Jump to content

MBam won't remove antimalware doctor/microsoft security essentials/spcmdcom.sys


Recommended Posts

Antimalware doctor/microsoft security essentials/spcmdcom.sys all of these seem to be affecting my computer at once. Mbam doesn't remove them. I have been reading up on this forum and it seems like I'm going to need to run OTL. So I went a head and did that. Any help would be much appreciated.

OTL logfile created on: 10/20/2010 10:36:59 AM - Run 1

OTL by OldTimer - Version 3.2.16.0 Folder = C:\Documents and Settings\Searchlight Comics\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 691.00 Mb Available Physical Memory | 68.00% Memory free

2.00 Gb Paging File | 2.00 Gb Available in Paging File | 94.00% Paging File free

Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 113.47 Gb Total Space | 18.80 Gb Free Space | 16.57% Space Free | Partition Type: NTFS

Drive F: | 29.65 Gb Total Space | 25.00 Gb Free Space | 84.32% Space Free | Partition Type: NTFS

Drive G: | 1.92 Gb Total Space | 1.81 Gb Free Space | 93.98% Space Free | Partition Type: FAT

Computer Name: LAPTOP | User Name: Searchlight Comics | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Searchlight Comics\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Searchlight Comics\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (LMIMaint) -- C:\Program Files\LogMeIn\x86\RaMaint.exe (LogMeIn, Inc.)

SRV - (LMIGuardianSvc) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.)

SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

SRV - (Diskeeper) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation)

SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)

SRV - (FreeAgentGoNext Service) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe (Seagate Technology LLC)

SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)

SRV - (LogMeIn) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)

SRV - (SUService) -- c:\Program Files\Lenovo\System Update\SUService.exe (Lenovo Group Limited)

SRV - (TVT Scheduler) -- c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe (Lenovo Group Limited)

SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)

SRV - (ThinkVantage Registry Monitor Service) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)

SRV - (AcPrfMgrSvc) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Lenovo )

SRV - (AcSvc) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe (Lenovo )

SRV - (FingerprintServer) -- C:\WINDOWS\system32\FpLogonServ.exe (AuthenTec,Inc)

SRV - (EvtEng) Intel® -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)

SRV - (S24EventMonitor) Intel® -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )

SRV - (RegSrvc) Intel® -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)

SRV - (FNF5SVC) -- C:\Program Files\Lenovo\HOTKEY\FnF5svc.exe (Lenovo.)

SRV - (nmservice) -- C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe (Pure Networks, Inc.)

SRV - (nmraapache) -- C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe (Pure Networks, Inc.)

SRV - (TVT Backup Protection Service) -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe ()

SRV - (TVT Backup Service) -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe (Lenovo Group Limited)

SRV - (lxci_device) -- C:\WINDOWS\System32\lxcicoms.exe ( )

SRV - (IPSSVC) -- C:\WINDOWS\system32\IPSSVC.EXE (Lenovo Group Limited)

SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)

SRV - (btwdins) -- C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)

SRV - (ProtexisLicensing) -- C:\WINDOWS\system32\PSIService.exe ()

SRV - (WisFnCtrlSvc) -- C:\Program Files\PM Agent\WisFnCtrlSvc.exe (Wistron Corp.)

SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)

SRV - (msvsmon80) -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (UIUSys) -- C:\WINDOWS\System32\DRIVERS\UIUSYS.SYS File not found

DRV - (LMIRfsClientNP) -- C:\WINDOWS\System32\LMIRfsClientNP.dll (LogMeIn, Inc.)

DRV - (pwdrvio) -- C:\WINDOWS\system32\pwdrvio.sys ()

DRV - (pwdspio) -- C:\WINDOWS\system32\pwdspio.sys ()

DRV - (DKRtWrt) -- C:\WINDOWS\system32\drivers\DKRtWrt.sys (Diskeeper Corporation)

DRV - (mcdbus) -- C:\WINDOWS\system32\drivers\mcdbus.sys (MagicISO, Inc.)

DRV - (LMIRfsDriver) -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)

DRV - (LMIInfo) -- C:\Program Files\LogMeIn\x86\rainfo.sys (LogMeIn, Inc.)

DRV - (tvtfilter) -- C:\WINDOWS\system32\drivers\tvtfilter.sys (Lenovo)

DRV - (pmem) -- C:\WINDOWS\system32\drivers\pmemnt.sys (Microsoft Corporation)

DRV - (BVRPMPR5) -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS (Avanquest Software)

DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)

DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)

DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)

DRV - (Cam5603D) -- C:\WINDOWS\system32\drivers\BisonCam.sys (Bison Electronics. Inc. )

DRV - (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor) -- C:\WINDOWS\system32\drivers\atswpdrv.sys (AuthenTec, Inc.)

