disabled:ooVoo UDP port 443 "37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP port 37674 "37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP port 37674 "37675:UDP"= 37675:UDP:*:Disabled:ooVoo UDP port 37675 . R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [5/3/2004 12:26 PM 80384] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/4/2010 2:49 PM 135664] S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?] S3 pwi_bus;Curitel PC Card Composite Device driver (WDM);c:\windows\system32\drivers\pwi_bus.sys [12/5/2006 11:12 AM 55344] S3 pwi_mdfl;Curitel PC Card Filter;c:\windows\system32\drivers\pwi_mdfl.sys [12/5/2006 11:12 AM 9200] S3 pwi_mdm;Curitel PC Card Drivers;c:\windows\system32\drivers\pwi_mdm.sys [12/5/2006 11:12 AM 89936] S3 pwi_oflt;Curitel PC Card OHCI Filter;c:\windows\system32\drivers\pwi_oflt.sys [12/5/2006 11:12 AM 9472] S3 pwi_serd;Curitel PC Card Diagnostic Serial Port (WDM);c:\windows\system32\drivers\pwi_serd.sys [12/5/2006 11:12 AM 69632] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder . 2010-11-20 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50] . 2011-03-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 18:49] . 2011-03-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 18:49] . 2011-03-14 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-18.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-10-20 22:32] . 2011-03-14 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1143423117-2145742611-1760610739-500.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-10-20 22:32] . 2011-03-14 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-269360215-3030256761-234219110-500.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-10-20 22:32] . 2010-11-21 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-18.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-10-20 22:32] . 2011-03-12 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1143423117-2145742611-1760610739-500.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-10-20 22:32] . 2011-03-12 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-269360215-3030256761-234219110-500.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-10-20 22:32] . 2011-03-14 c:\windows\Tasks\User_Feed_Synchronization-{E740A38F-31CF-4AF5-B20A-4EF5A1D69451}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 09:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.ask.com?o=14196&l=dis uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uDefault_Search_URL = hxxp://www.google.com/ie uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/ uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll FF - ProfilePath - c:\documents and settings\administrator.AUCTIONINN\Application Data\Mozilla\Firefox\Profiles\f0bc7g4u.default\ FF - prefs.js: browser.startup.homepage - hxxp://m.www.yahoo.com/ FF - prefs.js: keyword.URL - hxxp://search.mywebstart.net/?sid=10101070100&s= FF - user.js: browser.search.order.1 - Search FF - user.js: keyword.URL - hxxp://search.mywebstart.net/?sid=10101070100&s= . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-03-14 12:59 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????5?6?7?6??????? ?4?B?????????????hLC? ?????? . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(2860) c:\windows\system32\WININET.dll c:\program files\Common Files\Logitech\LVMVFM\LVPrcInj.dll c:\docume~1\ADMINI~1.AUC\LOCALS~1\Temp\IadHide5.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Analog Devices\SoundMAX\SMAgent.exe c:\program files\Windows Media Player\WMPNetwk.exe c:\windows\AGRSMMSG.exe c:\program files\HPQ\SHARED\HPQWMI.exe c:\program files\Microsoft ActiveSync\wcescomm.exe c:\progra~1\MICROS~3\rapimgr.exe c:\program files\Logitech\QuickCam10\COCIManager.exe c:\program files\iPod\bin\iPodService.exe . ************************************************************************** . Completion time: 2011-03-14 13:08:17 - machine was rebooted ComboFix-quarantined-files.txt 2011-03-14 17:08 ComboFix2.txt 2011-03-14 02:00 ComboFix3.txt 2011-03-14 01:20 . Pre-Run: 14,801,928,192 bytes free Post-Run: 14,734,897,152 bytes free . - - End Of File - - C9D44C59CA14BC77AFBC26AE04A13D18
-
ComboFix 11-03-12.01 - Administrator 03/13/2011 21:33:00.2.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.625 [GMT -4:00] Running from: c:\documents and settings\administrator.AUCTIONINN\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\administrator.AUCTIONINN\Desktop\CFScript.txt . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\docume~1\ADMINI~1.AUC\LOCALS~1\Temp\IadHide5.dll c:\documents and settings\administrator.AUCTIONINN\Local Settings\Temp\IadHide5.dll . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_mjju . . ((((((((((((((((((((((((( Files Created from 2011-02-14 to 2011-03-14 ))))))))))))))))))))))))))))))) . . 2011-03-13 01:45 . 2010-11-02 15:17 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys 2011-03-13 01:42 . 2010-10-11 14:59 45568 ------w- c:\windows\system32\dllcache\wab.exe 2011-03-12 05:20 . 2011-03-12 05:20 431144 ----a-w- c:\program files\Mozilla Firefox\uninstall\helper.exe 2011-03-12 05:19 . 2011-03-12 05:19 46456 ----a-w- c:\program files\Mozilla Firefox\components\spellchk.dll 2011-03-12 05:19 . 2011-03-12 05:19 34688 ----a-w- c:\program files\Mozilla Firefox\components\myspell.dll 2011-03-12 04:12 . 2011-03-12 05:51 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{78A29A4D-35CE-4C46-9AC9-2692EE35F0BE} 2011-03-12 04:09 . 2011-03-12 05:51 -------- d-----w- c:\program files\Lavasoft 2011-03-12 04:09 . 2011-03-12 04:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2011-03-12 03:30 . 2011-03-12 03:37 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Temp 2011-03-11 17:06 . 2011-03-11 17:06 -------- d-----w- c:\documents and settings\administrator.AUCTIONINN\Application Data\Auslogics 2011-03-11 17:05 . 2011-03-11 17:05 -------- d-----w- c:\program files\Auslogics 2011-03-11 16:53 . 2011-03-11 16:53 -------- d-----w- c:\program files\WinMend 2011-03-10 18:11 . 2011-03-10 18:11 -------- d--h--w- c:\windows\system32\GroupPolicy 2011-03-10 17:46 . 2011-03-10 17:46 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2011-03-10 17:29 . 2011-03-12 04:22 -------- d-----w- c:\documents and settings\Administrator\Application Data\Apple Computer 2011-03-10 17:29 . 2011-03-10 17:29 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Apple Computer 2011-03-10 17:27 . 2011-03-10 17:27 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache 2011-03-08 20:43 . 2011-03-08 20:43 -------- d-----w- c:\program files\Yontoo Layers Client 2011-03-08 19:46 . 2011-03-08 19:46 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe 2011-03-08 19:46 . 2011-03-08 19:46 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AdobeUM 2011-03-04 15:06 . 2011-03-04 15:06 -------- d-----w- c:\documents and settings\administrator.AUCTIONINN\Application Data\oovootb 2011-03-03 18:53 . 2011-03-03 18:53 -------- d-----w- c:\documents and settings\administrator.AUCTIONINN\Application Data\Malwarebytes 2011-03-03 18:53 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-03-03 18:53 . 2011-03-03 18:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2011-03-03 18:53 . 2011-03-03 18:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-03-03 18:53 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-02-09 13:53 . 2004-08-04 08:00 270848 ----a-w- c:\windows\system32\sbe.dll 2011-02-09 13:53 . 2004-08-04 08:00 186880 ----a-w- c:\windows\system32\encdec.dll 2011-02-02 07:58 . 2004-08-04 08:00 2067456 ----a-w- c:\windows\system32\mstscax.dll 2011-01-27 11:57 . 2004-08-04 08:00 677888 ----a-w- c:\windows\system32\mstsc.exe 2011-01-21 14:44 . 2004-08-04 08:00 439296 ----a-w- c:\windows\system32\shimgvw.dll 2011-01-07 14:09 . 2004-08-04 08:00 290048 ----a-w- c:\windows\system32\atmfd.dll 2010-12-31 13:10 . 2004-08-04 08:00 1854976 ----a-w- c:\windows\system32\win32k.sys 2010-12-22 12:34 . 2004-08-04 08:00 301568 ----a-w- c:\windows\system32\kerberos.dll 2010-12-20 23:59 . 2004-08-04 08:00 916480 ----a-w- c:\windows\system32\wininet.dll 2010-12-20 23:59 . 2004-08-04 08:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2010-12-20 23:59 . 2004-08-04 08:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2010-12-20 17:26 . 2004-08-04 08:00 730112 ----a-w- c:\windows\system32\lsasrv.dll 2010-12-20 12:55 . 2004-08-04 08:00 385024 ----a-w- c:\windows\system32\html.iec 2011-03-12 05:19 . 2006-09-25 20:42 66408 ----a-w- c:\program files\mozilla firefox\components\jar50.dll 2011-03-12 05:19 . 2006-09-25 20:42 54112 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll 2011-03-12 05:19 . 2011-03-12 05:19 34688 ----a-w- c:\program files\mozilla firefox\components\myspell.dll 2011-03-12 05:19 . 2011-03-12 05:19 46456 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll 2011-03-12 05:19 . 2006-09-25 20:42 171880 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll . . ------- Sigcheck ------- . [7] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfcfiles.dll [7] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\sfcfiles.dll [7] 2004-08-04 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfcfiles.dll . c:\windows\System32\sfcfiles.dll ... is missing !! . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-07-01 36864] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AGRSMMSG"="AGRSMMSG.exe" [2005-04-13 88209] "SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-06 149280] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-03 122939] "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-02 102492] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-02 692316] "eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 290816] "Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2004-11-19 233534] "LogitechCommunicationsManager"="c:\program files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-06-26 497200] "LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2006-06-26 614960] "LVCOMSX"="c:\program files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-06-26 243248] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-03-26 49152] "hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-03-13 81920] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160] "TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2010-11-02 274608] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-12-21 155648] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-12-21 126976] . c:\documents and settings\milzyc\Start Menu\Programs\Startup\ VZAccess Manager.lnk - c:\program files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe [N/A] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-7-1 196608] . [HKLM\~\startupfolder\C:^Documents and Settings^administrator.AUCTIONINN^Start Menu^Programs^Startup^Dora the Explorer_ Dance to the Rescue Registration.lnk] path=c:\documents and settings\administrator.AUCTIONINN\Start Menu\Programs\Startup\Dora the Explorer_ Dance to the Rescue Registration.lnk backup=c:\windows\pss\Dora the Explorer_ Dance to the Rescue Registration.lnkStartup . [HKLM\~\startupfolder\C:^Documents and Settings^administrator.AUCTIONINN^Start Menu^Programs^Startup^VZAccess Manager.lnk] path=c:\documents and settings\administrator.AUCTIONINN\Start Menu\Programs\Startup\VZAccess Manager.lnk backup=c:\windows\pss\VZAccess Manager.lnkStartup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent] 2006-06-21 02:36 1207080 ----a-w- c:\progra~1\MICROS~3\wcescomm.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\FrostWire\\FrostWire.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service "443:TCP"= 443:TCP:*:Disabled:ooVoo TCP port 443 "443:UDP"= 443:UDP:*:Disabled:ooVoo UDP port 443 "37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP port 37674 "37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP port 37674 "37675:UDP"= 37675:UDP:*:Disabled:ooVoo UDP port 37675 . R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [5/3/2004 12:26 PM 80384] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/4/2010 2:49 PM 135664] S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?] S3 pwi_bus;Curitel PC Card Composite Device driver (WDM);c:\windows\system32\drivers\pwi_bus.sys [12/5/2006 11:12 AM 55344] S3 pwi_mdfl;Curitel PC Card Filter;c:\windows\system32\drivers\pwi_mdfl.sys [12/5/2006 11:12 AM 9200] S3 pwi_mdm;Curitel PC Card Drivers;c:\windows\system32\drivers\pwi_mdm.sys [12/5/2006 11:12 AM 89936] S3 pwi_oflt;Curitel PC Card OHCI Filter;c:\windows\system32\drivers\pwi_oflt.sys [12/5/2006 11:12 AM 9472] S3 pwi_serd;Curitel PC Card Diagnostic Serial Port (WDM);c:\windows\system32\drivers\pwi_serd.sys [12/5/2006 11:12 AM 69632] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder . 2010-11-20 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50] . 2011-03-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 18:49] . 2011-03-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 18:49] . 2011-03-14 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-18.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-10-20 22:32] . 2011-03-14 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1143423117-2145742611-1760610739-500.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-10-20 22:32] . 2011-03-14 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-269360215-3030256761-234219110-500.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-10-20 22:32] . 2010-11-21 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-18.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-10-20 22:32] . 2011-03-12 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1143423117-2145742611-1760610739-500.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-10-20 22:32] . 2011-03-12 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-269360215-3030256761-234219110-500.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-10-20 22:32] . 2011-03-14 c:\windows\Tasks\User_Feed_Synchronization-{E740A38F-31CF-4AF5-B20A-4EF5A1D69451}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 09:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.ask.com?o=14196&l=dis uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uDefault_Search_URL = hxxp://www.google.com/ie uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/ uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll FF - ProfilePath - c:\documents and settings\administrator.AUCTIONINN\Application Data\Mozilla\Firefox\Profiles\f0bc7g4u.default\ FF - prefs.js: browser.startup.homepage - hxxp://m.www.yahoo.com/ FF - prefs.js: keyword.URL - hxxp://search.mywebstart.net/?sid=10101070100&s= FF - user.js: browser.search.order.1 - Search FF - user.js: keyword.URL - hxxp://search.mywebstart.net/?sid=10101070100&s= . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-03-13 21:52 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????5?6?7?6??????? ?4?B?????????????hLC? ?????? . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(8032) c:\windows\system32\WININET.dll c:\program files\Common Files\Logitech\LVMVFM\LVPrcInj.dll c:\docume~1\ADMINI~1.AUC\LOCALS~1\Temp\IadHide5.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Analog Devices\SoundMAX\SMAgent.exe c:\program files\Windows Media Player\WMPNetwk.exe c:\windows\AGRSMMSG.exe c:\program files\HPQ\SHARED\HPQWMI.exe c:\program files\Microsoft ActiveSync\wcescomm.exe c:\progra~1\MICROS~3\rapimgr.exe c:\program files\Logitech\QuickCam10\COCIManager.exe c:\program files\iPod\bin\iPodService.exe c:\windows\system32\imapi.exe . ************************************************************************** . Completion time: 2011-03-13 22:00:33 - machine was rebooted ComboFix-quarantined-files.txt 2011-03-14 02:00 ComboFix2.txt 2011-03-14 01:20 . Pre-Run: 14,962,786,304 bytes free Post-Run: 14,960,144,384 bytes free . - - End Of File - - 8CE23D9DE793B27E2052530340586D42
-
Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 6043 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 3/13/2011 1:51:37 PM mbam-log-2011-03-13 (13-51-37).txt Scan type: Quick scan Objects scanned: 187815 Time elapsed: 41 minute(s), 59 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) . DDS (Ver_11-03-05.01) - NTFSx86 Run by Administrator at 13:53:24.95 on Sun 03/13/2011 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_16 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.545 [GMT -4:00] . . ============== Running Processes =============== . C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\WINDOWS\system32\svchost.exe -k hpdevmgmt C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\Explorer.EXE C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe C:\Program Files\Logitech\QuickCam10\QuickCam10.exe C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\HPQ\SHARED\HPQWMI.exe C:\Program Files\Real\RealPlayer\update\realsched.exe C:\WINDOWS\system32\igfxtray.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\PROGRA~1\MICROS~3\rapimgr.exe C:\Program Files\Logitech\QuickCam10\COCIManager.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\administrator.AUCTIONINN\Desktop\dds.scr . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.ask.com?o=14196&l=dis uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uDefault_Search_URL = hxxp://www.google.com/ie uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/ uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchAssistant = hxxp://www.google.com/ie TB: ooVoo Toolbar: {a1fb2f9a-d35e-11dd-8935-e46a56d89593} - uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [LDM] c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe" mRun: [AGRSMMSG] AGRSMMSG.exe mRun: [soundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe mRun: [soundMAX] c:\program files\analog devices\soundmax\Smax4.exe /tray mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [dla] c:\windows\system32\dla\tfswctrl.exe mRun: [synTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [eabconfg.cpl] c:\program files\hpq\quick launch buttons\EabServr.exe /Start mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe mRun: [hpWirelessAssistant] "%ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe" mRun: [LogitechCommunicationsManager] "c:\program files\common files\logitech\lcommgr\Communications_Helper.exe" mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam10\QuickCam10.exe" /hide mRun: [LVCOMSX] "c:\program files\common files\logitech\lcommgr\LVComSX.exe" mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LDMConf.exe IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://a1540.g.akamai.net/7/1540/52/20070711/qtinstall.info.apple.com/qtactivex/qtplugin.cab DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll Notify: igfxcui - igfxsrvc.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\docume~1\admini~1.auc\applic~1\mozilla\firefox\profiles\f0bc7g4u.default\ FF - prefs.js: browser.search.selectedEngine - Search FF - prefs.js: browser.startup.homepage - hxxp://m.www.yahoo.com/ FF - prefs.js: keyword.URL - hxxp://search.mywebstart.net/?sid=10101070100&s= FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll FF - component: c:\progra~1\mozill~1\extensions\talkback@mozilla.org\components\qfaservices.dll FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon2\components\hpClipBook.dll FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon2\components\hpClipBookDB.dll FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon2\components\hpSmartSelect.dll FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon2\components\hpSmartWebPrinting.dll . ---- FIREFOX POLICIES ---- FF - user.js: browser.search.selectedEngine - Search FF - user.js: browser.search.order.1 - Search FF - user.js: keyword.URL - hxxp://search.mywebstart.net/?sid=10101070100&s= ============= SERVICES / DRIVERS =============== . R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2004-5-3 80384] S0 mjju;mjju; [x] S0 qdtnrrvor;qdtnrrvor;c:\windows\system32\drivers\qdtnrrvor.sys [2010-11-23 0] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-4 135664] S2 Ias;Ias;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336] S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program files\lavasoft\ad-aware\KernExplorer.sys [?] S3 pwi_bus;Curitel PC Card Composite Device driver (WDM);c:\windows\system32\drivers\pwi_bus.sys [2006-12-5 55344] S3 pwi_mdfl;Curitel PC Card Filter;c:\windows\system32\drivers\pwi_mdfl.sys [2006-12-5 9200] S3 pwi_mdm;Curitel PC Card Drivers;c:\windows\system32\drivers\pwi_mdm.sys [2006-12-5 89936] S3 pwi_oflt;Curitel PC Card OHCI Filter;c:\windows\system32\drivers\pwi_oflt.sys [2006-12-5 9472] S3 pwi_serd;Curitel PC Card Diagnostic Serial Port (WDM);c:\windows\system32\drivers\pwi_serd.sys [2006-12-5 69632] . =============== Created Last 30 ================ . 2011-03-13 01:45:47 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys 2011-03-13 01:44:47 55296 ----a-w- c:\windows\system32\SET7B.tmp 2011-03-13 01:44:39 1991680 ----a-w- c:\windows\system32\SET80.tmp 2011-03-13 01:44:34 916480 ----a-w- c:\windows\system32\SET75.tmp 2011-03-13 01:44:32 602112 ----a-w- c:\windows\system32\SET7C.tmp 2011-03-13 01:44:30 1210880 ----a-w- c:\windows\system32\SET76.tmp 2011-03-13 01:44:26 5961216 ----a-w- c:\windows\system32\SET7A.tmp 2011-03-13 01:42:08 45568 ------w- c:\windows\system32\dllcache\wab.exe 2011-03-12 05:20:20 431144 ----a-w- c:\program files\mozilla firefox\uninstall\helper.exe 2011-03-12 05:19:24 46456 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll 2011-03-12 05:19:23 34688 ----a-w- c:\program files\mozilla firefox\components\myspell.dll 2011-03-12 04:12:46 -------- dc-h--w- c:\docume~1\alluse~1\applic~1\{78A29A4D-35CE-4C46-9AC9-2692EE35F0BE} 2011-03-12 04:09:50 -------- d-----w- c:\program files\Lavasoft 2011-03-11 17:06:50 -------- d-----w- c:\docume~1\admini~1.auc\applic~1\Auslogics 2011-03-11 17:05:05 -------- d-----w- c:\program files\Auslogics 2011-03-11 16:53:49 -------- d-----w- c:\program files\WinMend 2011-03-10 18:11:23 -------- d--h--w- c:\windows\system32\GroupPolicy 2011-03-08 20:46:00 0 ----a-w- c:\windows\isopozadutodi.dll 2011-03-08 20:44:14 -------- d-----w- c:\program files\Search Toolbar 2011-03-08 20:43:50 -------- d-----w- c:\program files\Yontoo Layers Client 2011-03-08 20:43:48 -------- d-----w- c:\docume~1\alluse~1\applic~1\Tarma Installer 2011-03-08 19:44:24 0 ----a-w- c:\windows\upekifas.dll 2011-03-04 15:06:15 -------- d-----w- c:\docume~1\admini~1.auc\applic~1\oovootb 2011-03-03 18:53:33 -------- d-----w- c:\docume~1\admini~1.auc\applic~1\Malwarebytes 2011-03-03 18:53:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-03-03 18:53:13 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes 2011-03-03 18:53:10 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-03-03 18:53:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-03-02 20:45:57 0 ----a-w- c:\windows\ayusoxiwuv.dll 2011-03-02 20:40:55 0 ----a-w- c:\windows\obohexopakenup.dll . ==================== Find3M ==================== . 2011-02-11 15:08:53 0 ----a-w- c:\windows\ezunopaf.dll 2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll 2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll 2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll 2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe 2011-01-21 14:44:37 8462336 ----a-w- c:\windows\system32\SETB4.tmp 2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll 2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll 2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys 2010-12-22 12:34:28 301568 ----a-w- c:\windows\system32\SETD3.tmp 2010-12-21 10:29:20 11080704 ----a-w- c:\windows\system32\SET82.tmp 2010-12-20 23:59:19 43520 ----a-w- c:\windows\system32\licmgr10.dll 2010-12-20 23:59:19 1469440 ------w- c:\windows\system32\inetcpl.cpl 2010-12-20 17:26:00 730112 ----a-w- c:\windows\system32\lsasrv.dll 2010-12-20 12:55:26 385024 ----a-w- c:\windows\system32\html.iec . ============= FINISH: 13:54:09.31 ===============
-
Thank you for your help. Here are my logs: 2011/03/12 20:28:20.0546 2052 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28 2011/03/12 20:28:20.0562 2052 ================================================================================ 2011/03/12 20:28:20.0562 2052 SystemInfo: 2011/03/12 20:28:20.0562 2052 2011/03/12 20:28:20.0562 2052 OS Version: 5.1.2600 ServicePack: 3.0 2011/03/12 20:28:20.0562 2052 Product type: Workstation 2011/03/12 20:28:20.0562 2052 ComputerName: OPSHPLAPTOP 2011/03/12 20:28:20.0562 2052 UserName: Administrator 2011/03/12 20:28:20.0562 2052 Windows directory: C:\WINDOWS 2011/03/12 20:28:20.0562 2052 System windows directory: C:\WINDOWS 2011/03/12 20:28:20.0562 2052 Processor architecture: Intel x86 2011/03/12 20:28:20.0562 2052 Number of processors: 1 2011/03/12 20:28:20.0562 2052 Page size: 0x1000 2011/03/12 20:28:20.0562 2052 Boot type: Normal boot 2011/03/12 20:28:20.0562 2052 ================================================================================ 2011/03/12 20:28:20.0906 2052 Initialize success 2011/03/12 20:28:30.0859 0580 ================================================================================ 2011/03/12 20:28:30.0859 0580 Scan started 2011/03/12 20:28:30.0859 0580 Mode: Manual; 2011/03/12 20:28:30.0859 0580 ================================================================================ 2011/03/12 20:28:33.0640 0580 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 2011/03/12 20:28:34.0250 0580 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys 2011/03/12 20:28:35.0359 0580 aeaudio (ad707942e4ccb28d77cee5ed989c9e55) C:\WINDOWS\system32\drivers\aeaudio.sys 2011/03/12 20:28:36.0187 0580 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 2011/03/12 20:28:36.0953 0580 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys 2011/03/12 20:28:38.0140 0580 AgereSoftModem (029e01cb2938bec5af31bf47b6af0159) C:\WINDOWS\system32\DRIVERS\AGRSM.sys 2011/03/12 20:28:40.0953 0580 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys 2011/03/12 20:28:42.0109 0580 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 2011/03/12 20:28:44.0625 0580 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 2011/03/12 20:28:45.0593 0580 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 2011/03/12 20:28:46.0765 0580 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 2011/03/12 20:28:47.0328 0580 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 2011/03/12 20:28:48.0031 0580 b57w2k (2fa609c3411ec5f77f42d0b04d304ae5) C:\WINDOWS\system32\DRIVERS\b57xp32.sys 2011/03/12 20:28:48.0656 0580 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 2011/03/12 20:28:49.0796 0580 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 2011/03/12 20:28:50.0375 0580 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 2011/03/12 20:28:51.0890 0580 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 2011/03/12 20:28:52.0500 0580 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 2011/03/12 20:28:53.0125 0580 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2011/03/12 20:28:54.0250 0580 ClntMgmt.sys (573da08641afc8d940e0431945867906) C:\WINDOWS\System32\Drivers\ClntMgmt.sys 2011/03/12 20:28:54.0781 0580 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys 2011/03/12 20:28:55.0859 0580 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys 2011/03/12 20:28:58.0078 0580 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 2011/03/12 20:28:59.0140 0580 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 2011/03/12 20:29:00.0312 0580 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 2011/03/12 20:29:00.0921 0580 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 2011/03/12 20:29:01.0484 0580 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 2011/03/12 20:29:02.0687 0580 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 2011/03/12 20:29:03.0296 0580 drvmcdb (f41619ae216b51d68dda163805eefaa9) C:\WINDOWS\system32\drivers\drvmcdb.sys 2011/03/12 20:29:03.0875 0580 drvnddm (b295700e684ed1984db1d6be40354421) C:\WINDOWS\system32\drivers\drvnddm.sys 2011/03/12 20:29:04.0453 0580 eabfiltr (81b7808d3b5892388f33273119c2dc31) C:\WINDOWS\system32\drivers\EABFiltr.sys 2011/03/12 20:29:05.0046 0580 eabusb (1ba14da377b66278335d4b9e8824cd42) C:\WINDOWS\system32\drivers\eabusb.sys 2011/03/12 20:29:05.0765 0580 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 2011/03/12 20:29:06.0375 0580 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 2011/03/12 20:29:07.0000 0580 FilterService (64795f5368272d034a108d34c0f4e44f) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys 2011/03/12 20:29:07.0562 0580 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 2011/03/12 20:29:08.0281 0580 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 2011/03/12 20:29:08.0890 0580 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 2011/03/12 20:29:09.0546 0580 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 2011/03/12 20:29:10.0156 0580 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 2011/03/12 20:29:10.0750 0580 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 2011/03/12 20:29:11.0343 0580 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 2011/03/12 20:29:12.0015 0580 GTIPCI21 (7d074058804ad398f93ca0a08af83ff2) C:\WINDOWS\system32\DRIVERS\gtipci21.sys 2011/03/12 20:29:12.0640 0580 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 2011/03/12 20:29:13.0859 0580 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys 2011/03/12 20:29:14.0437 0580 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys 2011/03/12 20:29:15.0046 0580 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys 2011/03/12 20:29:15.0796 0580 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 2011/03/12 20:29:17.0609 0580 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 2011/03/12 20:29:18.0656 0580 ialm (c600649ca5ba2a7c9b280e9f90c5db25) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys 2011/03/12 20:29:19.0750 0580 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 2011/03/12 20:29:20.0828 0580 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys 2011/03/12 20:29:21.0359 0580 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 2011/03/12 20:29:21.0968 0580 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 2011/03/12 20:29:22.0703 0580 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2011/03/12 20:29:23.0281 0580 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 2011/03/12 20:29:23.0921 0580 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 2011/03/12 20:29:24.0562 0580 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2011/03/12 20:29:25.0281 0580 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys 2011/03/12 20:29:25.0812 0580 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 2011/03/12 20:29:26.0390 0580 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2011/03/12 20:29:26.0921 0580 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2011/03/12 20:29:27.0531 0580 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 2011/03/12 20:29:28.0234 0580 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 2011/03/12 20:29:28.0921 0580 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 2011/03/12 20:29:31.0000 0580 LVcKap (2d0ab9d29e6b0c42cce955b5a8e0d62d) C:\WINDOWS\system32\DRIVERS\LVcKap.sys 2011/03/12 20:29:33.0765 0580 LVMVDrv (a3963e3d997c3646e1d3338eb88a48e9) C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys 2011/03/12 20:29:36.0250 0580 lvpopflt (2154ea3701f4f1f8f2ab7750b41f149b) C:\WINDOWS\system32\DRIVERS\lvpopflt.sys 2011/03/12 20:29:37.0703 0580 LVPr2Mon (39c767bd6d99c23d28e71b6e0cba3129) C:\WINDOWS\system32\drivers\LVPr2Mon.sys 2011/03/12 20:29:38.0328 0580 lvselsus (6e59bc28a41f8a2b702d345a5604652f) C:\WINDOWS\system32\DRIVERS\lvselsus.sys 2011/03/12 20:29:39.0015 0580 LVUSBSta (6ad3f5275f117f08c12eab2233a9e3fb) C:\WINDOWS\system32\drivers\lvusbsta.sys 2011/03/12 20:29:40.0156 0580 LVUVC (b48e599a8cf96876760c7ee62c1352ec) C:\WINDOWS\system32\DRIVERS\lvuvc.sys 2011/03/12 20:29:41.0843 0580 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 2011/03/12 20:29:42.0453 0580 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 2011/03/12 20:29:43.0015 0580 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 2011/03/12 20:29:43.0546 0580 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 2011/03/12 20:29:44.0140 0580 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 2011/03/12 20:29:45.0515 0580 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 2011/03/12 20:29:46.0406 0580 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2011/03/12 20:29:47.0187 0580 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 2011/03/12 20:29:47.0812 0580 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 2011/03/12 20:29:48.0343 0580 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2011/03/12 20:29:48.0953 0580 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 2011/03/12 20:29:49.0531 0580 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 2011/03/12 20:29:50.0250 0580 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys 2011/03/12 20:29:50.0875 0580 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys 2011/03/12 20:29:51.0453 0580 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 2011/03/12 20:29:52.0203 0580 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 2011/03/12 20:29:52.0890 0580 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 2011/03/12 20:29:53.0421 0580 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 2011/03/12 20:29:54.0078 0580 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 2011/03/12 20:29:54.0687 0580 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 2011/03/12 20:29:55.0312 0580 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys 2011/03/12 20:29:55.0890 0580 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 2011/03/12 20:29:56.0515 0580 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 2011/03/12 20:29:57.0218 0580 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys 2011/03/12 20:29:57.0843 0580 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 2011/03/12 20:29:58.0703 0580 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 2011/03/12 20:29:59.0625 0580 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 2011/03/12 20:30:00.0265 0580 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2011/03/12 20:30:01.0015 0580 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2011/03/12 20:30:01.0687 0580 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 2011/03/12 20:30:02.0453 0580 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys 2011/03/12 20:30:03.0093 0580 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 2011/03/12 20:30:03.0656 0580 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 2011/03/12 20:30:04.0296 0580 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 2011/03/12 20:30:05.0343 0580 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 2011/03/12 20:30:05.0921 0580 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys 2011/03/12 20:30:09.0562 0580 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 2011/03/12 20:30:10.0281 0580 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 2011/03/12 20:30:10.0859 0580 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 2011/03/12 20:30:11.0437 0580 pwi_bus (0af65a778e8e3a651666ebb7f7ce7bfe) C:\WINDOWS\system32\DRIVERS\pwi_bus.sys 2011/03/12 20:30:12.0062 0580 pwi_mdfl (f6fd82b7e85290882e5ae1820ca2c447) C:\WINDOWS\system32\DRIVERS\pwi_mdfl.sys 2011/03/12 20:30:12.0703 0580 pwi_mdm (78765d89d30d9e4886b6f4580e6b1f67) C:\WINDOWS\system32\DRIVERS\pwi_mdm.sys 2011/03/12 20:30:13.0343 0580 pwi_oflt (c671e19546554047c4ea8213695225a6) C:\WINDOWS\system32\DRIVERS\pwi_oflt.sys 2011/03/12 20:30:13.0921 0580 pwi_serd (b1704382cf18b1ab3245537e5f7f9f23) C:\WINDOWS\system32\DRIVERS\pwi_serd.sys 2011/03/12 20:30:14.0531 0580 PxHelp20 (30cbae0a34359f1cd19d1576245149ed) C:\WINDOWS\system32\Drivers\PxHelp20.sys 2011/03/12 20:30:15.0109 0580 QCDonner (fddd1aeb9f81ef1e6e48ae1edc2a97d6) C:\WINDOWS\system32\DRIVERS\OVCD.sys 2011/03/12 20:30:18.0953 0580 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2011/03/12 20:30:19.0531 0580 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys 2011/03/12 20:30:20.0281 0580 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2011/03/12 20:30:20.0859 0580 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 2011/03/12 20:30:21.0390 0580 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 2011/03/12 20:30:22.0031 0580 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 2011/03/12 20:30:22.0593 0580 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2011/03/12 20:30:23.0250 0580 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 2011/03/12 20:30:24.0046 0580 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 2011/03/12 20:30:24.0750 0580 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 2011/03/12 20:30:25.0375 0580 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys 2011/03/12 20:30:26.0000 0580 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 2011/03/12 20:30:26.0609 0580 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 2011/03/12 20:30:27.0203 0580 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys 2011/03/12 20:30:27.0796 0580 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 2011/03/12 20:30:28.0906 0580 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys 2011/03/12 20:30:29.0484 0580 SMCIRDA (a8eb0aa07632a4c936ff6f8eda5bdead) C:\WINDOWS\system32\DRIVERS\smcirda.sys 2011/03/12 20:30:30.0312 0580 smwdm (858934c454bdc6664c752bf0cd3eaeae) C:\WINDOWS\system32\drivers\smwdm.sys 2011/03/12 20:30:31.0046 0580 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS 2011/03/12 20:30:32.0203 0580 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 2011/03/12 20:30:32.0843 0580 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 2011/03/12 20:30:33.0687 0580 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys 2011/03/12 20:30:34.0406 0580 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys 2011/03/12 20:30:34.0968 0580 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys 2011/03/12 20:30:35.0562 0580 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 2011/03/12 20:30:36.0140 0580 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 2011/03/12 20:30:36.0734 0580 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 2011/03/12 20:30:39.0578 0580 SynTP (1dbc86da355b5db35174f862c110fd09) C:\WINDOWS\system32\DRIVERS\SynTP.sys 2011/03/12 20:30:40.0234 0580 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 2011/03/12 20:30:41.0015 0580 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 2011/03/12 20:30:41.0843 0580 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 2011/03/12 20:30:42.0453 0580 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 2011/03/12 20:30:43.0062 0580 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 2011/03/12 20:30:43.0609 0580 tfsnboio (2aceb9567639ff2db9d862104a80227a) C:\WINDOWS\system32\dla\tfsnboio.sys 2011/03/12 20:30:44.0250 0580 tfsncofs (d9f936eac2a6d55e3de87bedff8137a9) C:\WINDOWS\system32\dla\tfsncofs.sys 2011/03/12 20:30:44.0828 0580 tfsndrct (0fd9805bc047ada2cff540d4b7fa71fb) C:\WINDOWS\system32\dla\tfsndrct.sys 2011/03/12 20:30:45.0328 0580 tfsndres (f8b907198e2540a4a340f1e6775f7b71) C:\WINDOWS\system32\dla\tfsndres.sys 2011/03/12 20:30:45.0859 0580 tfsnifs (fb11349b31346290d098941f0216cc45) C:\WINDOWS\system32\dla\tfsnifs.sys 2011/03/12 20:30:46.0375 0580 tfsnopio (1994265f3a90e23a9434bba687f1a069) C:\WINDOWS\system32\dla\tfsnopio.sys 2011/03/12 20:30:46.0875 0580 tfsnpool (0b3d2bd550aa63bfd25ae8c5afbf7f76) C:\WINDOWS\system32\dla\tfsnpool.sys 2011/03/12 20:30:47.0453 0580 tfsnudf (716edddba259a2d699332df95301edda) C:\WINDOWS\system32\dla\tfsnudf.sys 2011/03/12 20:30:48.0062 0580 tfsnudfa (a8ee7bbdd0b8c01e38221d0dca2e7aaa) C:\WINDOWS\system32\dla\tfsnudfa.sys 2011/03/12 20:30:48.0812 0580 tifm21 (a900f20ac0ed38223fbb87d2884cafb9) C:\WINDOWS\system32\drivers\tifm21.sys 2011/03/12 20:30:49.0968 0580 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 2011/03/12 20:30:51.0312 0580 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 2011/03/12 20:30:52.0156 0580 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys 2011/03/12 20:30:52.0765 0580 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys 2011/03/12 20:30:53.0406 0580 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 2011/03/12 20:30:54.0015 0580 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 2011/03/12 20:30:54.0625 0580 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 2011/03/12 20:30:55.0171 0580 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys 2011/03/12 20:30:55.0734 0580 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 2011/03/12 20:30:56.0281 0580 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 2011/03/12 20:30:56.0859 0580 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2011/03/12 20:30:57.0406 0580 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 2011/03/12 20:30:57.0937 0580 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys 2011/03/12 20:30:58.0515 0580 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 2011/03/12 20:30:59.0156 0580 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys 2011/03/12 20:30:59.0703 0580 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 2011/03/12 20:31:02.0125 0580 w29n51 (c89da341fcc883a3d79dc11727484fc2) C:\WINDOWS\system32\DRIVERS\w29n51.sys 2011/03/12 20:31:04.0531 0580 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 2011/03/12 20:31:05.0703 0580 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 2011/03/12 20:31:06.0562 0580 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 2011/03/12 20:31:07.0156 0580 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys 2011/03/12 20:31:07.0890 0580 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 2011/03/12 20:31:08.0515 0580 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 2011/03/12 20:31:09.0140 0580 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 2011/03/12 20:31:09.0265 0580 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0) 2011/03/12 20:31:09.0281 0580 ================================================================================ 2011/03/12 20:31:09.0281 0580 Scan finished 2011/03/12 20:31:09.0281 0580 ================================================================================ 2011/03/12 20:31:09.0312 3672 Detected object count: 1 2011/03/12 20:31:40.0718 3672 \HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot 2011/03/12 20:31:40.0718 3672 \HardDisk0 - ok 2011/03/12 20:31:40.0718 3672 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure 2011/03/12 20:32:18.0937 1668 Deinitialize success . DDS (Ver_11-03-05.01) - NTFSx86 Run by Administrator at 20:44:38.96 on Sat 03/12/2011 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_16 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.609 [GMT -5:00] . . ============== Running Processes =============== . C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\WINDOWS\system32\svchost.exe -k hpdevmgmt C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe C:\Program Files\Logitech\QuickCam10\QuickCam10.exe C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\HPQ\SHARED\HPQWMI.exe C:\Program Files\Real\RealPlayer\update\realsched.exe C:\WINDOWS\system32\igfxtray.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\PROGRA~1\MICROS~3\rapimgr.exe C:\Program Files\Logitech\QuickCam10\COCIManager.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\administrator.AUCTIONINN\Desktop\dds.scr . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.ask.com?o=14196&l=dis uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uDefault_Search_URL = hxxp://www.google.com/ie uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/ uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchAssistant = hxxp://www.google.com/ie TB: ooVoo Toolbar: {a1fb2f9a-d35e-11dd-8935-e46a56d89593} - uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [LDM] c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe" mRun: [AGRSMMSG] AGRSMMSG.exe mRun: [soundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe mRun: [soundMAX] c:\program files\analog devices\soundmax\Smax4.exe /tray mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [dla] c:\windows\system32\dla\tfswctrl.exe mRun: [synTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [eabconfg.cpl] c:\program files\hpq\quick launch buttons\EabServr.exe /Start mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe mRun: [hpWirelessAssistant] "%ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe" mRun: [LogitechCommunicationsManager] "c:\program files\common files\logitech\lcommgr\Communications_Helper.exe" mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam10\QuickCam10.exe" /hide mRun: [LVCOMSX] "c:\program files\common files\logitech\lcommgr\LVComSX.exe" mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LDMConf.exe IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://a1540.g.akamai.net/7/1540/52/20070711/qtinstall.info.apple.com/qtactivex/qtplugin.cab DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll Notify: igfxcui - igfxsrvc.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\docume~1\admini~1.auc\applic~1\mozilla\firefox\profiles\f0bc7g4u.default\ FF - prefs.js: browser.search.selectedEngine - Search FF - prefs.js: browser.startup.homepage - hxxp://m.www.yahoo.com/ FF - prefs.js: keyword.URL - hxxp://search.mywebstart.net/?sid=10101070100&s= FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll FF - component: c:\progra~1\mozill~1\extensions\talkback@mozilla.org\components\qfaservices.dll FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon2\components\hpClipBook.dll FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon2\components\hpClipBookDB.dll FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon2\components\hpSmartSelect.dll FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon2\components\hpSmartWebPrinting.dll . ---- FIREFOX POLICIES ---- FF - user.js: browser.search.selectedEngine - Search FF - user.js: browser.search.order.1 - Search FF - user.js: keyword.URL - hxxp://search.mywebstart.net/?sid=10101070100&s= ============= SERVICES / DRIVERS =============== . R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2004-5-3 80384] S0 mjju;mjju; [x] S0 qdtnrrvor;qdtnrrvor;c:\windows\system32\drivers\qdtnrrvor.sys [2010-11-23 0] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-4 135664] S2 Ias;Ias;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336] S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program files\lavasoft\ad-aware\KernExplorer.sys [?] S3 pwi_bus;Curitel PC Card Composite Device driver (WDM);c:\windows\system32\drivers\pwi_bus.sys [2006-12-5 55344] S3 pwi_mdfl;Curitel PC Card Filter;c:\windows\system32\drivers\pwi_mdfl.sys [2006-12-5 9200] S3 pwi_mdm;Curitel PC Card Drivers;c:\windows\system32\drivers\pwi_mdm.sys [2006-12-5 89936] S3 pwi_oflt;Curitel PC Card OHCI Filter;c:\windows\system32\drivers\pwi_oflt.sys [2006-12-5 9472] S3 pwi_serd;Curitel PC Card Diagnostic Serial Port (WDM);c:\windows\system32\drivers\pwi_serd.sys [2006-12-5 69632] . =============== Created Last 30 ================ . 2011-03-12 05:20:20 431144 ----a-w- c:\program files\mozilla firefox\uninstall\helper.exe 2011-03-12 05:19:24 46456 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll 2011-03-12 05:19:23 34688 ----a-w- c:\program files\mozilla firefox\components\myspell.dll 2011-03-12 04:12:46 -------- dc-h--w- c:\docume~1\alluse~1\applic~1\{78A29A4D-35CE-4C46-9AC9-2692EE35F0BE} 2011-03-12 04:09:50 -------- d-----w- c:\program files\Lavasoft 2011-03-11 17:06:50 -------- d-----w- c:\docume~1\admini~1.auc\applic~1\Auslogics 2011-03-11 17:05:05 -------- d-----w- c:\program files\Auslogics 2011-03-11 16:53:49 -------- d-----w- c:\program files\WinMend 2011-03-10 18:11:23 -------- d--h--w- c:\windows\system32\GroupPolicy 2011-03-08 20:46:00 0 ----a-w- c:\windows\isopozadutodi.dll 2011-03-08 20:44:14 -------- d-----w- c:\program files\Search Toolbar 2011-03-08 20:43:50 -------- d-----w- c:\program files\Yontoo Layers Client 2011-03-08 20:43:48 -------- d-----w- c:\docume~1\alluse~1\applic~1\Tarma Installer 2011-03-08 19:44:24 0 ----a-w- c:\windows\upekifas.dll 2011-03-04 15:06:15 -------- d-----w- c:\docume~1\admini~1.auc\applic~1\oovootb 2011-03-03 18:53:33 -------- d-----w- c:\docume~1\admini~1.auc\applic~1\Malwarebytes 2011-03-03 18:53:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-03-03 18:53:13 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes 2011-03-03 18:53:10 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-03-03 18:53:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-03-02 20:45:57 0 ----a-w- c:\windows\ayusoxiwuv.dll 2011-03-02 20:40:55 0 ----a-w- c:\windows\obohexopakenup.dll 2011-02-11 15:08:53 0 ----a-w- c:\windows\ezunopaf.dll . ==================== Find3M ==================== . . ============= FINISH: 20:47:12.62 ===============