DRV - (psadd) -- C:\WINDOWS\system32\drivers\psadd.sys (Lenovo (United States) Inc.)

DRV - (NETw4x32) Intel® -- C:\WINDOWS\system32\drivers\NETw4x32.sys (Intel Corporation)

DRV - (TSMAPIP) -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS ()

DRV - (IBMTPCHK) -- C:\WINDOWS\system32\drivers\IBMBLDID.sys ()

DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)

DRV - (rismxdp) -- C:\WINDOWS\system32\drivers\rixdptsk.sys (REDC)

DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\CHDAud.sys (Conexant Systems Inc.)

DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)

DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC)

DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)

DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)

DRV - (iaStor) -- C:\WINDOWS\system32\DRIVERS\iaStor.sys (Intel Corporation)

DRV - (TVTPktFilter) -- C:\WINDOWS\system32\drivers\tvtpktfilter.sys (Lenovo Group Limited)

DRV - (pgfilter) -- C:\Program Files\PeerGuardian2\pgfilter.sys ()

DRV - (rimsptsk) -- C:\WINDOWS\system32\drivers\rimsptsk.sys (REDC)

DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)

DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)

DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)

DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)

DRV - (PROCDD) -- C:\WINDOWS\system32\drivers\PROCDD.SYS (Lenovo Group Limited)

DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.)

DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)

DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation.)

DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation.)

DRV - (ANC) -- C:\WINDOWS\system32\drivers\ANC.sys (IBM Corp.)

DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)

DRV - (Iviaspi) -- C:\WINDOWS\system32\drivers\iviaspi.sys (InterVideo, Inc.)

DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)

DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)

DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)

DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)

DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)

DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)

DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)

DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)

DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)

DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)

DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)

DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)

DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)

DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)

DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)

DRV - (ac97intc) Intel® 82801 Audio Driver Install Service (WDM) -- C:\WINDOWS\system32\drivers\ac97intc.sys (Intel Corporation)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.search.suggest.enabled: false

FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.7

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11

FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1

FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000006

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}:6.0.18

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: LogMeInClient@logmein.com:1.0.0.608

FF - prefs.js..extensions.enabledItems: {F8E5F8BE-1E4C-4AD8-B0A0-FAABB8D136D7}:1.9.1

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.11

FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2008/12/17 12:32:11 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{F8E5F8BE-1E4C-4AD8-B0A0-FAABB8D136D7}: C:\Documents and Settings\Searchlight Comics\Local Settings\Application Data\{F8E5F8BE-1E4C-4AD8-B0A0-FAABB8D136D7} [2010/10/19 21:30:12 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/20 09:33:39 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/20 09:33:39 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.4\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/09/20 14:35:32 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.4\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010/08/22 14:20:40 | 000,000,000 | ---D | M]

[2010/09/09 15:03:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Searchlight Comics\Application Data\Mozilla\Extensions

[2010/09/09 15:03:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Searchlight Comics\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}

[2008/08/06 22:45:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Searchlight Comics\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2010/10/19 18:13:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Searchlight Comics\Application Data\Mozilla\Firefox\Profiles\93ufhb43.default\extensions

[2009/09/26 10:57:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Searchlight Comics\Application Data\Mozilla\Firefox\Profiles\93ufhb43.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2009/03/11 09:04:51 | 000,000,000 | ---D | M] (Live HTTP Headers) -- C:\Documents and Settings\Searchlight Comics\Application Data\Mozilla\Firefox\Profiles\93ufhb43.default\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}

[2010/05/18 22:14:29 | 000,000,000 | ---D | M] (FireFTP) -- C:\Documents and Settings\Searchlight Comics\Application Data\Mozilla\Firefox\Profiles\93ufhb43.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}

[2009/05/24 13:10:27 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\Searchlight Comics\Application Data\Mozilla\Firefox\Profiles\93ufhb43.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}

[2009/05/23 19:19:21 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Searchlight Comics\Application Data\Mozilla\Firefox\Profiles\93ufhb43.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}

[2009/04/19 21:37:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Searchlight Comics\Application Data\Mozilla\Firefox\Profiles\93ufhb43.default\extensions\dave2x@download

[2010/07/14 20:20:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Searchlight Comics\Application Data\Mozilla\Firefox\Profiles\93ufhb43.default\extensions\LogMeInClient@logmein.com

[2009/05/20 22:25:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Searchlight Comics\Application Data\Mozilla\Firefox\Profiles\93ufhb43.default\extensions\moveplayer@movenetworks.com

[2009/12/10 18:33:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Searchlight Comics\Application Data\Mozilla\Firefox\Profiles\93ufhb43.default\extensions\TechnicianConsole@logmeinrescue.com