-
A friend recently gave me her computer to try and fix. It had the "Thinkpoint" malware infection which I thought I was rid off but I still seem to be having problems. I ran a bunch of scans and seemed to be rid of malicious files but once I tried to use the internet something just wasn't right. I started getting some redirects which I know is signs of malware infection. I ran through the steps (malwarebytes scan, defogger, dds, attach, and gmer). Im not sure if the GMER scanned finished correctly because it gave me a message that it detected rootkit activity. Any help is much appreciated. Here are my logs: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 6028 Windows 5.1.2600 Service Pack 3 (Safe Mode) Internet Explorer 8.0.6001.18702 3/12/2011 1:15:04 AM mbam-log-2011-03-12 (01-15-04).txt Scan type: Quick scan Objects scanned: 184395 Time elapsed: 22 minute(s), 10 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: c:\WINDOWS\Temp\1820 (PUP.WhiteSmoke) -> Quarantined and deleted successfully. . DDS (Ver_11-03-05.01) - NTFSx86 Run by Administrator at 1:30:42.14 on Sat 03/12/2011 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_16 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.491 [GMT -5:00] . . ============== Running Processes =============== . C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\WINDOWS\system32\svchost.exe -k hpdevmgmt C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\Explorer.EXE C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe C:\Program Files\Logitech\QuickCam10\QuickCam10.exe C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Real\RealPlayer\update\realsched.exe C:\WINDOWS\system32\igfxtray.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\Program Files\HPQ\SHARED\HPQWMI.exe C:\PROGRA~1\MICROS~3\rapimgr.exe C:\Program Files\Logitech\QuickCam10\COCIManager.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe C:\Documents and Settings\administrator.AUCTIONINN\Desktop\dds.scr . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.ask.com?o=14196&l=dis uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uDefault_Search_URL = hxxp://www.google.com/ie uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/ uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchAssistant = hxxp://www.google.com/ie TB: ooVoo Toolbar: {a1fb2f9a-d35e-11dd-8935-e46a56d89593} - uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [LDM] c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe" mRun: [AGRSMMSG] AGRSMMSG.exe mRun: [soundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe mRun: [soundMAX] c:\program files\analog devices\soundmax\Smax4.exe /tray mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [dla] c:\windows\system32\dla\tfswctrl.exe mRun: [synTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [eabconfg.cpl] c:\program files\hpq\quick launch buttons\EabServr.exe /Start mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe mRun: [hpWirelessAssistant] "%ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe" mRun: [LogitechCommunicationsManager] "c:\program files\common files\logitech\lcommgr\Communications_Helper.exe" mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam10\QuickCam10.exe" /hide mRun: [LVCOMSX] "c:\program files\common files\logitech\lcommgr\LVComSX.exe" mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LDMConf.exe IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://a1540.g.akamai.net/7/1540/52/20070711/qtinstall.info.apple.com/qtactivex/qtplugin.cab DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll Notify: igfxcui - igfxsrvc.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\docume~1\admini~1.auc\applic~1\mozilla\firefox\profiles\f0bc7g4u.default\ FF - prefs.js: browser.search.selectedEngine - Search FF - prefs.js: browser.startup.homepage - hxxp://m.www.yahoo.com/ FF - prefs.js: keyword.URL - hxxp://search.mywebstart.net/?sid=10101070100&s= FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll FF - component: c:\progra~1\mozill~1\extensions\talkback@mozilla.org\components\qfaservices.dll FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon2\components\hpClipBook.dll FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon2\components\hpClipBookDB.dll FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon2\components\hpSmartSelect.dll FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon2\components\hpSmartWebPrinting.dll . ---- FIREFOX POLICIES ---- FF - user.js: browser.search.selectedEngine - Search FF - user.js: browser.search.order.1 - Search FF - user.js: keyword.URL - hxxp://search.mywebstart.net/?sid=10101070100&s= ============= SERVICES / DRIVERS =============== . R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2004-5-3 80384] S0 mjju;mjju; [x] S0 qdtnrrvor;qdtnrrvor;c:\windows\system32\drivers\qdtnrrvor.sys [2010-11-23 0] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-4 135664] S2 Ias;Ias;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336] S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program files\lavasoft\ad-aware\KernExplorer.sys [?] S3 pwi_bus;Curitel PC Card Composite Device driver (WDM);c:\windows\system32\drivers\pwi_bus.sys [2006-12-5 55344] S3 pwi_mdfl;Curitel PC Card Filter;c:\windows\system32\drivers\pwi_mdfl.sys [2006-12-5 9200] S3 pwi_mdm;Curitel PC Card Drivers;c:\windows\system32\drivers\pwi_mdm.sys [2006-12-5 89936] S3 pwi_oflt;Curitel PC Card OHCI Filter;c:\windows\system32\drivers\pwi_oflt.sys [2006-12-5 9472] S3 pwi_serd;Curitel PC Card Diagnostic Serial Port (WDM);c:\windows\system32\drivers\pwi_serd.sys [2006-12-5 69632] . =============== Created Last 30 ================ . 2011-03-12 05:20:20 431144 ----a-w- c:\program files\mozilla firefox\uninstall\helper.exe 2011-03-12 05:19:24 46456 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll 2011-03-12 05:19:23 34688 ----a-w- c:\program files\mozilla firefox\components\myspell.dll 2011-03-12 04:12:46 -------- dc-h--w- c:\docume~1\alluse~1\applic~1\{78A29A4D-35CE-4C46-9AC9-2692EE35F0BE} 2011-03-12 04:09:50 -------- d-----w- c:\program files\Lavasoft 2011-03-11 17:06:50 -------- d-----w- c:\docume~1\admini~1.auc\applic~1\Auslogics 2011-03-11 17:05:05 -------- d-----w- c:\program files\Auslogics 2011-03-11 16:53:49 -------- d-----w- c:\program files\WinMend 2011-03-10 18:11:23 -------- d--h--w- c:\windows\system32\GroupPolicy 2011-03-08 20:46:00 0 ----a-w- c:\windows\isopozadutodi.dll 2011-03-08 20:44:14 -------- d-----w- c:\program files\Search Toolbar 2011-03-08 20:43:50 -------- d-----w- c:\program files\Yontoo Layers Client 2011-03-08 20:43:48 -------- d-----w- c:\docume~1\alluse~1\applic~1\Tarma Installer 2011-03-08 19:44:24 0 ----a-w- c:\windows\upekifas.dll 2011-03-04 15:06:15 -------- d-----w- c:\docume~1\admini~1.auc\applic~1\oovootb 2011-03-03 18:53:33 -------- d-----w- c:\docume~1\admini~1.auc\applic~1\Malwarebytes 2011-03-03 18:53:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-03-03 18:53:13 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes 2011-03-03 18:53:10 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-03-03 18:53:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-03-02 20:45:57 0 ----a-w- c:\windows\ayusoxiwuv.dll 2011-03-02 20:40:55 0 ----a-w- c:\windows\obohexopakenup.dll 2011-02-11 15:08:53 0 ----a-w- c:\windows\ezunopaf.dll . ==================== Find3M ==================== . . =================== ROOTKIT ==================== . Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Windows 5.1.2600 Disk: FUJITSU_MHV2040AH rev.00830096 -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-4 . device: opened successfully user: MBR read successfully . Disk trace: called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86B50446]<< _asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x86b56504]; MOV EAX, [0x86b56580]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; } 1 ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\Harddisk0\DR0[0x86AF8AB8] 3 CLASSPNP[0xF7637FD7] -> ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\00000088[0x86B729E8] 5 ACPI[0xF749E620] -> ntkrnlpa!IofCallDriver[0x804EE130] -> [0x86B76940] \Driver\atapi[0x86B66398] -> IRP_MJ_CREATE -> 0x86B50446 kernel: MBR read successfully _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x137; MOV BP, 0x62a; ROR BYTE [bP+0x0], CL; INC BP; } detected disk devices: \Device\Ide\IdeDeviceP0T0L0-4 -> \??\IDE#DiskFUJITSU_MHV2040AH_______________________00830096#5&e876a3d&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found detected hooks: \Driver\atapi DriverStartIo -> 0x86B50292 user != kernel MBR !!! sectors 78140158 (+255): user != kernel Warning: possible TDL4 rootkit infection ! TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix. . ============= FINISH: 1:33:02.15 =============== attach.zip
-
PC Infected with Malware Please help
Bdr187 replied to Bdr187's topic in Resolved Malware Removal Logs
Thanks a bunch for all your help! Much appreciated! -
PC Infected with Malware Please help
Bdr187 replied to Bdr187's topic in Resolved Malware Removal Logs
I think that did the trick. No more redirects and now the Chrome browser is working. Here is the log: ComboFix 10-06-17.03 - BDR 06/18/2010 22:10:51.1.1 - x86 Running from: c:\documents and settings\BDR\Desktop\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Lister\g2mdlhlpx.exe c:\documents and settings\Lister\Local Settings\Application Data\Windows Server c:\documents and settings\Lister\Start Menu\Programs\Startup\ntuser_mssec.exe c:\documents and settings\Lister\Start Menu\Programs\Startup\sisytj32.exe c:\windows\system32\1.txt c:\windows\system32\1891678095.dat c:\windows\system32\2.txt c:\windows\system32\3618941941.dat c:\windows\system32\acctresy.exe c:\windows\system32\acleditx.exe c:\windows\system32\admwproxo.exe c:\windows\system32\Cache c:\windows\system32\lowsec c:\windows\system32\lowsec\local.ds c:\windows\system32\lowsec\user.ds c:\windows\system32\sdra64.exe c:\windows\system32\system c:\windows\system32\win.com Infected copy of c:\windows\system32\DRIVERS\intelppm.sys was found and disinfected Restored copy from - Kitty had a snack . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_MSSQLSERVERUPNPHOST -------\Legacy_OSEW3SVC -------\Legacy_SENSANTIVIRSCHEDULERSERVICE -------\Service_MSSQLServerupnphost -------\Service_oseW3SVC -------\Service_SENSAntiVirSchedulerService ((((((((((((((((((((((((( Files Created from 2010-05-19 to 2010-06-19 ))))))))))))))))))))))))))))))) . 2010-06-19 02:07 . 2008-04-13 18:31 36352 ----a-w- c:\windows\system32\drivers\intelppm.sys 2010-06-19 02:07 . 2008-04-13 18:31 36352 ----a-w- c:\windows\system32\dllcache\intelppm.sys 2010-06-19 01:59 . 2010-06-19 01:59 -------- d-----w- c:\documents and settings\BDR\Application Data\Malwarebytes 2010-06-18 18:45 . 2010-06-19 02:09 0 ----a-w- c:\windows\system32\aaclientf.sys 2010-06-18 03:02 . 2010-06-18 03:48 -------- d-----w- c:\documents and settings\BDR\Application Data\BitTorrent 2010-06-18 01:57 . 2010-06-18 01:57 -------- d-----w- c:\documents and settings\BDR\Application Data\vlc 2010-06-18 01:57 . 2010-06-18 01:57 -------- d-----w- c:\documents and settings\BDR\Application Data\DivX 2010-06-18 01:46 . 2010-06-18 01:47 -------- d-----w- c:\documents and settings\BDR\Local Settings\Application Data\Adobe 2010-06-18 01:43 . 2010-06-18 01:43 -------- d-sh--w- c:\documents and settings\BDR\IECompatCache 2010-06-18 01:42 . 2010-06-18 01:42 -------- d-sh--w- c:\documents and settings\BDR\PrivacIE 2010-06-18 01:38 . 2010-06-18 01:38 -------- d-----w- c:\documents and settings\BDR\Application Data\Avira 2010-06-18 01:36 . 2010-06-18 01:36 19200 ----a-w- c:\documents and settings\BDR\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-06-16 17:42 . 2010-06-19 02:10 828018 --sha-w- c:\windows\system32\acctresyb.sys 2010-06-16 05:09 . 2010-06-07 20:16 220024 ----a-w- c:\windows\sigcheck.exe 2010-06-16 04:39 . 2010-06-16 04:39 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla 2010-06-15 19:07 . 2010-06-18 01:49 -------- d-----w- c:\documents and settings\BDR\Local Settings\Application Data\Temp 2010-06-15 19:07 . 2010-06-15 19:13 -------- d-----w- c:\documents and settings\BDR\Local Settings\Application Data\Google 2010-06-15 18:53 . 2010-06-15 18:53 -------- d-----w- c:\documents and settings\BDR\Local Settings\Application Data\Mozilla 2010-06-15 04:58 . 2010-06-15 04:58 -------- d-----w- c:\program files\Java 2010-06-15 04:02 . 2010-06-15 05:28 664 ----a-w- c:\windows\system32\d3d9caps.dat 2010-06-15 03:32 . 2010-06-15 03:32 -------- d-----w- C:\_OTL 2010-06-12 01:04 . 2010-06-12 01:04 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe 2010-06-11 19:16 . 2010-06-11 19:16 -------- d-----w- c:\documents and settings\Administrator\Application Data\Avira 2010-06-11 19:09 . 2010-06-11 19:09 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2010-06-11 10:29 . 2010-06-11 10:29 -------- d-----w- c:\windows\system32\wbem\Repository 2010-06-11 08:44 . 2010-06-11 10:28 -------- d-----w- c:\windows\system32\NtmsData 2010-06-11 02:50 . 2010-06-11 02:50 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache 2010-06-11 01:50 . 2010-06-11 01:50 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache 2010-06-10 22:20 . 2010-05-06 10:41 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll 2010-06-06 03:11 . 2010-06-06 03:11 -------- d--h--w- c:\windows\PIF 2010-06-06 03:07 . 2010-06-10 19:48 -------- d-----w- c:\documents and settings\Lister\Application Data\vlc 2010-06-06 03:05 . 2010-06-06 03:05 -------- d-----w- c:\program files\VideoLAN 2010-06-06 03:03 . 2010-06-07 02:42 -------- d-----w- c:\documents and settings\Lister\Application Data\DivX 2010-06-06 03:03 . 2010-04-27 18:40 133616 ------w- c:\windows\system32\pxafs.dll 2010-06-06 03:03 . 2010-04-27 18:40 126448 ------w- c:\windows\system32\pxinsi64.exe 2010-06-06 03:03 . 2010-04-27 18:40 123888 ------w- c:\windows\system32\pxcpyi64.exe 2010-06-06 03:02 . 2010-06-06 03:02 -------- d-----w- c:\program files\Common Files\DivX Shared 2010-06-06 02:58 . 2010-06-06 03:03 -------- d-----w- c:\program files\DivX 2010-06-06 02:57 . 2010-06-06 03:04 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX 2010-05-26 18:53 . 2010-06-06 03:03 -------- d-----w- c:\program files\Mozilla Thunderbird 2010-05-20 15:17 . 2010-05-20 15:17 -------- d-sh--w- c:\documents and settings\Lister\IECompatCache . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-06-15 04:58 . 2010-04-30 01:47 411368 ----a-w- c:\windows\system32\deployJava1.dll 2010-06-14 17:32 . 2004-08-04 08:00 361600 ----a-w- c:\windows\system32\drivers\tcpip.sys 2010-06-09 17:13 . 2010-04-19 03:49 -------- d-----w- c:\documents and settings\Lister\Application Data\BitTorrent 2010-06-06 03:04 . 2010-06-06 03:04 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll 2010-06-06 03:02 . 2010-06-06 03:02 57409 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe 2010-06-06 03:02 . 2010-06-06 03:02 54101 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MPEG2Plugin\Uninstaller.exe 2010-06-06 03:02 . 2010-06-06 03:02 52963 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe 2010-06-06 03:02 . 2010-06-06 03:02 54073 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe 2010-06-06 03:02 . 2010-06-06 03:02 56969 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ASPEncoder\Uninstaller.exe 2010-06-06 02:58 . 2010-06-06 03:03 1062184 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll 2010-06-06 02:57 . 2010-04-19 03:47 -------- d-----w- c:\program files\Xvid 2010-06-06 02:57 . 2010-06-06 03:03 895256 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe 2010-05-27 11:13 . 2010-05-27 11:13 503808 ----a-w- c:\documents and settings\Lister\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-673e8d63-n\msvcp71.dll 2010-05-27 11:13 . 2010-05-27 11:13 499712 ----a-w- c:\documents and settings\Lister\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-673e8d63-n\jmc.dll 2010-05-27 11:13 . 2010-05-27 11:13 348160 ----a-w- c:\documents and settings\Lister\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-673e8d63-n\msvcr71.dll 2010-05-27 11:13 . 2010-05-27 11:13 12800 ----a-w- c:\documents and settings\Lister\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-49c26213-n\decora-d3d.dll 2010-05-27 11:13 . 2010-05-27 11:13 61440 ----a-w- c:\documents and settings\Lister\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-49c26213-n\decora-sse.dll 2010-05-26 18:54 . 2007-08-13 19:40 -------- d-----w- c:\documents and settings\Lister\Application Data\Thunderbird 2010-05-22 04:27 . 2010-05-18 01:10 -------- d-----w- c:\documents and settings\Lister\Application Data\AVI ReComp 2010-05-18 01:09 . 2010-05-18 01:09 -------- d-----w- c:\program files\AVI ReComp 2010-05-18 01:09 . 2010-05-18 01:09 -------- d-----w- c:\program files\Gabest 2010-05-18 01:09 . 2010-05-18 01:09 -------- d-----w- c:\program files\AviSynth 2.5 2010-05-18 00:56 . 2010-05-18 00:56 -------- d-----w- c:\program files\Common Files\Solveig Multimedia 2010-05-18 00:56 . 2010-05-18 00:56 -------- d-----w- c:\program files\Solveig Multimedia 2010-05-18 00:52 . 2010-05-18 00:52 -------- d-----w- c:\program files\FREE Hi-Q Recorder 2010-05-18 00:46 . 2010-05-18 00:46 -------- d-----w- c:\program files\Quick AVI Splitter 2010-05-06 10:41 . 2004-08-04 08:00 916480 ----a-w- c:\windows\system32\wininet.dll 2010-05-02 05:22 . 2004-08-04 08:00 1851264 ----a-w- c:\windows\system32\win32k.sys 2010-04-30 02:08 . 2010-04-30 02:08 -------- d-----w- c:\program files\CCleaner 2010-04-30 01:47 . 2010-04-30 01:47 503808 ----a-w- c:\documents and settings\Lister\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5a0a9bca-n\msvcp71.dll 2010-04-30 01:47 . 2010-04-30 01:47 499712 ----a-w- c:\documents and settings\Lister\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5a0a9bca-n\jmc.dll 2010-04-30 01:47 . 2010-04-30 01:47 348160 ----a-w- c:\documents and settings\Lister\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5a0a9bca-n\msvcr71.dll 2010-04-30 01:47 . 2010-04-30 01:47 61440 ----a-w- c:\documents and settings\Lister\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-62635b9f-n\decora-sse.dll 2010-04-30 01:47 . 2010-04-30 01:47 12800 ----a-w- c:\documents and settings\Lister\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-62635b9f-n\decora-d3d.dll 2010-04-30 01:46 . 2010-04-30 01:46 79488 ----a-w- c:\documents and settings\Lister\Application Data\Sun\Java\jre1.6.0_20\gtapi.dll 2010-04-30 01:46 . 2010-04-30 01:46 152576 ----a-w- c:\documents and settings\Lister\Application Data\Sun\Java\jre1.6.0_20\lzma.dll 2010-04-27 18:40 . 2009-09-15 16:10 9200 ------w- c:\windows\system32\drivers\cdralw2k.sys 2010-04-27 18:40 . 2009-09-15 16:10 9072 ------w- c:\windows\system32\drivers\cdr4_xp.sys 2010-04-27 18:40 . 2008-11-20 19:19 45648 ------w- c:\windows\system32\drivers\PxHelp20.sys 2010-04-27 03:15 . 2010-04-19 03:49 -------- d-----w- c:\program files\BitTorrent 2010-04-25 18:20 . 2005-05-19 15:54 19200 -c--a-w- c:\documents and settings\Lister\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-04-25 18:19 . 2010-04-25 18:19 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet 2010-04-25 18:05 . 2010-04-25 18:05 -------- d-----w- c:\documents and settings\All Users\Application Data\ALM 2010-04-25 18:04 . 2005-06-15 20:27 -------- d-----w- c:\program files\Common Files\Adobe 2010-04-25 17:39 . 2010-04-25 17:39 -------- d-----w- c:\program files\Adobe Media Player 2010-04-25 17:33 . 2010-04-25 17:33 -------- d-----w- c:\program files\Common Files\Adobe AIR 2010-04-25 17:31 . 2010-04-25 17:31 -------- d-----w- c:\program files\Common Files\Macrovision Shared 2010-04-25 17:14 . 2010-04-25 17:14 -------- d-----w- c:\documents and settings\Lister\Application Data\Ashampoo 2010-04-25 17:13 . 2010-04-25 17:13 -------- d-----w- c:\documents and settings\All Users\Application Data\ashampoo 2010-04-25 17:12 . 2010-04-25 17:12 -------- d-----w- c:\program files\Ashampoo 2010-04-20 05:30 . 2004-08-04 08:00 285696 ----a-w- c:\windows\system32\atmfd.dll 2010-03-30 04:46 . 2009-09-23 20:11 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-03-30 04:45 . 2009-09-23 20:11 20824 ----a-w- c:\windows\system32\drivers\mbam.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Google Update"="c:\documents and settings\BDR\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-06-15 136176] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 88209] "srmclean"="c:\cpqs\Scom\srmclean.exe" [2001-07-24 36864] "SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-06 524800] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792] "AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\klmdb.sys] @="Driver" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= R2 PVDMAutoSvc;PaperVision Automation Server;c:\program files\Digitech Systems\Common Files\PVDMAUTOSVC.EXE [x] S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336] . Contents of the 'Scheduled Tasks' folder 2010-06-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1535821286-3378883779-1973138654-1007Core.job - c:\documents and settings\Lister\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-06-18 01:18] 2010-06-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1535821286-3378883779-1973138654-1007UA.job - c:\documents and settings\Lister\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-06-18 01:18] 2010-06-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1535821286-3378883779-1973138654-1018Core.job - c:\documents and settings\BDR\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-06-15 19:07] 2010-06-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1535821286-3378883779-1973138654-1018UA.job - c:\documents and settings\BDR\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-06-15 19:07] 2010-06-19 c:\windows\Tasks\User_Feed_Synchronization-{3CEE98FE-820D-476B-80C3-A47DCB8D2626}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 08:31] 2010-06-19 c:\windows\Tasks\User_Feed_Synchronization-{AD9B2600-D458-4D89-AE8F-76494E1C43E6}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 08:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://go.compaq.com/1Q00CDT/0409/bl7.asp mSearch Bar = hxxp://go.compaq.com/1Q00CDT/0409/bl8.asp IE: Add to filterlist (WebWasher) - http://-Web.Washer-/ie_add IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\BDR\Application Data\Mozilla\Firefox\Profiles\34l4k4yx.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/ FF - plugin: c:\documents and settings\BDR\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); . - - - - ORPHANS REMOVED - - - - MSConfigStartUp-Skype - c:\program files\Skype\Phone\Skype.exe MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre1.6.0_07\bin\jusched.exe MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-06-18 22:23 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(520) c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll - - - - - - - > 'explorer.exe'(2820) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Avira\AntiVir Desktop\avguard.exe c:\windows\system32\inetsrv\inetinfo.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\mssql7\binn\sqlservr.exe c:\program files\Avira\AntiVir Desktop\avshadow.exe c:\windows\AGRSMMSG.exe c:\mssql7\Binn\sqlmangr.exe . ************************************************************************** . Completion time: 2010-06-18 22:27:20 - machine was rebooted ComboFix-quarantined-files.txt 2010-06-19 02:27 Pre-Run: 17,326,874,624 bytes free Post-Run: 17,468,321,792 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect - - End Of File - - C97B5F2C8939DE10CB460A7DC2C8E71F -
PC Infected with Malware Please help
Bdr187 replied to Bdr187's topic in Resolved Malware Removal Logs
Still redirecting - I check my roomates computer and asked the other one, they are not having the same issue. GooredFix by jpshortstuff (08.01.10.1) Log created at 14:41 on 18/06/2010 (BDR) Firefox version 3.5.9 (en-US) ========== GooredScan ========== (none) ========== GooredLog ========== C:\Program Files\Mozilla Firefox\extensions\ {972ce4c6-7e08-4474-a285-3208198ce6fd} [13:36 16/10/2008] {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [05:00 15/06/2010] C:\Documents and Settings\BDR\Application Data\Mozilla\Firefox\Profiles\34l4k4yx.default\extensions\ (none) [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [04:59 15/06/2010] -=E.O.F=- -
PC Infected with Malware Please help
Bdr187 replied to Bdr187's topic in Resolved Malware Removal Logs
If I do that, will I have to re-do the setup and network key? I am using a wireless router and I have two other roomates that are using it. What do you think it will accomplish by resetting the router? -
PC Infected with Malware Please help
Bdr187 replied to Bdr187's topic in Resolved Malware Removal Logs
I am still getting some redirects when using search engines on Mozilla Firefox. Also, recently Avira quarantined the file C:\SystemVolumeInformation\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP7\A0012364.exe for a TR/Meredrop.A.10870 -
PC Infected with Malware Please help
Bdr187 replied to Bdr187's topic in Resolved Malware Removal Logs
Well, still experiencing some issues with that particular user account. Certain things won't load correctly or work. For example the add/remove programs list doesn't load up correctly and sometimes I have trouble logging off or shutting down. Also, things seem to take longer to install. I created a new user account and things seem to be running smoother, altough I still can't get google chrome to run. I have uninstalled and re-installed it but everytime I bring it up it crashes. -
PC Infected with Malware Please help
Bdr187 replied to Bdr187's topic in Resolved Malware Removal Logs
i ran otl - without changing Standard Registry and Drivers to all, here are the results: OTL logfile created on: 6/17/2010 3:26:34 PM - Run 4 OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\Lister\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 88.00% Memory free 4.00 Gb Paging File | 4.00 Gb Available in Paging File | 93.00% Paging File free Paging file location(s): C:\pagefile.sys 756 1512 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 37.26 Gb Total Space | 16.76 Gb Free Space | 44.98% Space Free | Partition Type: NTFS Drive D: | 562.06 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Drive E: | 145.87 Gb Total Space | 115.62 Gb Free Space | 79.26% Space Free | Partition Type: NTFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: LISTINGPA0113 Current User Name: Lister Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2010/06/14 13:40:47 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lister\Desktop\OTL.exe PRC - [2010/06/02 20:50:58 | 001,144,104 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe PRC - [2010/04/21 21:52:42 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2010/03/02 10:28:31 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2010/02/24 09:28:09 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2010/01/14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2008/04/13 20:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [1998/11/27 23:43:52 | 004,964,624 | ---- | M] (Microsoft Corporation) -- C:\MSSQL7\Binn\sqlservr.exe PRC - [1998/11/13 02:06:48 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\MSSQL7\Binn\sqlmangr.exe ========== Modules (SafeList) ========== MOD - [2010/06/14 13:40:47 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lister\Desktop\OTL.exe MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- -- (PVDMAutoSvc) SRV - [2010/04/25 13:31:55 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2010/04/21 21:52:42 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010/02/24 09:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2008/04/13 20:12:36 | 000,092,160 | --S- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\acctresy.exe -- (MSSQLServerupnphost) SRV - [2008/04/13 20:12:36 | 000,079,872 | --S- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\acleditx.exe -- (oseW3SVC) SRV - [2008/04/13 20:12:36 | 000,079,360 | --S- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\admwproxo.exe -- (SENSAntiVirSchedulerService) SRV - [2008/04/13 20:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC) SRV - [2008/04/13 20:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP) SRV - [2008/04/13 20:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN) SRV - [1998/11/27 23:43:52 | 004,964,624 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\MSSQL7\Binn\sqlservr.exe -- (MSSQLServer) SRV - [1998/11/13 02:09:58 | 000,339,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\MSSQL7\Binn\sqlagent.exe -- (SQLServerAgent) ========== Driver Services (SafeList) ========== DRV - [2010/03/01 09:05:24 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2010/02/16 13:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009/05/11 11:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2009/05/11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2008/08/14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\adfs.sys -- (adfs) DRV - [2008/04/13 14:36:38 | 000,020,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hidbatt.sys -- (HidBatt) DRV - [2007/10/02 04:06:40 | 000,451,968 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73) DRV - [2005/03/04 12:02:20 | 001,066,278 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2004/12/22 01:32:12 | 000,369,024 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX) DRV - [2004/08/03 13:29:50 | 000,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wVchNTxx.sys -- (iAimFP4) DRV - [2004/08/03 13:29:48 | 000,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wSiINTxx.sys -- (iAimFP3) DRV - [2004/08/03 13:29:46 | 000,025,471 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV10nt.sys -- (iAimTV5) DRV - [2004/08/03 13:29:46 | 000,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys -- (iAimTV4) DRV - [2004/08/03 13:29:46 | 000,022,271 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV06nt.sys -- (iAimTV6) DRV - [2004/08/03 13:29:44 | 000,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV04nt.sys -- (iAimTV3) DRV - [2004/08/03 13:29:44 | 000,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV02NT.sys -- (iAimTV1) DRV - [2004/08/03 13:29:42 | 000,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV01nt.sys -- (iAimTV0) DRV - [2004/08/03 13:29:42 | 000,011,871 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV09NT.sys -- (iAimFP7) DRV - [2004/08/03 13:29:40 | 000,011,807 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV07nt.sys -- (iAimFP5) DRV - [2004/08/03 13:29:40 | 000,011,295 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV08NT.sys -- (iAimFP6) DRV - [2004/08/03 13:29:38 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\i81xnt5.sys -- (i81x) DRV - [2004/08/03 13:29:38 | 000,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV01nt.sys -- (iAimFP0) DRV - [2004/08/03 13:29:38 | 000,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV02NT.sys -- (iAimFP1) DRV - [2004/08/03 13:29:38 | 000,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV05NT.sys -- (iAimFP2) DRV - [2002/05/08 14:44:42 | 000,105,472 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\adpu320.sys -- (adpu320) DRV - [2002/04/04 02:32:06 | 000,028,416 | R--- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symmpi.sys -- (Symmpi) DRV - [2001/08/17 12:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3) DRV - [2001/08/17 12:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi) DRV - [2001/08/17 12:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx) DRV - [2001/08/17 12:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810) DRV - [2001/08/17 03:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Intel® 82801 Audio Driver Install Service (WDM) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/" FF - prefs.js..extensions.enabledItems: anycolor.pavlos256@gmail.com:0.3.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.8 FF - prefs.js..extensions.enabledItems: {e2c58150-9d72-11dd-ad8b-0800200c9a66}:1.2.2 FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/15 00:23:55 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/29 21:47:17 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/05/26 14:53:50 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010/06/05 23:03:45 | 000,000,000 | ---D | M] [2010/05/26 14:54:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lister\Application Data\Mozilla\Extensions [2010/05/26 14:54:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Lister\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2010/06/17 01:02:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lister\Application Data\Mozilla\Firefox\Profiles\76k5crmz.default\extensions [2010/05/20 16:48:06 | 000,000,000 | ---D | M] (Web Developer) -- C:\Documents and Settings\Lister\Application Data\Mozilla\Firefox\Profiles\76k5crmz.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12} [2009/06/29 16:02:07 | 000,000,000 | ---D | M] (Black Steel) -- C:\Documents and Settings\Lister\Application Data\Mozilla\Firefox\Profiles\76k5crmz.default\extensions\{e2c58150-9d72-11dd-ad8b-0800200c9a66} [2009/06/29 16:11:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lister\Application Data\Mozilla\Firefox\Profiles\76k5crmz.default\extensions\anycolor.pavlos256@gmail.com [2010/06/17 01:02:47 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010/06/15 01:01:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010/06/15 00:59:03 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll O1 HOSTS File: ([2010/06/14 23:38:16 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [setRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [srmclean] C:\cpqs\scom\srmclean.exe () O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk = C:\MSSQL7\Binn\sqlmangr.exe (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\Lister\Start Menu\Programs\Startup\sisytj32.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.) O15 - HKCU\..Trusted Domains: infopia.com ([app] https in Trusted sites) O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Jojo's%20Fashion%20Show/Images/stg_drm.ocx (SpinTop DRM Control) O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} http://auctioninn.expressdynamics.com/glob...rts/ScriptX.cab (MeadCo ScriptX) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Mahjong%20World/Images/armhelper.ocx (ArmHelper Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\sdra64.exe) - C:\WINDOWS\system32\sdra64.exe () O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - File not found O24 - Desktop WallPaper: C:\Documents and Settings\Lister\My Documents\Downloads\wallpaper-phils500px2.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Lister\My Documents\Downloads\wallpaper-phils500px2.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2003/07/16 11:38:10 | 000,000,110 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ] O33 - MountPoints2\{a6132d6c-f271-11db-8e54-000ffe1ad6f5}\Shell\AutoRun\command - "" = E:\GETMYPIX.EXE -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010/06/16 01:09:37 | 000,220,024 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\sigcheck.exe [2010/06/16 00:57:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\maxdriver [2010/06/15 01:00:55 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl [2010/06/15 01:00:52 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2010/06/15 01:00:52 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2010/06/15 01:00:52 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2010/06/15 00:58:14 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2010/06/14 23:32:53 | 000,000,000 | ---D | C] -- C:\_OTL [2010/06/14 13:41:28 | 000,572,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Lister\Desktop\OTL.exe [2010/06/14 13:30:48 | 000,000,000 | -HSD | C] -- C:\WINDOWS\System32\lowsec [2010/06/14 13:24:36 | 000,998,736 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\Lister\Desktop\TDSSKiller.exe [2010/06/14 07:18:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia [2010/06/14 07:18:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe [2010/06/11 15:08:23 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC [2010/06/11 06:38:28 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Lister\Recent [2010/06/11 06:08:36 | 000,000,000 | ---D | C] -- C:\ComboFix [2010/06/11 06:06:01 | 000,000,000 | ---D | C] -- C:\Qoobox [2010/06/11 04:44:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData [2010/06/10 21:50:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lister\Local Settings\Application Data\Windows Server [2010/06/10 18:20:24 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll [2010/06/05 23:11:21 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF [2010/06/05 23:07:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lister\Application Data\vlc [2010/06/05 23:05:54 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN [2010/06/05 23:03:49 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Lister\My Documents\My Videos [2010/06/05 23:03:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lister\Application Data\DivX [2010/06/05 23:03:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lister\My Documents\DivX Movies [2010/06/05 23:03:16 | 002,120,176 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxsfs.dll [2010/06/05 23:03:16 | 000,133,616 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxafs.dll [2010/06/05 23:03:16 | 000,126,448 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxinsi64.exe [2010/06/05 23:03:16 | 000,123,888 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxcpyi64.exe [2010/06/05 23:03:16 | 000,068,592 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxinsa64.exe [2010/06/05 23:03:16 | 000,068,080 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxcpya64.exe [2010/06/05 23:02:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared [2010/06/05 22:58:25 | 000,000,000 | ---D | C] -- C:\Program Files\DivX [2010/06/05 22:57:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DivX [2010/06/03 23:53:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lister\Desktop\infinitos [2010/06/02 15:50:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lister\Desktop\photos [2010/05/26 14:53:46 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird [2010/05/25 11:31:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lister\Desktop\Copy of final-project [2010/05/23 14:54:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lister\Desktop\final-project [2010/05/23 14:12:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lister\Desktop\final-project3 [2010/05/22 00:53:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lister\Desktop\photoshop class [2010/05/20 13:14:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lister\Desktop\modelportfolio [2010/05/20 11:51:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lister\Desktop\WJTL [2010/05/20 11:17:34 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Lister\IECompatCache [1 C:\Documents and Settings\Lister\*.tmp files -> C:\Documents and Settings\Lister\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010/06/17 15:32:22 | 000,283,118 | ---- | M] () -- C:\WINDOWS\System32\aaclientf.sys [2010/06/17 15:31:06 | 000,255,543 | -HS- | M] () -- C:\WINDOWS\System32\acctresyb.sys [2010/06/17 15:25:52 | 000,425,684 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010/06/17 15:25:52 | 000,068,202 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010/06/17 15:25:51 | 000,502,068 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010/06/17 15:23:18 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{3CEE98FE-820D-476B-80C3-A47DCB8D2626}.job [2010/06/17 15:23:09 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010/06/17 15:21:37 | 000,000,372 | --S- | M] () -- C:\WINDOWS\System32\3618941941.dat [2010/06/17 15:20:40 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010/06/17 15:20:37 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010/06/17 01:12:00 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1535821286-3378883779-1973138654-1018UA.job [2010/06/17 01:10:38 | 004,307,242 | -H-- | M] () -- C:\Documents and Settings\Lister\Local Settings\Application Data\IconCache.db [2010/06/17 00:30:47 | 000,000,280 | --S- | M] () -- C:\WINDOWS\System32\1891678095.dat [2010/06/17 00:14:26 | 004,980,736 | ---- | M] () -- C:\Documents and Settings\Lister\ntuser.dat [2010/06/17 00:14:26 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Lister\ntuser.ini [2010/06/16 00:57:43 | 000,013,719 | ---- | M] () -- C:\WINDOWS\look.bat [2010/06/16 00:55:49 | 001,138,992 | ---- | M] () -- C:\Documents and Settings\Lister\Desktop\maxlook.exe [2010/06/15 15:12:05 | 000,000,918 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1535821286-3378883779-1973138654-1018Core.job [2010/06/15 14:04:45 | 000,016,384 | ---- | M] () -- C:\Documents and Settings\Lister\Desktop\paradise.xls [2010/06/15 01:28:11 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2010/06/15 00:58:58 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2010/06/15 00:58:58 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2010/06/15 00:58:58 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2010/06/15 00:58:58 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl [2010/06/15 00:58:56 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll [2010/06/14 23:38:16 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts [2010/06/14 13:40:47 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lister\Desktop\OTL.exe [2010/06/11 21:19:48 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Lister\defogger_reenable [2010/06/11 21:01:52 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Lister\Desktop\qb6qvrow.exe [2010/06/11 21:01:06 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Lister\Desktop\dds.scr [2010/06/11 21:00:00 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Lister\Desktop\Defogger.exe [2010/06/10 22:07:39 | 001,997,136 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010/06/10 15:43:52 | 000,056,832 | ---- | M] () -- C:\Documents and Settings\Lister\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/06/09 23:18:57 | 000,038,787 | ---- | M] () -- C:\Documents and Settings\Lister\My Documents\cdrw5-28-10.ashprj [2010/06/09 18:15:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\Norton PC Checkup Weekday Scanner.job [2010/06/07 16:16:54 | 000,220,024 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\sigcheck.exe [2010/06/06 17:56:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\Norton PC Checkup Weekend Scanner.job [2010/06/05 23:06:22 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk [2010/06/05 23:03:49 | 000,001,472 | ---- | M] () -- C:\Documents and Settings\Lister\Desktop\DivX Movies.lnk [2010/06/05 23:03:31 | 000,000,777 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Player.lnk [2010/06/05 23:03:10 | 000,000,817 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Converter.lnk [2010/05/31 10:41:12 | 000,998,736 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\Lister\Desktop\TDSSKiller.exe [2010/05/26 22:00:00 | 000,035,328 | ---- | M] () -- C:\Documents and Settings\Lister\Desktop\consignments.xls [2010/05/26 14:53:53 | 000,001,668 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Thunderbird.lnk [2010/05/24 16:10:00 | 000,049,664 | ---- | M] () -- C:\Documents and Settings\Lister\My Documents\uc.doc [2010/05/23 