[2010/10/20 09:45:05 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2010/10/20 09:33:26 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2008/08/06 21:18:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

[2008/12/17 12:32:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

[2010/02/08 16:21:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

[2010/10/20 09:33:26 | 000,025,048 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll

[2010/10/20 09:33:26 | 000,140,248 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll

[2007/04/10 18:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll

[2009/12/17 18:14:01 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll

[2009/02/06 12:44:28 | 001,447,296 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll

[2010/10/20 09:33:31 | 000,066,520 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll

[2009/02/27 12:13:42 | 000,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll

[2010/08/22 14:20:38 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll

[2010/08/22 14:20:38 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll

[2010/08/22 14:20:38 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll

[2010/08/22 14:20:38 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll

[2010/08/22 14:20:39 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll

[2010/08/22 14:20:39 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll

[2010/08/22 14:20:39 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll

[2010/10/18 09:56:32 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml

[2010/10/18 09:56:32 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml

[2010/10/18 09:56:32 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml

[2010/10/18 09:56:32 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml

[2010/10/18 09:56:33 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml

[2010/10/18 09:56:33 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml

[2010/10/18 09:56:33 | 000,001,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2010/07/02 23:24:50 | 000,411,396 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 127.0.0.1 www.007guard.com

O1 - Hosts: 127.0.0.1 007guard.com

O1 - Hosts: 127.0.0.1 008i.com

O1 - Hosts: 127.0.0.1 www.008k.com

O1 - Hosts: 127.0.0.1 008k.com

O1 - Hosts: 127.0.0.1 www.00hq.com

O1 - Hosts: 127.0.0.1 00hq.com

O1 - Hosts: 127.0.0.1 010402.com

O1 - Hosts: 127.0.0.1 www.032439.com

O1 - Hosts: 127.0.0.1 032439.com

O1 - Hosts: 127.0.0.1 www.0scan.com

O1 - Hosts: 127.0.0.1 0scan.com

O1 - Hosts: 127.0.0.1 1000gratisproben.com

O1 - Hosts: 127.0.0.1 www.1000gratisproben.com

O1 - Hosts: 127.0.0.1 1001namen.com

O1 - Hosts: 127.0.0.1 www.1001namen.com

O1 - Hosts: 127.0.0.1 100888290cs.com

O1 - Hosts: 127.0.0.1 www.100888290cs.com

O1 - Hosts: 127.0.0.1 www.100sexlinks.com

O1 - Hosts: 127.0.0.1 100sexlinks.com

O1 - Hosts: 127.0.0.1 10sek.com

O1 - Hosts: 127.0.0.1 www.10sek.com

O1 - Hosts: 127.0.0.1 www.1-2005-search.com

O1 - Hosts: 127.0.0.1 1-2005-search.com

O1 - Hosts: 14217 more lines...

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.

O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)

O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O2 - BHO: (CPwmIEBrowserHelper Object) - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)

O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()

O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe (LENOVO)

O4 - HKLM..\Run: [bsMnt] C:\WINDOWS\BisonCam\BsMnt.exe ()

O4 - HKLM..\Run: [cssauth] C:\Program Files\Lenovo\Client Security Solution\cssauth.exe (Lenovo Group Limited)

O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)

O4 - HKLM..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)

O4 - HKLM..\Run: [iSUSPM Startup] C:\Program Files\Common Files\Installshield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)

O4 - HKLM..\Run: [iSUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)

O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)

O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)

O4 - HKLM..\Run: [LPManager] C:\Program Files\Lenovo\LenovoCare\LPMGR.EXE (Lenovo Group Limited)

O4 - HKLM..\Run: [LXCICATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCItime.DLL (Lexmark International Inc.)

O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe (Microsoft Corporation)

O4 - HKLM..\Run: [Ntacetohekafom] C:\WINDOWS\odomipobe.DLL (MPC-HC Team)

O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)

O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)

O4 - HKLM..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe (Lenovo Group Limited)

O4 - HKLM..\Run: [TPWAUDAP] C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe ()

O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)

O4 - HKLM..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe ()

O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)

O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)

O4 - HKCU..\Run: [mediarealease70x700hh.exe] C:\Documents and Settings\Searchlight Comics\Application Data\FC6BCBC365901A48201EB68D1596A914\mediarealease70x700hh.exe (?????????? ??????????)