22:11:58 | 000,007,118 | ---- | M] () -- C:\Documents and Settings\Lister\My Documents\bradmix5-20.ashprj [1 C:\Documents and Settings\Lister\*.tmp files -> C:\Documents and Settings\Lister\*.tmp -> ] ========== Files Created - No Company Name ========== [2010/06/16 13:42:00 | 000,255,135 | -HS- | C] () -- C:\WINDOWS\System32\acctresyb.sys [2010/06/16 13:42:00 | 000,000,468 | ---- | C] () -- C:\WINDOWS\System32\aaclientf.sys [2010/06/16 00:57:31 | 000,013,719 | ---- | C] () -- C:\WINDOWS\look.bat [2010/06/16 00:56:24 | 001,138,992 | ---- | C] () -- C:\Documents and Settings\Lister\Desktop\maxlook.exe [2010/06/15 15:07:41 | 000,000,970 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1535821286-3378883779-1973138654-1018UA.job [2010/06/15 15:07:40 | 000,000,918 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1535821286-3378883779-1973138654-1018Core.job [2010/06/15 00:02:56 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2010/06/14 13:19:33 | 000,000,372 | --S- | C] () -- C:\WINDOWS\System32\3618941941.dat [2010/06/11 21:19:48 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Lister\defogger_reenable [2010/06/11 21:19:40 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Lister\Desktop\dds.scr [2010/06/11 21:19:40 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Lister\Desktop\qb6qvrow.exe [2010/06/11 21:19:40 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Lister\Desktop\Defogger.exe [2010/06/10 22:10:54 | 004,980,736 | ---- | C] () -- C:\Documents and Settings\Lister\ntuser.dat [2010/06/10 21:46:42 | 000,000,280 | --S- | C] () -- C:\WINDOWS\System32\1891678095.dat [2010/06/10 21:46:25 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\dhxiuw.dat [2010/06/05 23:06:21 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk [2010/06/05 23:03:49 | 000,001,472 | ---- | C] () -- C:\Documents and Settings\Lister\Desktop\DivX Movies.lnk [2010/06/05 23:03:31 | 000,000,777 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Player.lnk [2010/06/05 23:03:10 | 000,000,817 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Converter.lnk [2010/06/01 15:18:09 | 000,016,384 | ---- | C] () -- C:\Documents and Settings\Lister\Desktop\paradise.xls [2010/05/28 14:06:54 | 000,038,787 | ---- | C] () -- C:\Documents and Settings\Lister\My Documents\cdrw5-28-10.ashprj [2010/05/26 14:57:53 | 000,035,328 | ---- | C] () -- C:\Documents and Settings\Lister\Desktop\consignments.xls [2010/05/26 14:53:53 | 000,001,668 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Thunderbird.lnk [2010/05/24 16:10:00 | 000,049,664 | ---- | C] () -- C:\Documents and Settings\Lister\My Documents\uc.doc [2010/05/21 16:39:44 | 000,007,118 | ---- | C] () -- C:\Documents and Settings\Lister\My Documents\bradmix5-20.ashprj [2010/05/20 11:17:19 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{3CEE98FE-820D-476B-80C3-A47DCB8D2626}.job [2009/12/02 14:49:58 | 000,000,021 | ---- | C] () -- C:\WINDOWS\.picasa.ini [2009/06/07 10:24:04 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2009/06/07 10:16:12 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2009/02/13 22:30:24 | 000,000,121 | ---- | C] () -- C:\WINDOWS\System32\IeeeU.sys [2009/02/08 17:45:38 | 000,000,071 | ---- | C] () -- C:\WINDOWS\System32\tencent.sys [2009/02/08 08:48:29 | 000,000,087 | ---- | C] () -- C:\WINDOWS\System32\liuliuwang.sys [2009/02/08 08:47:05 | 000,000,059 | ---- | C] () -- C:\WINDOWS\System32\dRfT.sys [2009/02/07 19:49:42 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\lopd.sys [2009/01/30 23:50:13 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\Ls09.sys [2009/01/28 14:50:44 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2009/01/27 17:01:21 | 000,000,065 | ---- | C] () -- C:\WINDOWS\System32\IU.sys [2009/01/23 20:44:44 | 000,000,005 | ---- | C] () -- C:\WINDOWS\System32\dboy1.sys [2009/01/23 20:44:42 | 000,000,076 | ---- | C] () -- C:\WINDOWS\System32\v6XXaks8.sys [2009/01/20 17:34:39 | 000,011,521 | ---- | C] () -- C:\WINDOWS\MSUMLT_Q.ini [2006/06/06 11:36:33 | 000,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini [2006/06/06 11:36:33 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini [2006/06/06 11:36:08 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini [2006/06/06 11:36:08 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini [2006/06/06 11:36:07 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini [2006/01/12 18:24:35 | 000,000,070 | ---- | C] () -- C:\WINDOWS\bi_group.ini [2006/01/12 18:15:57 | 000,257,536 | ---- | C] () -- C:\WINDOWS\System32\BiImg.dll [2005/05/08 14:32:06 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2005/05/08 14:28:55 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2005/05/08 14:27:42 | 000,001,058 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2003/02/03 16:26:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll [2003/01/07 18:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI ========== Custom Scans ========== < MD5 for: REDBOOK.SYS > [2004/08/04 09:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:redbook.sys [2004/08/04 04:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:redbook.sys [2008/07/12 11:15:43 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:redbook.sys [2008/07/12 11:15:43 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:redbook.sys [2004/08/04 01:59:38 | 000,057,472 | ---- | M] (Microsoft Corporation) MD5=B31B4588E4086D8D84ADBF9845C2402B -- C:\WINDOWS\$NtServicePackUninstall$\redbook.sys [2008/04/13 14:40:27 | 000,057,600 | ---- | M] (Microsoft Corporation) MD5=F828DD7E1419B6653894A8F97A0094C5 -- C:\WINDOWS\ServicePackFiles\i386\redbook.sys [2008/04/13 14:40:28 | 000,057,600 | ---- | M] (Microsoft Corporation) MD5=F828DD7E1419B6653894A8F97A0094C5 -- C:\WINDOWS\system32\dllcache\redbook.sys [2008/04/13 14:40:27 | 000,057,600 | ---- | M] (Microsoft Corporation) MD5=F828DD7E1419B6653894A8F97A0094C5 -- C:\WINDOWS\system32\drivers\REDBOOK.SYS [2008/04/13 14:40:27 | 000,057,600 | ---- | M] () MD5=FD6603E11F3AAB8DF4D279D3AC95BF06 -- C:\WINDOWS\maxdriver\redbook.sys < End of report > -
PC Infected with Malware Please help
Bdr187 replied to Bdr187's topic in Resolved Malware Removal Logs
========== FILES ========== File C:\WINDOWS\system32\drivers\redbook.sys successfully replaced with C:\WINDOWS\ServicePackFiles\i386\redbook.sys ========== COMMANDS ========== OTL by OldTimer - Version 3.2.6.0 log created on 06172010_001328 OTL logfile created on: 6/17/2010 12:22:37 AM - Run 3 OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\Lister\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 87.00% Memory free 4.00 Gb Paging File | 4.00 Gb Available in Paging File | 91.00% Paging File free Paging file location(s): C:\pagefile.sys 756 1512 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 37.26 Gb Total Space | 16.77 Gb Free Space | 45.00% Space Free | Partition Type: NTFS Drive D: | 562.06 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Drive E: | 145.87 Gb Total Space | 115.62 Gb Free Space | 79.26% Space Free | Partition Type: NTFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: LISTINGPA0113 Current User Name: Lister Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2010/06/14 13:40:47 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lister\Desktop\OTL.exe PRC - [2010/06/02 20:50:58 | 001,144,104 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe PRC - [2010/04/26 21:45:27 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2010/04/21 21:52:42 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2010/03/02 10:28:31 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2010/02/24 09:28:09 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2010/01/14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2008/04/13 20:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [1998/11/27 23:43:52 | 004,964,624 | ---- | M] (Microsoft Corporation) -- C:\MSSQL7\Binn\sqlservr.exe PRC - [1998/11/13 02:06:48 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\MSSQL7\Binn\sqlmangr.exe ========== Modules (SafeList) ========== MOD - [2010/06/14 13:40:47 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lister\Desktop\OTL.exe MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- -- (PVDMAutoSvc) SRV - [2010/04/25 13:31:55 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2010/04/21 21:52:42 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010/02/24 09:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2008/04/13 20:12:36 | 000,092,160 | --S- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\acctresy.exe -- (MSSQLServerupnphost) SRV - [2008/04/13 20:12:36 | 000,079,872 | --S- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\acleditx.exe -- (oseW3SVC) SRV - [2008/04/13 20:12:36 | 000,079,360 | --S- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\admwproxo.exe -- (SENSAntiVirSchedulerService) SRV - [2008/04/13 20:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC) SRV - [2008/04/13 20:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP) SRV - [2008/04/13 20:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN) SRV - [1998/11/27 23:43:52 | 004,964,624 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\MSSQL7\Binn\sqlservr.exe -- (MSSQLServer) SRV - [1998/11/13 02:09:58 | 000,339,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\MSSQL7\Binn\sqlagent.exe -- (SQLServerAgent) ========== Driver Services (All) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | Disabled | Stopped] -- -- (ultra) DRV - File not found [Kernel | Disabled | Stopped] -- -- (TosIde) DRV - File not found [Kernel | Disabled | Stopped] -- -- (Sparrow) DRV - File not found [Kernel | Disabled | Stopped] -- -- (Simbad) DRV - File not found [Kernel | Disabled | Stopped] -- -- (ql1280) DRV - File not found [Kernel | Disabled | Stopped] -- -- (ql1240) DRV - File not found [Kernel | Disabled | Stopped] -- -- (ql12160) DRV - File not found [Kernel | Disabled | Stopped] -- -- (Ql10wnt) DRV - File not found [Kernel | Disabled | Stopped] -- -- (ql1080) DRV - File not found [Kernel | Disabled | Stopped] -- -- (perc2hib) DRV - File not found [Kernel | Disabled | Stopped] -- -- (perc2) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | Disabled | Stopped] -- -- (mraid35x) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | Disabled | Stopped] -- -- (ini910u) DRV - File not found [Kernel | Disabled | Stopped] -- -- (i2omp) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | Disabled | Stopped] -- -- (hpn) DRV - File not found [Kernel | Disabled | Stopped] -- -- (dac960nt) DRV - File not found [Kernel | Disabled | Stopped] -- -- (Cpqarray) DRV - File not found [Kernel | Disabled | Stopped] -- -- (CmdIde) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - File not found [Kernel | Disabled | Stopped] -- -- (cd20xrnt) DRV - File not found [Kernel | Disabled | Stopped] -- -- (Atdisk) DRV - File not found [Kernel | Disabled | Stopped] -- -- (asc3550) DRV - File not found [Kernel | Disabled | Stopped] -- -- (asc3350p) DRV - File not found [Kernel | Disabled | Stopped] -- -- (asc) DRV - File not found [Kernel | Disabled | Stopped] -- -- (amsint) DRV - File not found [Kernel | Disabled | Stopped] -- -- (AliIde) DRV - File not found [Kernel | Disabled | Stopped] -- -- (Aha154x) DRV - File not found [Kernel | Disabled | Stopped] -- -- (abp480n5) DRV - File not found [Kernel | Disabled | Stopped] -- -- (Abiosdsk) DRV - [2010/06/14 13:32:37 | 000,361,600 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip.sys -- (Tcpip) DRV - [2010/04/27 14:40:40 | 000,045,648 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20) DRV - [2010/03/01 09:05:24 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2010/02/24 09:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\mrxsmb.sys -- (MRxSmb) DRV - [2010/02/16 13:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009/12/31 12:50:03 | 000,353,792 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\srv.sys -- (Srv) DRV - [2009/10/20 12:20:16 | 000,265,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\http.sys -- (HTTP) DRV - [2009/06/24 07:18:41 | 000,092,928 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ksecdd.sys -- (KSecDD) DRV - [2009/05/11 11:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2009/05/11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2008/08/14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\adfs.sys -- (adfs) DRV - [2008/08/14 06:04:36 | 000,138,496 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\afd.sys -- (AFD) DRV - [2008/04/13 20:13:22 | 000,139,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rdpwd.sys -- (RDPWD) DRV - [2008/04/13 20:13:21 | 000,021,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tdtcp.sys -- (TDTCP) DRV - [2008/04/13 20:13:20 | 000,040,840 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\termdd.sys -- (TermDD) DRV - [2008/04/13 20:13:20 | 000,012,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tdpipe.sys -- (TDPIPE) DRV - [2008/04/13 15:39:48 | 000,014,592 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid) DRV - [2008/04/13 15:28:39 | 000,175,744 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\rdbss.sys -- (Rdbss) DRV - [2008/04/13 15:21:00 | 000,162,816 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\netbt.sys -- (NetBT) DRV - [2008/04/13 15:20:42 | 000,091,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ndiswan.sys -- (NdisWan) DRV - [2008/04/13 15:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ndis.sys -- (NDIS) DRV - [2008/04/13 15:19:48 | 000,048,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\raspptp.sys -- (PptpMiniport) WAN Miniport (PPTP) DRV - [2008/04/13 15:19:43 | 000,051,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rasl2tp.sys -- (Rasl2tp) WAN Miniport (L2TP) DRV - [2008/04/13 15:19:42 | 000,075,264 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ipsec.sys -- (IPSec) DRV - [2008/04/13 15:18:00 | 000,052,480 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\i8042prt.sys -- (i8042prt) DRV - [2008/04/13 15:17:18 | 000,083,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wdmaud.sys -- (wdmaud) DRV - [2008/04/13 15:17:05 | 000,105,344 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\mup.sys -- (Mup) DRV - [2008/04/13 15:15:55 | 000,060,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sysaudio.sys -- (sysaudio) DRV - [2008/04/13 15:15:53 | 000,574,976 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\ntfs.sys -- (Ntfs) DRV - [2008/04/13 15:15:45 | 000,064,512 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\serial.sys -- (Serial) DRV - [2008/04/13 15:14:29 | 000,143,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\fastfat.sys -- (Fastfat) DRV - [2008/04/13 15:14:21 | 000,063,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\cdfs.sys -- (Cdfs) DRV - [2008/04/13 15:00:19 | 000,030,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\modem.sys -- (Modem) DRV - [2008/04/13 14:57:32 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\raspppoe.sys -- (RasPppoe) DRV - [2008/04/13 14:57:29 | 000,040,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ndproxy.sys -- (NDProxy) DRV - [2008/04/13 14:57:27 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\asyncmac.sys -- (AsyncMac) DRV - [2008/04/13 14:57:27 | 000,010,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ndistapi.sys -- (NdisTapi) DRV - [2008/04/13 14:57:21 | 000,034,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanarp.sys -- (Wanarp) DRV - [2008/04/13 14:57:15 | 000,152,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ipnat.sys -- (IpNat) DRV - [2008/04/13 14:57:07 | 000,020,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ipinip.sys -- (IpInIp) DRV - [2008/04/13 14:56:32 | 000,035,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msgpc.sys -- (Gpc) DRV - [2008/04/13 14:56:02 | 000,034,688 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\netbios.sys -- (NetBIOS) DRV - [2008/04/13 14:55:58 | 000,014,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ndisuio.sys -- (Ndisuio) DRV - [2008/04/13 14:54:28 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irenum.sys -- (IRENUM) DRV - [2008/04/13 14:53:34 | 000,036,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ip6fw.sys -- (Ip6Fw) DRV - [2008/04/13 14:51:25 | 000,059,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atmarpc.sys -- (Atmarpc) DRV - [2008/04/13 14:45:40 | 000,032,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbccgp.sys -- (usbccgp) DRV - [2008/04/13 14:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbstor.sys -- (USBSTOR) DRV - [2008/04/13 14:45:37 | 000,059,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbhub.sys -- (usbhub) DRV - [2008/04/13 14:45:35 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbehci.sys -- (usbehci) DRV - [2008/04/13 14:45:35 | 000,020,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbuhci.sys -- (usbuhci) DRV - [2008/04/13 14:45:27 | 000,010,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hidusb.sys -- (HidUsb) DRV - [2008/04/13 14:45:13 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\drmkaud.sys -- (drmkaud) DRV - [2008/04/13 14:45:09 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\kmixer.sys -- (kmixer) DRV - [2008/04/13 14:45:09 | 000,056,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swmidi.sys -- (swmidi) DRV - [2008/04/13 14:45:07 | 000,006,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\splitter.sys -- (splitter) DRV - [2008/04/13 14:45:01 | 000,052,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dmusic.sys -- (DMusic) DRV - [2008/04/13 14:44:48 | 000,799,744 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dmboot.sys -- (dmboot) DRV - [2008/04/13 14:44:46 | 000,153,344 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\dmio.sys -- (dmio) DRV - [2008/04/13 14:44:40 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\vga.sys -- (VgaSave) DRV - [2008/04/13 14:41:01 | 000,052,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\volsnap.sys -- (VolSnap) DRV - [2008/04/13 14:40:58 | 000,042,112 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\imapi.sys -- (Imapi) DRV - [2008/04/13 14:40:49 | 000,019,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\partmgr.sys -- (PartMgr) DRV - [2008/04/13 14:40:48 | 000,011,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\sfloppy.sys -- (Sfloppy) DRV - [2008/04/13 14:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\disk.sys -- (Disk) DRV - [2008/04/13 14:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdrom.sys -- (Cdrom) DRV - [2008/04/13 14:40:31 | 000,005,376 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\viaide.sys -- (ViaIde) DRV - [2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\atapi.sys -- (atapi) DRV - [2008/04/13 14:40:29 | 000,005,504 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\intelide.sys -- (IntelIde) DRV - [2008/04/13 14:40:28 | 000,057,600 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\redbook.sys -- (redbook) DRV - [2008/04/13 14:40:25 | 000,027,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\fdc.sys -- (Fdc) DRV - [2008/04/13 14:40:25 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\flpydisk.sys -- (Flpydisk) DRV - [2008/04/13 14:40:12 | 000,015,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\serenum.sys -- (serenum) DRV - [2008/04/13 14:40:10 | 000,080,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\parport.sys -- (Parport) DRV - [2008/04/13 14:39:53 | 000,004,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\swenum.sys -- (swenum) DRV - [2008/04/13 14:39:52 | 000,007,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mskssrv.sys -- (MSKSSRV) DRV - [2008/04/13 14:39:51 | 000,004,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mspqm.sys -- (MSPQM) DRV - [2008/04/13 14:39:50 | 000,005,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mspclock.sys -- (MSPCLOCK) DRV - [2008/04/13 14:39:47 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kbdclass.sys -- (Kbdclass) DRV - [2008/04/13 14:39:47 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mouclass.sys -- (Mouclass) DRV - [2008/04/13 14:39:46 | 000,384,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\update.sys -- (Update) DRV - [2008/04/13 14:39:46 | 000,042,368 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mountmgr.sys -- (MountMgr) DRV - [2008/04/13 14:36:52 | 000,073,472 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sr.sys -- (sr) DRV - [2008/04/13 14:36:46 | 000,015,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mssmbios.sys -- (mssmbios) DRV - [2008/04/13 14:36:44 | 000,068,224 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\pci.sys -- (PCI) DRV - [2008/04/13 14:36:43 | 000,120,192 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\pcmcia.sys -- (Pcmcia) DRV - [2008/04/13 14:36:41 | 000,037,248 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\isapnp.sys -- (isapnp) DRV - [2008/04/13 14:36:38 | 000,020,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hidbatt.sys -- (HidBatt) DRV - [2008/04/13 14:36:37 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\compbatt.sys -- (Compbatt) DRV - [2008/04/13 14:36:35 | 000,187,776 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ACPI.sys -- (ACPI) DRV - [2008/04/13 14:33:28 | 000,044,544 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fips.sys -- (Fips) DRV - [2008/04/13 14:32:59 | 000,129,792 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\fltmgr.sys -- (FltMgr) DRV - [2008/04/13 14:32:51 | 000,196,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rdpdr.sys -- (rdpdr) DRV - [2008/04/13 14:32:44 | 000,180,608 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mrxdav.sys -- (MRxDAV) DRV - [2008/04/13 14:32:39 | 000,030,848 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\npfs.sys -- (Npfs) DRV - [2008/04/13 14:32:39 | 000,019,072 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\msfs.sys -- (Msfs) DRV - [2008/04/13 14:32:36 | 000,066,048 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\udfs.sys -- (Udfs) DRV - [2008/04/13 14:31:32 | 000,036,352 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\intelppm.sys -- (intelppm) DRV - [2008/04/13 14:31:31 | 000,042,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\p3.sys -- (P3) DRV - [2008/04/13 12:39:23 | 000,142,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\aec.sys -- (aec) DRV - [2007/11/13 06:25:53 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv) DRV - [2007/10/02 04:06:40 | 000,451,968 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73) DRV - [2006/09/28 19:00:34 | 000,082,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WudfRd.sys -- (WudfRd) DRV - [2006/09/28 18:55:50 | 000,077,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WudfPf.sys -- (WudfPf) DRV - [2005/03/04 12:02:20 | 001,066,278 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2004/12/22 01:32:12 | 000,369,024 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX) DRV - [2004/08/04 04:00:00 | 000,125,056 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ftdisk.sys -- (Ftdisk) DRV - [2004/08/04 04:00:00 | 000,032,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ipfltdrv.sys -- (IpFilterDriver) DRV - [2004/08/04 04:00:00 | 000,032,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwlnkfwd.sys -- (NwlnkFwd) DRV - [2004/08/04 04:00:00 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\cdaudio.sys -- (Cdaudio) DRV - [2004/08/04 04:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink) DRV - [2004/08/04 04:00:00 | 000,016,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\raspti.sys -- (Raspti) DRV - [2004/08/04 04:00:00 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\cbidf2k.sys -- (cbidf2k) DRV - [2004/08/04 04:00:00 | 000,012,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwlnkflt.sys -- (NwlnkFlt) DRV - [2004/08/04 04:00:00 | 000,011,648 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\acpiec.sys -- (ACPIEC) DRV - [2004/08/04 04:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\rasacd.sys -- (RasAcd) DRV - [2004/08/04 04:00:00 | 000,006,784 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\parvdm.sys -- (ParVdm) DRV - [2004/08/04 04:00:00 | 000,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\dmload.sys -- (dmload) DRV - [2004/08/04 04:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\rdpcdd.sys -- (RDPCDD) DRV - [2004/08/04 04:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mnmdd.sys -- (mnmdd) DRV - [2004/08/04 04:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\beep.sys -- (Beep) DRV - [2004/08/04 04:00:00 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\null.sys -- (Null) DRV - [2004/08/03 13:29:50 | 000,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wVchNTxx.sys -- (iAimFP4) DRV - [2004/08/03 13:29:48 | 000,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wSiINTxx.sys -- (iAimFP3) DRV - [2004/08/03 13:29:46 | 000,025,471 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV10nt.sys -- (iAimTV5) DRV - [2004/08/03 13:29:46 | 000,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys -- (iAimTV4) DRV - [2004/08/03 13:29:46 | 000,022,271 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV06nt.sys -- (iAimTV6) DRV - [2004/08/03 13:29:44 | 000,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV04nt.sys -- (iAimTV3) DRV - [2004/08/03 13:29:44 | 000,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV02NT.sys -- (iAimTV1) DRV - [2004/08/03 13:29:42 | 000,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV01nt.sys -- (iAimTV0) DRV - [2004/08/03 13:29:42 | 000,011,871 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV09NT.sys -- (iAimFP7) DRV - [2004/08/03 13:29:40 | 000,011,807 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV07nt.sys -- (iAimFP5) DRV - [2004/08/03 13:29:40 | 000,011,295 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV08NT.sys -- (iAimFP6) DRV - [2004/08/03 13:29:38 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\i81xnt5.sys -- (i81x) DRV - [2004/08/03 13:29:38 | 000,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV01nt.sys -- (iAimFP0) DRV - [2004/08/03 13:29:38 | 000,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV02NT.sys -- (iAimFP1) DRV - [2004/08/03 13:29:38 | 000,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV05NT.sys -- (iAimFP2) DRV - [2003/09/17 21:44:00 | 000,145,408 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B) Intel® DRV - [2003/08/29 18:09:00 | 000,578,304 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm) DRV - [2003/08/03 19:16:08 | 000,120,094 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ialmsbw.sys -- ({6080A529-897E-4629-A488-ABA0C29B635E}) Intel® Graphics Platform (SoftBIOS) DRV - [2003/08/03 19:16:00 | 000,096,858 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ialmkchw.sys -- ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91}) Intel® Graphics Chipset (KCH) DRV - [2003/08/03 19:15:04 | 000,091,419 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm) DRV - [2002/05/08 14:44:42 | 000,105,472 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\adpu320.sys -- (adpu320) DRV - [2002/04/04 02:32:06 | 000,028,416 | R--- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symmpi.sys -- (Symmpi) DRV - [2002/04/01 10:15:00 | 000,004,816 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (aeaudio) DRV - [2001/08/17 16:51:52 | 000,003,328 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\pciide.sys -- (PCIIde) DRV - [2001/08/17 13:48:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mouhid.sys -- (mouhid) DRV - [2001/08/17 12:07:44 | 000,020,192 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dpti2o.sys -- (dpti2o) DRV - [2001/08/17 12:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3) DRV - [2001/08/17 12:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi) DRV - [2001/08/17 12:07:38 | 000,056,960 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aic78xx.sys -- (aic78xx) DRV - [2001/08/17 12:07:36 | 000,055,168 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aic78u2.sys -- (aic78u2) DRV - [2001/08/17 12:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx) DRV - [2001/08/17 12:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810) DRV - [2001/08/17 12:07:32 | 000,101,888 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\adpu160m.sys -- (adpu160m) DRV - [2001/08/17 04:59:44 | 000,003,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\audstub.sys -- (audstub) DRV - [2001/08/17 03:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Intel® 82801 Audio Driver Install Service (WDM) ========== Standard Registry (All) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/" FF - prefs.js..extensions.enabledItems: anycolor.pavlos256@gmail.com:0.3.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.8 FF - prefs.js..extensions.enabledItems: {e2c58150-9d72-11dd-ad8b-0800200c9a66}:1.2.2 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.9 FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010/06/15 00:59:09 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/15 00:23:55 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/29 21:47:17 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/05/26 14:53:50 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010/06/05 23:03:45 | 000,000,000 | ---D | M] [2010/05/26 14:54:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lister\Application Data\Mozilla\Extensions [2010/05/26 14:54:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Lister\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2008/10/16 09:36:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Lister\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2010/06/16 00:52:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lister\Application Data\Mozilla\Firefox\Profiles\76k5crmz.default\extensions [2010/05/20 16:48:06 | 000,000,000 | ---D | M] (Web Developer) -- C:\Documents and Settings\Lister\Application Data\Mozilla\Firefox\Profiles\76k5crmz.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12} [2009/06/29 16:02:07 | 000,000,000 | ---D | M] (Black Steel) -- C:\Documents and Settings\Lister\Application Data\Mozilla\Firefox\Profiles\76k5crmz.default\extensions\{e2c58150-9d72-11dd-ad8b-0800200c9a66} [2009/06/29 16:11:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lister\Application Data\Mozilla\Firefox\Profiles\76k5crmz.default\extensions\anycolor.pavlos256@gmail.com [2010/06/16 00:28:58 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010/04/26 21:45:41 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2010/06/15 01:01:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010/04/26 21:45:24 | 000,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll [2010/04/26 21:45:24 | 000,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll [2010/06/15 00:59:03 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2010/04/26 21:45:34 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll [2010/04/26 21:45:35 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml [2010/04/26 21:45:35 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml [2010/04/26 21:45:35 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml [2010/04/26 21:45:35 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml [2010/04/26 21:45:35 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml [2010/04/26 21:45:35 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml [2010/04/26 21:45:35 | 000,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml O1 HOSTS File: ([2010/06/14 23:38:16 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation) O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AGRSMMSG] C:\WINDOWS\AGRSMMSG.exe (Agere Systems) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [setRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [srmclean] C:\cpqs\scom\srmclean.exe () O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation) O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk = C:\MSSQL7\Binn\sqlmangr.exe (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\Lister\Start Menu\Programs\Startup\ntuser_mssec.exe () O4 - Startup: C:\Documents and Settings\Lister\Start Menu\Programs\Startup\sisytj32.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O15 - HKCU\..Trusted Domains: infopia.com ([app] https in Trusted sites) O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Jojo's%20Fashion%20Show/Images/stg_drm.ocx (SpinTop DRM Control) O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} http://auctioninn.expressdynamics.com/glob...rts/ScriptX.cab (MeadCo ScriptX) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Mahjong%20World/Images/armhelper.ocx (ArmHelper Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\sdra64.exe) - C:\WINDOWS\system32\sdra64.exe () O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation) O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation) O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation) O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation) O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - File not found O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation) O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation) O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation) O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O24 - Desktop Components:0 (My Current Home Page) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\Lister\My Documents\Downloads\wallpaper-phils500px2.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Lister\My Documents\Downloads\wallpaper-phils500px2.bmp O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation) O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation) O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2003/07/16 11:38:10 | 000,000,110 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ] O33 - MountPoints2\{a6132d6c-f271-11db-8e54-000ffe1ad6f5}\Shell\AutoRun\command - "" = E:\GETMYPIX.EXE -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010/06/16 01:09:37 | 000,220,024 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\sigcheck.exe [2010/06/16 00:57:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\maxdriver [2010/06/15 01:00:55 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl [2010/06/15 01:00:52 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2010/06/15 01:00:52 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2010/06/15 01:00:52 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2010/06/15 00:58:14 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2010/06/14 23:32:53 | 000,000,000 | ---D | C] -- C:\_OTL [2010/06/14 13:41:28 | 000,572,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Lister\Desktop\OTL.exe [2010/06/14 13:30:48 | 000,000,000 | -HSD | C] -- C:\WINDOWS\System32\lowsec [2010/06/14 13:24:36 | 000,998,736 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\Lister\Desktop\TDSSKiller.exe [2010/06/14 07:18:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia [2010/06/14 07:18:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe [2010/06/11 15:08:23 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC [2010/06/11 06:38:28 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Lister\Recent [2010/06/11 06:08:36 | 000,000,000 | ---D | C] -- C:\ComboFix [2010/06/11 06:06:01 | 000,000,000 | ---D | C] -- C:\Qoobox [2010/06/11 04:44:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData [2010/06/10 21:50:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lister\Local Settings\Application Data\Windows Server [2010/06/10 18:20:24 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll [2010/06/05 23:11:21 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF [2010/06/05 23:07:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lister\Application Data\vlc [2010/06/05 23:05:54 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN [2010/06/05 23:03:49 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Lister\My Documents\My Videos [2010/06/05 23:03:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lister\Application Data\DivX [2010/06/05 23:03:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lister\My Documents\DivX Movies [2010/06/05 23:03:16 | 002,120,176 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxsfs.dll [2010/06/05 23:03:16 | 000,133,616 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxafs.dll [2010/06/05 23:03:16 | 000,126,448 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxinsi64.exe [2010/06/05 23:03:16 | 000,123,888 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxcpyi64.exe [2010/06/05 23:03:16 | 000,068,592 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxinsa64.exe [2010/06/05 23:03:16 | 000,068,080 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxcpya64.exe [2010/06/05 23:02:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared [2010/06/05 22:58:25 | 000,000,000 | ---D | C] -- C:\Program Files\DivX [2010/06/05 22:57:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DivX [2010/06/03 23:53:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lister\Desktop\infinitos [2010/06/02 15:50:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lister\Desktop\photos [2010/05/26 14:53:46 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird [2010/05/25 11:31:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lister\Desktop\Copy of final-project [2010/05/23 14:54:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lister\Desktop\final-project [2010/05/23 14:12:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lister\Desktop\final-project3 [2010/05/22 00:53:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lister\Desktop\photoshop class [2010/05/20 13:14:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lister\Desktop\modelportfolio [2010/05/20 11:51:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lister\Desktop\WJTL [2010/05/20 11:17:34 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Lister\IECompatCache [1 C:\Documents and Settings\Lister\*.tmp files -> C:\Documents and Settings\Lister\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010/06/17 00:28:31 | 000,390,236 | ---- | M] () -- C:\WINDOWS\System32\aaclientf.sys [2010/06/17 00:27:57 | 000,729,894 | -HS- | M] () -- C:\WINDOWS\System32\acctresyb.sys [2010/06/17 00:21:15 | 000,425,684 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010/06/17 00:21:15 | 000,068,202 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010/06/17 00:21:13 | 000,502,068 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010/06/17 00:20:24 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{3CEE98FE-820D-476B-80C3-A47DCB8D2626}.job [2010/06/17 00:18:28 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010/06/17 00:16:03 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010/06/17 00:16:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010/06/17 00:14:26 | 004,980,736 | ---- | M] () -- C:\Documents and Settings\Lister\ntuser.dat [2010/06/17 00:14:26 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Lister\ntuser.ini [2010/06/17 00:13:55 | 004,307,088 | -H-- | M] () -- C:\Documents and Settings\Lister\Local Settings\Application Data\IconCache.db [2010/06/17 00:12:00 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1535821286-3378883779-1973138654-1018UA.job [2010/06/16 13:42:02 | 000,000,372 | --S- | M] () -- C:\WINDOWS\System32\3618941941.dat [2010/06/16 13:38:24 | 000,000,235 | --S- | M] () -- C:\WINDOWS\System32\1891678095.dat [2010/06/16 00:57:43 | 000,013,719 | ---- | M] () -- C:\WINDOWS\look.bat [2010/06/16 00:55:49 | 001,138,992 | ---- | M] () -- C:\Documents and Settings\Lister\Desktop\maxlook.exe [2010/06/15 15:12:05 | 000,000,918 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1535821286-3378883779-1973138654-1018Core.job [2010/06/15 14:04:45 | 000,016,384 | ---- | M] () -- C:\Documents and Settings\Lister\Desktop\paradise.xls [2010/06/15 01:28:11 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2010/06/15 00:58:58 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2010/06/15 00:58:58 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2010/06/15 00:58:58 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2010/06/15 00:58:58 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl [2010/06/15 00:58:56 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll [2010/06/14 23:38:16 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts [2010/06/14 13:40:47 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lister\Desktop\OTL.exe [2010/06/11 21:19:48 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Lister\defogger_reenable [2010/06/11 21:01:52 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Lister\Desktop\qb6qvrow.exe [2010/06/11 21:01:06 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Lister\Desktop\dds.scr [2010/06/11 21:00:00 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Lister\Desktop\Defogger.exe [2010/06/10 22:07:39 | 001,997,136 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010/06/10 15:43:52 | 000,056,832 | ---- | M] () -- C:\Documents and Settings\Lister\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/06/09 23:18:57 | 000,038,787 | ---- | M] () -- C:\Documents and Settings\Lister\My Documents\cdrw5-28-10.ashprj [2010/06/09 18:15:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\Norton PC Checkup Weekday Scanner.job [2010/06/07 16:16:54 | 000,220,024 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\sigcheck.exe [2010/06/06 17:56:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\Norton PC Checkup Weekend Scanner.job [2010/06/05 23:06:22 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk [2010/06/05 23:03:49 | 000,001,472 | ---- | M] () -- C:\Documents and Settings\Lister\Desktop\DivX Movies.lnk [2010/06/05 23:03:31 | 000,000,777 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Player.lnk [2010/06/05 23:03:10 | 000,000,817 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Converter.lnk [2010/05/31 10:41:12 | 000,998,736 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\Lister\Desktop\TDSSKiller.exe [2010/05/26 22:00:00 | 000,035,328 | ---- | M] () -- C:\Documents and Settings\Lister\Desktop\consignments.xls [2010/05/26 14:53:53 | 000,001,668 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Thunderbird.lnk [2010/05/24 16:10:00 | 000,049,664 | ---- | M] () -- C:\Documents and Settings\Lister\My Documents\uc.doc [2010/05/23 22:11:58 | 000,007,118 | ---- | M] () -- C:\Documents and Settings\Lister\My Documents\bradmix5-20.ashprj [1 C:\Documents and Settings\Lister\*.tmp files -> C:\Documents and Settings\Lister\*.tmp -> ] ========== Files Created - No Company Name ========== [2010/06/16 13:42:00 | 000,727,414 | -HS- | C] () -- C:\WINDOWS\System32\acctresyb.sys [2010/06/16 13:42:00 | 000,061,834 | ---- | C] () -- C:\WINDOWS\System32\aaclientf.sys [2010/06/16 00:57:31 | 000,013,719 | ---- | C] () -- C:\WINDOWS\look.bat [2010/06/16 00:56:24 | 001,138,992 | ---- | C] () -- C:\Documents and Settings\Lister\Desktop\maxlook.exe [2010/06/15 15:07:41 | 000,000,970 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1535821286-3378883779-1973138654-1018UA.job [2010/06/15 15:07:40 | 000,000,918 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1535821286-3378883779-1973138654-1018Core.job [2010/06/15 00:02:56 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2010/06/14 13:19:33 | 000,000,372 | --S- | C] () -- C:\WINDOWS\System32\3618941941.dat [2010/06/11 21:19:48 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Lister\defogger_reenable [2010/06/11 21:19:40 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Lister\Desktop\dds.scr [2010/06/11 21:19:40 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Lister\Desktop\qb6qvrow.exe [2010/06/11 21:19:40 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Lister\Desktop\Defogger.exe [2010/06/10 22:10:54 | 004,980,736 | ---- | C] () -- C:\Documents and Settings\Lister\ntuser.dat [2010/06/10 21:46:42 | 000,000,235 | --S- | C] () -- C:\WINDOWS\System32\1891678095.dat [2010/06/10 21:46:25 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\dhxiuw.dat [2010/06/05 23:06:21 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk [2010/06/05 23:03:49 | 000,001,472 | ---- | C] () -- C:\Documents and Settings\Lister\Desktop\DivX Movies.lnk [2010/06/05 23:03:31 | 000,000,777 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Player.lnk [2010/06/05 23:03:10 | 000,000,817 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Converter.lnk [2010/06/01 15:18:09 | 000,016,384 | ---- | C] () -- C:\Documents and Settings\Lister\Desktop\paradise.xls [2010/05/28 14:06:54 | 000,038,787 | ---- | C] () -- C:\Documents and Settings\Lister\My Documents\cdrw5-28-10.ashprj [2010/05/26 14:57:53 | 000,035,328 | ---- | C] () -- C:\Documents and Settings\Lister\Desktop\consignments.xls [2010/05/26 14:53:53 | 000,001,668 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Thunderbird.lnk [2010/05/24 16:10:00 | 000,049,664 | ---- | C] () -- C:\Documents and Settings\Lister\My Documents\uc.doc [2010/05/21 16:39:44 | 000,007,118 | ---- | C] () -- C:\Documents and Settings\Lister\My Documents\bradmix5-20.ashprj [2010/05/20 11:17:19 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{3CEE98FE-820D-476B-80C3-A47DCB8D2626}.job [2009/12/02 14:49:58 | 000,000,021 | ---- | C] () -- C:\WINDOWS\.picasa.ini [2009/06/07 10:24:04 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2009/06/07 10:16:12 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2009/02/13 22:30:24 | 000,000,121 | ---- | C] () -- C:\WINDOWS\System32\IeeeU.sys [2009/02/08 17:45:38 | 000,000,071 | ---- | C] () -- C:\WINDOWS\System32\tencent.sys [2009/02/08 08:48:29 | 000,000,087 | ---- | C] () -- C:\WINDOWS\System32\liuliuwang.sys [2009/02/08 08:47:05 | 000,000,059 | ---- | C] () -- C:\WINDOWS\System32\dRfT.sys [2009/02/07 19:49:42 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\lopd.sys [2009/01/30 23:50:13 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\Ls09.sys [2009/01/28 14:50:44 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2009/01/27 17:01:21 | 000,000,065 | ---- | C] () -- C:\WINDOWS\System32\IU.sys [2009/01/23 20:44:44 | 000,000,005 | ---- | C] () -- C:\WINDOWS\System32\dboy1.sys [2009/01/23 20:44:42 | 000,000,076 | ---- | C] () -- C:\WINDOWS\System32\v6XXaks8.sys [2009/01/20 17:34:39 | 000,011,521 | ---- | C] () -- C:\WINDOWS\MSUMLT_Q.ini [2006/06/06 11:36:33 | 000,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini [2006/06/06 11:36:33 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini [2006/06/06 11:36:08 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini [2006/06/06 11:36:08 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini [2006/06/06 11:36:07 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini [2006/01/12 18:24:35 | 000,000,070 | ---- | C] () -- C:\WINDOWS\bi_group.ini [2006/01/12 18:15:57 | 000,257,536 | ---- | C] () -- C:\WINDOWS\System32\BiImg.dll [2005/05/08 14:32:06 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2005/05/08 14:28:55 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2005/05/08 14:27:42 | 000,001,058 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2005/05/08 14:21:12 | 000,057,600 | ---- | C] () -- C:\WINDOWS\System32\drivers\redbook.sys [2003/02/03 16:26:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll [2003/01/07 18:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI ========== Custom Scans ========== < MD5 for: REDBOOK.SYS > [2004/08/04 09:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:redbook.sys [2004/08/04 04:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:redbook.sys [2008/07/12 11:15:43 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:redbook.sys [2008/07/12 11:15:43 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:redbook.sys [2004/08/04 01:59:38 | 000,057,472 | ---- | M] (Microsoft Corporation) MD5=B31B4588E4086D8D84ADBF9845C2402B -- C:\WINDOWS\$NtServicePackUninstall$\redbook.sys [2008/04/13 14:40:28 | 000,057,600 | ---- | M] () MD5=EC0F6B19BB73F55CC3F0C455F54F0C5D -- C:\WINDOWS\system32\drivers\redbook.sys [2008/04/13 14:40:27 | 000,057,600 | ---- | M] (Microsoft Corporation) MD5=F828DD7E1419B6653894A8F97A0094C5 -- C:\WINDOWS\ServicePackFiles\i386\redbook.sys [2008/04/13 14:40:28 | 000,057,600 | ---- | M] (Microsoft Corporation) MD5=F828DD7E1419B6653894A8F97A0094C5 -- C:\WINDOWS\system32\dllcache\redbook.sys [2008/04/13 14:40:27 | 000,057,600 | ---- | M] () MD5=FD6603E11F3AAB8DF4D279D3AC95BF06 -- C:\WINDOWS\maxdriver\redbook.sys < End of report > -
PC Infected with Malware Please help
Bdr187 replied to Bdr187's topic in Resolved Malware Removal Logs
Below is my OTL log, also Avira has been detecting a 'TR/Patched.Gen" was found in file "C\WINDOWS\maxdriver\redbook.sys, should I remove that file next time alert pops up? OTL logfile created on: 6/16/2010 1:38:44 PM - Run 2 OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\Lister\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 87.00% Memory free 4.00 Gb Paging File | 4.00 Gb Available in Paging File | 91.00% Paging File free Paging file location(s): C:\pagefile.sys 756 1512 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 37.26 Gb Total Space | 16.77 Gb Free Space | 45.02% Space Free | Partition Type: NTFS Drive D: | 562.06 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Drive E: | 145.87 Gb Total Space | 115.62 Gb Free Space | 79.26% Space Free | Partition Type: NTFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: LISTINGPA0113 Current User Name: Lister Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2010/06/14 13:40:47 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lister\Desktop\OTL.exe PRC - [2010/06/02 20:50:58 | 001,144,104 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe PRC - [2010/04/26 21:45:27 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2010/04/21 21:52:42 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2010/03/02 10:28:31 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2010/02/24 09:28:09 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2010/01/14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2008/04/13 20:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [1998/11/27 23:43:52 | 004,964,624 | ---- | M] (Microsoft Corporation) -- C:\MSSQL7\Binn\sqlservr.exe PRC - [1998/11/13 02:06:48 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\MSSQL7\Binn\sqlmangr.exe ========== Modules (SafeList) ========== MOD - [2010/06/14 13:40:47 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lister\Desktop\OTL.exe MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- -- (PVDMAutoSvc) SRV - [2010/04/25 13:31:55 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2010/04/21 21:52:42 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010/02/24 09:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2008/04/13 20:12:36 | 000,092,160 | --S- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\acctresy.exe -- (MSSQLServerupnphost) SRV - [2008/04/13 20:12:36 | 000,079,872 | --S- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\acleditx.exe -- (oseW3SVC) SRV - [2008/04/13 20:12:36 | 000,079,360 | --S- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\admwproxo.exe -- (SENSAntiVirSchedulerService) SRV - [2008/04/13 20:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC) SRV - [2008/04/13 20:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP) SRV - [2008/04/13 20:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN) SRV - [1998/11/27 23:43:52 | 004,964,624 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\MSSQL7\Binn\sqlservr.exe -- (MSSQLServer) SRV - [1998/11/13 02:09:58 | 000,339,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\MSSQL7\Binn\sqlagent.exe -- (SQLServerAgent) ========== Driver Services (All) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | Disabled | Stopped] -- -- (ultra) DRV - File not found [Kernel | Disabled | Stopped] -- -- (TosIde) DRV - File not found [Kernel | Disabled | Stopped] -- -- (Sparrow) DRV - File not found [Kernel | Disabled | Stopped] -- -- (Simbad) DRV - File not found [Kernel | Disabled | Stopped] -- -- (ql1280) DRV - File not found [Kernel | Disabled | Stopped] -- -- (ql1240) DRV - File not found [Kernel | Disabled | Stopped] -- -- (ql12160) DRV - File not found [Kernel | Disabled | Stopped] -- -- (Ql10wnt) DRV - File not found [Kernel | Disabled | Stopped] -- -- (ql1080) DRV - File not found [Kernel | Disabled | Stopped] -- -- (perc2hib) DRV - File not found [Kernel | Disabled | Stopped] -- -- (perc2) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | Disabled | Stopped] -- -- (mraid35x) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | Disabled | Stopped] -- -- (ini910u) DRV - File not found [Kernel | Disabled | Stopped] -- -- (i2omp) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | Disabled | Stopped] -- -- (hpn) DRV - File not found [Kernel | Disabled | Stopped] -- -- (dac960nt) DRV - File not found [Kernel | Disabled | Stopped] -- -- (Cpqarray) DRV - File not found [Kernel | Disabled | Stopped] -- -- (CmdIde) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - File not found [Kernel | Disabled | Stopped] -- -- (cd20xrnt) DRV - File not found [Kernel | Disabled | Stopped] -- -- (Atdisk) DRV - File not found [Kernel | Disabled | Stopped] -- -- (asc3550) DRV - File not found [Kernel | Disabled | Stopped] -- -- (asc3350p) DRV - File not found [Kernel | Disabled | Stopped] -- -- (asc) DRV - File not found [Kernel | Disabled | Stopped] -- -- (amsint) DRV - File not found [Kernel | Disabled | Stopped] -- -- (AliIde) DRV - File not found [Kernel | Disabled | Stopped] -- -- (Aha154x) DRV - File not found [Kernel | Disabled | Stopped] -- -- (abp480n5) DRV - File not found [Kernel | Disabled | Stopped] -- -- (Abiosdsk) DRV - [2010/06/14 13:32:37 | 000,361,600 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip.sys -- (Tcpip) DRV - [2010/04/27 14:40:40 | 000,045,648 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20) DRV - [2010/03/01 09:05:24 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2010/02/24 09:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\mrxsmb.sys -- (MRxSmb) DRV - [2010/02/16 13:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009/12/31 12:50:03 | 000,353,792 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\srv.sys -- (Srv) DRV - [2009/10/20 12:20:16 | 000,265,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\http.sys -- (HTTP) DRV - [2009/06/24 07:18:41 | 000,092,928 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ksecdd.sys -- (KSecDD) DRV - [2009/05/11 11:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2009/05/11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2008/08/14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\adfs.sys -- (adfs) DRV - [2008/08/14 06:04:36 | 000,138,496 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\afd.sys -- (AFD) DRV - [2008/04/13 20:13:22 | 000,139,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rdpwd.sys -- (RDPWD) DRV - [2008/04/13 20:13:21 | 000,021,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tdtcp.sys -- (TDTCP) DRV - [2008/04/13 20:13:20 | 000,040,840 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\termdd.sys -- (TermDD) DRV - [2008/04/13 20:13:20 | 000,012,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tdpipe.sys -- (TDPIPE) DRV - [2008/04/13 15:39:48 | 000,014,592 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid) DRV - [2008/04/13 15:28:39 | 000,175,744 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\rdbss.sys -- (Rdbss) DRV - [2008/04/13 15:21:00 | 000,162,816 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\netbt.sys -- (NetBT) DRV - [2008/04/13 15:20:42 | 000,091,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ndiswan.sys -- (NdisWan) DRV - [2008/04/13 15:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ndis.sys -- (NDIS) DRV - [2008/04/13 15:19:48 | 000,048,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\raspptp.sys -- (PptpMiniport) WAN Miniport (PPTP) DRV - [2008/04/13 15:19:43 | 000,051,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rasl2tp.sys -- (Rasl2tp) WAN Miniport (L2TP) DRV - [2008/04/13 15:19:42 | 000,075,264 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ipsec.sys -- (IPSec) DRV - [2008/04/13 15:18:00 | 000,052,480 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\i8042prt.sys -- (i8042prt) DRV - [2008/04/13 15:17:18 | 000,083,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wdmaud.sys -- (wdmaud) DRV - [2008/04/13 15:17:05 | 000,105,344 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\mup.sys -- (Mup) DRV - [2008/04/13 15:15:55 | 000,060,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sysaudio.sys -- (sysaudio) DRV - [2008/04/13 15:15:53 | 000,574,976 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\ntfs.sys -- (Ntfs) DRV - [2008/04/13 15:15:45 | 000,064,512 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\serial.sys -- (Serial) DRV - [2008/04/13 15:14:29 | 000,143,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\fastfat.sys -- (Fastfat) DRV - [2008/04/13 15:14:21 | 000,063,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\cdfs.sys -- (Cdfs) DRV - [2008/04/13 15:00:19 | 000,030,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\modem.sys -- (Modem) DRV - [2008/04/13 14:57:32 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\raspppoe.sys -- (RasPppoe) DRV - [2008/04/13 14:57:29 | 000,040,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ndproxy.sys -- (NDProxy) DRV - [2008/04/13 14:57:27 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\asyncmac.sys -- (AsyncMac) DRV - [2008/04/13 14:57:27 | 000,010,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ndistapi.sys -- (NdisTapi) DRV - [2008/04/13 14:57:21 | 000,034,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanarp.sys -- (Wanarp) DRV - [2008/04/13 14:57:15 | 000,152,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ipnat.sys -- (IpNat) DRV - [2008/04/13 14:57:07 | 000,020,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ipinip.sys -- (IpInIp) DRV - [2008/04/13 14:56:32 | 000,035,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msgpc.sys -- (Gpc) DRV - [2008/04/13 14:56:02 | 000,034,688 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\netbios.sys -- (NetBIOS) DRV - [2008/04/13 14:55:58 | 000,014,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ndisuio.sys -- (Ndisuio) DRV - [2008/04/13 14:54:28 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irenum.sys -- (IRENUM) DRV - [2008/04/13 14:53:34 | 000,036,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ip6fw.sys -- (Ip6Fw) DRV - [2008/04/13 14:51:25 | 000,059,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atmarpc.sys -- (Atmarpc) DRV - [2008/04/13 14:45:40 | 000,032,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbccgp.sys -- (usbccgp) DRV - [2008/04/13 14:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbstor.sys -- (USBSTOR) DRV - [2008/04/13 14:45:37 | 000,059,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbhub.sys -- (usbhub) DRV - [2008/04/13 14:45:35 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbehci.sys -- (usbehci) DRV - [2008/04/13 14:45:35 | 000,020,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbuhci.sys -- (usbuhci) DRV - [2008/04/13 14:45:27 | 000,010,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hidusb.sys -- (HidUsb) DRV - [2008/04/13 14:45:13 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\drmkaud.sys -- (drmkaud) DRV - [2008/04/13 14:45:09 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\kmixer.sys -- (kmixer) DRV - [2008/04/13 14:45:09 | 000,056,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swmidi.sys -- (swmidi) DRV - [2008/04/13 14:45:07 | 000,006,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\splitter.sys -- (splitter) DRV - [2008/04/13 14:45:01 | 000,052,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dmusic.sys -- (DMusic) DRV - [2008/04/13 14:44:48 | 000,799,744 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dmboot.sys -- (dmboot) DRV - [2008/04/13 14:44:46 | 000,153,344 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\dmio.sys -- (dmio) DRV - [2008/04/13 14:44:40 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\vga.sys -- (VgaSave) DRV - [2008/04/13 14:41:01 | 000,052,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\volsnap.sys -- (VolSnap) DRV - [2008/04/13 14:40:58 | 000,042,112 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\imapi.sys -- (Imapi) DRV - [2008/04/13 14:40:49 | 000,019,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\partmgr.sys -- (PartMgr) DRV - [2008/04/13 14:40:48 | 000,011,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\sfloppy.sys -- (Sfloppy) DRV - [2008/04/13 14:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\disk.sys -- (Disk) DRV - [2008/04/13 14:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdrom.sys -- (Cdrom) DRV - [2008/04/13 14:40:31 | 000,005,376 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\viaide.sys -- (ViaIde) DRV - [2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\atapi.sys -- (atapi) DRV - [2008/04/13 14:40:29 | 000,005,504 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\intelide.sys -- (IntelIde) DRV - [2008/04/13 14:40:27 | 000,057,600 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\redbook.sys -- (redbook) DRV - [2008/04/13 14:40:25 | 000,027,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\fdc.sys -- (Fdc) DRV - [2008/04/13 14:40:25 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\flpydisk.sys -- (Flpydisk) DRV - [2008/04/13 14:40:12 | 000,015,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\serenum.sys -- (serenum) DRV - [2008/04/13 14:40:10 | 000,080,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\parport.sys -- (Parport) DRV - [2008/04/13 14:39:53 | 000,004,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\swenum.sys -- (swenum) DRV - [2008/04/13 14:39:52 | 000,007,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mskssrv.sys -- (MSKSSRV) DRV - [2008/04/13 14:39:51 | 000,004,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mspqm.sys -- (MSPQM) DRV - [2008/04/13 14:39:50 | 000,005,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mspclock.sys -- (MSPCLOCK) DRV - [2008/04/13 14:39:47 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kbdclass.sys -- (Kbdclass) DRV - [2008/04/13 14:39:47 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mouclass.sys -- (Mouclass) DRV - [2008/04/13 14:39:46 | 000,384,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\update.sys -- (Update) DRV - [2008/04/13 14:39:46 | 000,042,368 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mountmgr.sys -- (MountMgr) DRV - [2008/04/13 14:36:52 | 000,073,472 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sr.sys -- (sr) DRV - [2008/04/13 14:36:46 | 000,015,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mssmbios.sys -- (mssmbios) DRV - [2008/04/13 14:36:44 | 000,068,224 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\pci.sys -- (PCI) DRV - [2008/04/13 14:36:43 | 000,120,192 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\pcmcia.sys -- (Pcmcia) DRV - [2008/04/13 14:36:41 | 000,037,248 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\isapnp.sys -- (isapnp) DRV - [2008/04/13 14:36:38 | 000,020,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hidbatt.sys -- (HidBatt) DRV - [2008/04/13 14:36:37 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\compbatt.sys -- (Compbatt) DRV - [2008/04/13 14:36:35 | 000,187,776 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ACPI.sys -- (ACPI) DRV - [2008/04/13 14:33:28 | 000,044,544 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fips.sys -- (Fips) DRV - [2008/04/13 14:32:59 | 000,129,792 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\fltmgr.sys -- (FltMgr) DRV - [2008/04/13 14:32:51 | 000,196,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rdpdr.sys -- (rdpdr) DRV - [2008/04/13 14:32:44 | 000,180,608 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mrxdav.sys -- (MRxDAV) DRV - [2008/04/13 14:32:39 | 000,030,848 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\npfs.sys -- (Npfs) DRV - [2008/04/13 14:32:39 | 000,019,072 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\msfs.sys -- (Msfs) DRV - [2008/04/13 14:32:36 | 000,066,048 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\udfs.sys -- (Udfs) DRV - [2008/04/13 14:31:32 | 000,036,352 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\intelppm.sys -- (intelppm) DRV - [2008/04/13 14:31:31 | 000,042,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\p3.sys -- (P3) DRV - [2008/04/13 12:39:23 | 000,142,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\aec.sys -- (aec) DRV - [2007/11/13 06:25:53 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv) DRV - [2007/10/02 04:06:40 | 000,451,968 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73) DRV - [2006/09/28 19:00:34 | 000,082,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WudfRd.sys -- (WudfRd) DRV - [2006/09/28 18:55:50 | 000,077,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WudfPf.sys -- (WudfPf) DRV - [2005/03/04 12:02:20 | 001,066,278 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2004/12/22 01:32:12 | 000,369,024 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX) DRV - [2004/08/04 04:00:00 | 000,125,056 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ftdisk.sys -- (Ftdisk) DRV - [2004/08/04 04:00:00 | 000,032,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ipfltdrv.sys -- (IpFilterDriver) DRV - [2004/08/04 04:00:00 | 000,032,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwlnkfwd.sys -- (NwlnkFwd) DRV - [2004/08/04 04:00:00 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\cdaudio.sys -- (Cdaudio) DRV - [2004/08/04 04:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink) DRV - [2004/08/04 04:00:00 | 000,016,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\raspti.sys -- (Raspti) DRV - [2004/08/04 04:00:00 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\cbidf2k.sys -- (cbidf2k) DRV - [2004/08/04 04:00:00 | 000,012,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwlnkflt.sys -- (NwlnkFlt) DRV - [2004/08/04 04:00:00 | 000,011,648 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\acpiec.sys -- (ACPIEC) DRV - [2004/08/04 04:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\rasacd.sys -- (RasAcd) DRV - [2004/08/04 04:00:00 | 000,006,784 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\parvdm.sys -- (ParVdm) DRV - [2004/08/04 04:00:00 | 000,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\dmload.sys -- (dmload) DRV - [2004/08/04 04:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\rdpcdd.sys -- (RDPCDD) DRV - [2004/08/04 04:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mnmdd.sys -- (mnmdd) DRV - [2004/08/04 04:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\beep.sys -- (Beep) DRV - [2004/08/04 04:00:00 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\null.sys -- (Null) DRV - [2004/08/03 13:29:50 | 000,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wVchNTxx.sys -- (iAimFP4) DRV - [2004/08/03 13:29:48 | 000,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wSiINTxx.sys -- (iAimFP3) DRV - [2004/08/03 13:29:46 | 000,025,471 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV10nt.sys -- (iAimTV5) DRV - [2004/08/03 13:29:46 | 000,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys -- (iAimTV4) DRV - [2004/08/03 13:29:46 | 000,022,271 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV06nt.sys -- (iAimTV6) DRV - [2004/08/03 13:29:44 | 000,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV04nt.sys -- (iAimTV3) DRV - [2004/08/03 13:29:44 | 000,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV02NT.sys -- (iAimTV1) DRV - [2004/08/03 13:29:42 | 000,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV01nt.sys -- (iAimTV0) DRV - [2004/08/03 13:29:42 | 000,011,871 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV09NT.sys -- (iAimFP7) DRV - [2004/08/03 13:29:40 | 000,011,807 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV07nt.sys -- (iAimFP5) DRV - [2004/08/03 13:29:40 | 000,011,295 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV08NT.sys -- (iAimFP6) DRV - [2004/08/03 13:29:38 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\i81xnt5.sys -- (i81x) DRV - [2004/08/03 13:29:38 | 000,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV01nt.sys -- (iAimFP0) DRV - [2004/08/03 13:29:38 | 000,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV02NT.sys -- (iAimFP1) DRV - [2004/08/03 13:29:38 | 000,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV05NT.sys -- (iAimFP2) DRV - [2003/09/17 21:44:00 | 000,145,408 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B) Intel® DRV - [2003/08/29 18:09:00 | 000,578,304 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm) DRV - [2003/08/03 19:16:08 | 000,120,094 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ialmsbw.sys -- ({6080A529-897E-4629-A488-ABA0C29B635E}) Intel® Graphics Platform (SoftBIOS) DRV - [2003/08/03 19:16:00 | 000,096,858 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ialmkchw.sys -- ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91}) Intel® Graphics Chipset (KCH) DRV - [2003/08/03 19:15:04 | 000,091,419 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm) DRV - [2002/05/08 14:44:42 | 000,105,472 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\adpu320.sys -- (adpu320) DRV - [2002/04/04 02:32:06 | 000,028,416 | R--- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symmpi.sys -- (Symmpi) DRV - [2002/04/01 10:15:00 | 000,004,816 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (aeaudio) DRV - [2001/08/17 16:51:52 | 000,003,328 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\pciide.sys -- (PCIIde) DRV - [2001/08/17 13:48:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mouhid.sys -- (mouhid) DRV - [2001/08/17 12:07:44 | 000,020,192 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dpti2o.sys -- (dpti2o) DRV - [2001/08/17 12:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3) DRV - [2001/08/17 12:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi) DRV - [2001/08/17 12:07:38 | 000,056,960 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aic78xx.sys -- (aic78xx) DRV - [2001/08/17 12:07:36 | 000,055,168 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aic78u2.sys -- (aic78u2) DRV - [2001/08/17 12:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx) DRV - [2001/08/17 12:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810) DRV - [2001/08/17 12:07:32 | 000,101,888 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\adpu160m.sys -- (adpu160m) DRV - [2001/08/17 04:59:44 | 000,003,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\audstub.sys -- (audstub) DRV - [2001/08/17 03:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Intel® 82801 Audio Driver Install Service (WDM) ========== Standard Registry (All) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/" FF - prefs.js..extensions.enabledItems: anycolor.pavlos256@gmail.com:0.3.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.8 FF - prefs.js..extensions.enabledItems: {e2c58150-9d72-11dd-ad8b-0800200c9a66}:1.2.2 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.9 FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010/06/15 00:59:09 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/15 00:23:55 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/29 21:47:17 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/05/26 14:53:50 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010/06/05 23:03:45 | 000,000,000 | ---D | M] [2010/05/26 14:54:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lister\Application Data\Mozilla\Extensions [2010/05/26 14:54:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Lister\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2008/10/16 09:36:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Lister\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2010/06/16 00:52:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lister\Application Data\Mozilla\Firefox\Profiles\76k5crmz.default\extensions [2010/05/20 16:48:06 | 000,000,000 | ---D | M] (Web Developer) -- C:\Documents and Settings\Lister\Application Data\Mozilla\Firefox\Profiles\76k5crmz.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12} [2009/06/29 16:02:07 | 000,000,000 | ---D | M] (Black Steel) -- C:\Documents and Settings\Lister\Application Data\Mozilla\Firefox\Profiles\76k5crmz.default\extensions\{e2c58150-9d72-11dd-ad8b-0800200c9a66} [2009/06/29 16:11:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lister\Application Data\Mozilla\Firefox\Profiles\76k5crmz.default\extensions\anycolor.pavlos256@gmail.com [2010/06/16 00:28:58 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010/04/26 21:45:41 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2010/06/15 01:01:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010/04/26 21:45:24 | 000,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll [2010/04/26 21:45:24 | 000,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll [2010/06/15 00:59:03 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2010/04/26 21:45:34 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll [2010/04/26 21:45:35 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml [2010/04/26 21:45:35 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml [2010/04/26 21:45:35 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml [2010/04/26 21:45:35 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml [2010/04/26 21:45:35 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml [2010/04/26 21:45:35 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml [2010/04/26 21:45:35 | 000,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml O1 HOSTS File: ([2010/06/14 23:38:16 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation) O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AGRSMMSG] C:\WINDOWS\AGRSMMSG.exe (Agere Systems) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [setRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [srmclean] C:\cpqs\scom\srmclean.exe () O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation) O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk = C:\MSSQL7\Binn\sqlmangr.exe (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\Lister\Start Menu\Programs\Startup\ntuser_mssec.exe () O4 - Startup: C:\Documents and Settings\Lister\Start Menu\Programs\Startup\sisytj32.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O15 - HKCU\..Trusted Domains: infopia.com ([app] https in Trusted sites) O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Jojo's%20Fashion%20Show/Images/stg_drm.ocx (SpinTop DRM Control) O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} http://auctioninn.expressdynamics.com/glob...rts/ScriptX.cab (MeadCo ScriptX) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Mahjong%20World/Images/armhelper.ocx (ArmHelper Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\sdra64.exe) - C:\WINDOWS\system32\sdra64.exe () O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation) O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation) O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation) O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation) O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - File not found O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation) O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation) O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation) O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O24 - Desktop Components:0 (My Current Home Page) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\Lister\My Documents\Downloads\wallpaper-phils500px2.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Lister\My Documents\Downloads\wallpaper-phils500px2.bmp O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation) O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation) O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2003/07/16 11:38:10 | 000,000,110 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ] O33 - MountPoints2\{a6132d6c-f271-11db-8e54-000ffe1ad6f5}\Shell\AutoRun\command - "" = E:\GETMYPIX.EXE -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010/06/16 01:09:37 | 000,220,024 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\sigcheck.exe [2010/06/16 00:57:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\maxdriver [2010/06/15 01:00:55 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl [2010/06/15 01:00:52 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2010/06/15 01:00:52 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2010/06/15 01:00:52 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2010/06/15 00:58:14 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2010/06/14 23:32:53 | 000,000,000 | ---D | C] -- C:\_OTL [2010/06/14 13:41:28 | 000,572,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Lister\Desktop\OTL.exe [2010/06/14 13:30:48 | 000,000,000 | -HSD | C] -- C:\WINDOWS\System32\lowsec [2010/06/14 13:24:36 | 000,998,736 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\Lister\Desktop\TDSSKiller.exe [2010/06/14 07:18:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia [2010/06/14 07:18:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe [2010/06/11 15:08:23 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC [2010/06/11 06:38:28 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Lister\Recent [2010/06/11 06:08:36 | 000,000,000 | ---D | C] -- C:\ComboFix [2010/06/11 06:06:01 | 000,000,000 | ---D | C] -- C:\Qoobox [2010/06/11 04:44:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData [2010/06/10 21:50:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lister\Local Settings\Application Data\Windows Server [2010/06/10 18:20:24 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll [2010/06/05 23:11:21 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF [2010/06/05 23:07:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lister\Application Data\vlc [2010/06/05 23:05:54 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN [2010/06/05 23:03:49 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Lister\My Documents\My Videos [2010/06/05 23:03:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lister\Application Data\DivX [2010/06/05 23:03:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lister\My Documents\DivX Movies [2010/06/05 23:03:16 | 002,120,176 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxsfs.dll [2010/06/05 23:03:16 | 000,133,616 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxafs.dll [2010/06/05 23:03:16 | 000,126,448 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxinsi64.exe [2010/06/05 23:03:16 | 000,123,888 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxcpyi64.exe [2010/06/05 23:03:16 | 000,068,592 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxinsa64.exe [2010/06/05 23:03:16 | 000,068,080 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxcpya64.exe [2010/06/05 23:02:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared [2010/06/05 22:58:25 | 000,000,000 | ---D | C] -- C:\Program Files\DivX [2010/06/05 22:57:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DivX [2010/06/03 23:53:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lister\Desktop\infinitos [2010/06/02 15:50:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lister\Desktop\photos [2010/05/26 14:53:46 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird [2010/05/25 11:31:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lister\Desktop\Copy of final-project [2010/05/23 14:54:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lister\Desktop\final-project [2010/05/23 14:12:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lister\Desktop\final-project3 [2010/05/22 00:53:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lister\Desktop\photoshop class [2010/05/20 13:14:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lister\Desktop\modelportfolio [2010/05/20 11:51:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lister\Desktop\WJTL [2010/05/20 11:17:34 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Lister\IECompatCache [2010/05/17 23:12:53 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Lister\PrivacIE [2010/05/17 21:10:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lister\Application Data\AVI ReComp [2010/05/17 21:09:56 | 000,000,000 | ---D | C] -- C:\Program Files\Gabest [2010/05/17 21:09:32 | 000,000,000 | ---D | C] -- C:\Program Files\AviSynth 2.5 [2010/05/17 21:09:23 | 000,000,000 | ---D | C] -- C:\Program Files\AVI ReComp [2010/05/17 20:56:39 | 000,000,000 | ---D | C] -- C:\Program Files\Solveig Multimedia [2010/05/17 20:56:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Solveig Multimedia [2010/05/17 20:52:01 | 000,000,000 | ---D | C] -- C:\Program Files\FREE Hi-Q Recorder [2010/05/17 20:46:54 | 000,000,000 | ---D | C] -- C:\Program Files\Quick AVI Splitter [1 C:\Documents and Settings\Lister\*.tmp files -> C:\Documents and Settings\Lister\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010/06/16 14:19:27 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{3CEE98FE-820D-476B-80C3-A47DCB8D2626}.job [2010/06/16 14:12:00 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1535821286-3378883779-1973138654-1018UA.job [2010/06/16 14:11:53 | 000,455,702 | ---- | M] () -- C:\WINDOWS\System32\aaclientf.sys [2010/06/16 14:06:14 | 000,354,318 | -HS- | M] () -- C:\WINDOWS\System32\acctresyb.sys [2010/06/16 13:42:02 | 000,000,372 | --S- | M] () -- C:\WINDOWS\System32\3618941941.dat [2010/06/16 13:38:24 | 000,000,235 | --S- | M] () -- C:\WINDOWS\System32\1891678095.dat [2010/06/16 01:09:10 | 000,425,684 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010/06/16 01:09:10 | 000,068,202 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010/06/16 01:09:08 | 000,502,068 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010/06/16 01:05:11 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010/06/16 01:04:17 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010/06/16 01:04:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010/06/16 00:57:43 | 000,013,719 | ---- | M] () -- C:\WINDOWS\look.bat [2010/06/16 00:55:49 | 001,138,992 | ---- | M] () -- C:\Documents and Settings\Lister\Desktop\maxlook.exe [2010/06/16 00:33:18 | 004,306,160 | -H-- | M] () -- C:\Documents and Settings\Lister\Local Settings\Application Data\IconCache.db [2010/06/15 15:12:05 | 000,000,918 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1535821286-3378883779-1973138654-1018Core.job [2010/06/15 14:24:48 | 004,980,736 | ---- | M] () -- C:\Documents and Settings\Lister\ntuser.dat [2010/06/15 14:24:48 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Lister\ntuser.ini [2010/06/15 14:04:45 | 000,016,384 | ---- | M] () -- C:\Documents and Settings\Lister\Desktop\paradise.xls [2010/06/15 01:28:11 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2010/06/15 00:58:58 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2010/06/15 00:58:58 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2010/06/15 00:58:58 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2010/06/15 00:58:58 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl [2010/06/15 00:58:56 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll [2010/06/14 23:38:16 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts [2010/06/14 13:40:47 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lister\Desktop\OTL.exe [2010/06/11 21:19:48 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Lister\defogger_reenable [2010/06/11 21:01:52 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Lister\Desktop\qb6qvrow.exe [2010/06/11 21:01:06 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Lister\Desktop\dds.scr [2010/06/11 21:00:00 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Lister\Desktop\Defogger.exe [2010/06/10 22:07:39 | 001,997,136 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010/06/10 15:43:52 | 000,056,832 | ---- | M] () -- C:\Documents and Settings\Lister\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/06/09 23:18:57 | 000,038,787 | ---- | M] () -- C:\Documents and Settings\Lister\My Documents\cdrw5-28-10.ashprj [2010/06/09 18:15:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\Norton PC Checkup Weekday Scanner.job [2010/06/07 16:16:54 | 000,220,024 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\sigcheck.exe [2010/06/06 17:56:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\Norton PC Checkup Weekend Scanner.job [2010/06/05 23:06:22 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk [2010/06/05 23:03:49 | 000,001,472 | ---- | M] () -- C:\Documents and Settings\Lister\Desktop\DivX Movies.lnk [2010/06/05 23:03:31 | 000,000,777 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Player.lnk [2010/06/05 23:03:10 | 000,000,817 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Converter.lnk [2010/05/31 10:41:12 | 000,998,736 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\Lister\Desktop\TDSSKiller.exe [2010/05/26 22:00:00 | 000,035,328 | ---- | M] () -- C:\Documents and Settings\Lister\Desktop\consignments.xls [2010/05/26 14:53:53 | 000,001,668 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Thunderbird.lnk [2010/05/24 16:10:00 | 000,049,664 | ---- | M] () -- C:\Documents and Settings\Lister\My Documents\uc.doc [2010/05/23 22:11:58 | 000,007,118 | ---- | M] () -- C:\Documents and Settings\Lister\My Documents\bradmix5-20.ashprj [2010/05/17 21:09:25 | 000,001,667 | ---- | M] () -- C:\Documents and Settings\Lister\Desktop\AVI ReComp.lnk [2010/05/17 20:56:41 | 000,000,866 | ---- | M] () -- C:\Documents and Settings\Lister\Desktop\SolveigMM AVI Trimmer.lnk [2010/05/17 20:52:02 | 000,000,673 | ---- | M] () -- C:\Documents and Settings\Lister\Desktop\FREE Hi-Q Recorder.lnk [2010/05/17 20:46:55 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\Lister\Desktop\Quick AVI Splitter.lnk [1 C:\Documents and Settings\Lister\*.tmp files -> C:\Documents and Settings\Lister\*.tmp -> ] ========== Files Created - No Company Name ========== [2010/06/16 13:42:00 | 000,309,378 | -HS- | C] () -- C:\WINDOWS\System32\acctresyb.sys [2010/06/16 13:42:00 | 000,066,392 | ---- | C] () -- C:\WINDOWS\System32\aaclientf.sys [2010/06/16 00:57:31 | 000,013,719 | ---- | C] () -- C:\WINDOWS\look.bat [2010/06/16 00:56:24 | 001,138,992 | ---- | C] () -- C:\Documents and Settings\Lister\Desktop\maxlook.exe [2010/06/15 15:07:41 | 000,000,970 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1535821286-3378883779-1973138654-1018UA.job [2010/06/15 15:07:40 | 000,000,918 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1535821286-3378883779-1973138654-1018Core.job [2010/06/15 00:02:56 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2010/06/14 13:19:33 | 000,000,372 | --S- | C] () -- C:\WINDOWS\System32\3618941941.dat [2010/06/11 21:19:48 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Lister\defogger_reenable [2010/06/11 21:19:40 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Lister\Desktop\dds.scr [2010/06/11 21:19:40 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Lister\Desktop\qb6qvrow.exe [2010/06/11 21:19:40 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Lister\Desktop\Defogger.exe [2010/06/10 22:10:54 | 004,980,736 | ---- | C] () -- C:\Documents and Settings\Lister\ntuser.dat [2010/06/10 21:46:42 | 000,000,235 | --S- | C] () -- C:\WINDOWS\System32\1891678095.dat [2010/06/10 21:46:25 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\dhxiuw.dat [2010/06/05 23:06:21 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk [2010/06/05 23:03:49 | 000,001,472 | ---- | C] () -- C:\Documents and Settings\Lister\Desktop\DivX Movies.lnk [2010/06/05 23:03:31 | 000,000,777 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Player.lnk [2010/06/05 23:03:10 | 000,000,817 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Converter.lnk [2010/06/01 15:18:09 | 000,016,384 | ---- | C] () -- C:\Documents and Settings\Lister\Desktop\paradise.xls [2010/05/28 14:06:54 | 000,038,787 | ---- | C] () -- C:\Documents and Settings\Lister\My Documents\cdrw5-28-10.ashprj [2010/05/26 14:57:53 | 000,035,328 | ---- | C] () -- C:\Documents and Settings\Lister\Desktop\consignments.xls [2010/05/26 14:53:53 | 000,001,668 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Thunderbird.lnk [2010/05/24 16:10:00 | 000,049,664 | ---- | C] () -- C:\Documents and Settings\Lister\My Documents\uc.doc [2010/05/21 16:39:44 | 000,007,118 | ---- | C] () -- C:\Documents and Settings\Lister\My Documents\bradmix5-20.ashprj [2010/05/20 11:17:19 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{3CEE98FE-820D-476B-80C3-A47DCB8D2626}.job [2010/05/17 21:09:25 | 000,001,667 | ---- | C] () -- C:\Documents and Settings\Lister\Desktop\AVI ReComp.lnk [2010/05/17 20:56:41 | 000,000,866 | ---- | C] () -- C:\Documents and Settings\Lister\Desktop\SolveigMM AVI Trimmer.lnk [2010/05/17 20:52:02 | 000,000,673 | ---- | C] () -- C:\Documents and Settings\Lister\Desktop\FREE Hi-Q Recorder.lnk [2010/05/17 20:46:55 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Lister\Desktop\Quick AVI Splitter.lnk [2009/12/02 14:49:58 | 000,000,021 | ---- | C] () -- C:\WINDOWS\.picasa.ini [2009/06/07 10:24:04 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2009/06/07 10:16:12 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2009/02/13 22:30:24 | 000,000,121 | ---- | C] () -- C:\WINDOWS\System32\IeeeU.sys [2009/02/08 17:45:38 | 000,000,071 | ---- | C] () -- C:\WINDOWS\System32\tencent.sys [2009/02/08 08:48:29 | 000,000,087 | ---- | C] () -- C:\WINDOWS\System32\liuliuwang.sys [2009/02/08 08:47:05 | 000,000,059 | ---- | C] () -- C:\WINDOWS\System32\dRfT.sys [2009/02/07 19:49:42 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\lopd.sys [2009/01/30 23:50:13 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\Ls09.sys [2009/01/28 14:50:44 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2009/01/27 17:01:21 | 000,000,065 | ---- | C] () -- C:\WINDOWS\System32\IU.sys [2009/01/23 20:44:44 | 000,000,005 | ---- | C] () -- C:\WINDOWS\System32\dboy1.sys [2009/01/23 20:44:42 | 000,000,076 | ---- | C] () -- C:\WINDOWS\System32\v6XXaks8.sys [2009/01/20 17:34:39 | 000,011,521 | ---- | C] () -- C:\WINDOWS\MSUMLT_Q.ini [2006/06/06 11:36:33 | 000,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini [2006/06/06 11:36:33 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini [2006/06/06 11:36:08 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini [2006/06/06 11:36:08 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini [2006/06/06 11:36:07 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini [2006/01/12 18:24:35 | 000,000,070 | ---- | C] () -- C:\WINDOWS\bi_group.ini [2006/01/12 18:15:57 | 000,257,536 | ---- | C] () -- C:\WINDOWS\System32\BiImg.dll [2005/05/08 14:32:06 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2005/05/08 14:28:55 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2005/05/08 14:27:42 | 000,001,058 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2005/05/08 14:21:12 | 000,057,600 | ---- | C] () -- C:\WINDOWS\System32\drivers\redbook.sys [2003/02/03 16:26:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll [2003/01/07 18:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI ========== Custom Scans ========== < MD5 for: REDBOOK.SYS > [2004/08/04 09:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:redbook.sys [2004/08/04 04:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:redbook.sys [2008/07/12 11:15:43 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:redbook.sys [2008/07/12 11:15:43 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:redbook.sys [2004/08/04 01:59:38 | 000,057,472 | ---- | M] (Microsoft Corporation) MD5=B31B4588E4086D8D84ADBF9845C2402B -- C:\WINDOWS\$NtServicePackUninstall$\redbook.sys [2008/04/13 14:40:27 | 000,057,600 | ---- | M] () MD5=EC0F6B19BB73F55CC3F0C455F54F0C5D -- C:\WINDOWS\system32\drivers\redbook.sys [2008/04/13 14:40:27 | 000,057,600 | ---- | M] (Microsoft Corporation) MD5=F828DD7E1419B6653894A8F97A0094C5 -- C:\WINDOWS\ServicePackFiles\i386\redbook.sys [2008/04/13 14:40:27 | 000,057,600 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\maxdriver\redbook.sys < End of report >