O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)

O4 - HKCU..\RunOnce: [998652] C:\Documents and Settings\Searchlight Comics\Local Settings\Application Data\998652.exe ()

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta ()

O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()

O9 - Extra 'Tools' menuitem : ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)

O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\puresp3.dll (Pure Networks, Inc.)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)

O20 - Winlogon\Notify\ACNotify: DllName - ACNotify.dll - C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll (Lenovo )

O20 - Winlogon\Notify\ATFUS: DllName - C:\WINDOWS\system32\FpWinLogonNp.dll - C:\WINDOWS\system32\FpWinlogonNp.dll (AuthenTec,Inc)

O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - File not found

O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)

O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)

O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)

O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\tphotkey: DllName - C:\Program Files\Lenovo\HOTKEY\tphklock.dll - C:\Program Files\Lenovo\HOTKEY\tphklock.dll ()

O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)

O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)

O21 - SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O24 - Desktop Components:0 (My Current Home Page) - About:Home

O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp

O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/04/30 03:13:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2006/11/13 13:35:04 | 000,000,052 | ---- | M] () - F:\Autorun.inf -- [ NTFS ]

O32 - AutoRun File - [2009/04/05 15:16:56 | 000,000,090 | ---- | M] () - G:\AUTORUN.INF -- [ FAT ]

O33 - MountPoints2\{42b0e680-6650-11de-91b8-001f3adc5863}\Shell - "" = AutoRun

O33 - MountPoints2\{42b0e680-6650-11de-91b8-001f3adc5863}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{42b0e680-6650-11de-91b8-001f3adc5863}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found

O33 - MountPoints2\{47974cb0-ab9c-11df-b178-001f3adc5863}\Shell - "" = AutoRun

O33 - MountPoints2\{47974cb0-ab9c-11df-b178-001f3adc5863}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{47974cb0-ab9c-11df-b178-001f3adc5863}\Shell\AutoRun\command - "" = H:\iStudio.exe -- File not found

O33 - MountPoints2\{8dfee434-6764-11de-91b9-001f3adc5863}\Shell\AutoRun\command - "" = .\Encryption Tool\MaxtorEncryption.exe

O33 - MountPoints2\{92838a13-ddae-11dd-918b-001f3adc5863}\Shell\AutoRun\command - "" = G:\setupSNK.exe -- [2008/04/14 05:42:42 | 000,028,672 | ---- | M] (Microsoft Corporation)

O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Setup.exe -- [2007/02/21 11:50:42 | 000,751,824 | ---- | M] (Conexant Systems, Inc.)

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found

NetSvcs: Ias - File not found

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/10/20 10:29:12 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Searchlight Comics\Desktop\OTL.exe

[2010/10/20 09:48:41 | 000,000,000 | --SD | C] -- C:\ComboFix

[2010/10/20 09:48:13 | 000,546,224 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\Searchlight Comics\Desktop\avg_remover_stf_x86_2011_1149.exe.to_delete

[2010/10/20 09:37:23 | 000,718,104 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\Searchlight Comics\Desktop\avgremover-1.exe

[2010/10/20 03:16:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2010/10/20 03:09:58 | 000,000,000 | ---D | C] -- C:\Qoobox

[2010/10/20 02:16:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan

[2010/10/20 02:16:21 | 000,000,000 | ---D | C] -- C:\Program Files\Security Task Manager

[2010/10/19 22:45:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia

[2010/10/19 22:45:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe

[2010/10/19 21:30:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Searchlight Comics\Local Settings\Application Data\{F8E5F8BE-1E4C-4AD8-B0A0-FAABB8D136D7}

[2010/10/19 21:27:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Update

[2010/10/19 21:27:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Searchlight Comics\Application Data\Uzzaiw

[2010/10/19 21:27:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Searchlight Comics\Application Data\Neywo

[2010/10/19 21:26:12 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Documents\Server

[2010/10/19 21:25:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Searchlight Comics\Application Data\FC6BCBC365901A48201EB68D1596A914

[2010/09/29 16:09:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Searchlight Comics\Application Data\NewSoft

[2010/09/29 16:08:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Searchlight Comics\Local Settings\Application Data\NewSoft

[2010/09/26 09:38:52 | 000,000,000 | ---D | C] -- C:\Program Files\Universal Extractor

[2010/09/23 16:07:38 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!

[2009/01/06 20:25:00 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Searchlight Comics\Application Data\pcouffin.sys

[2008/10/28 09:48:26 | 000,323,584 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcihcp.dll

[2008/10/28 09:48:25 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxciinpa.dll

[2008/10/28 09:48:25 | 000,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\lxciiesc.dll

[2008/10/28 09:48:24 | 000,991,232 | ---- | C] ( ) -- C:\WINDOWS\System32\lxciusb1.dll

[2008/10/28 09:48:23 | 001,224,704 | ---- | C] ( ) -- C:\WINDOWS\System32\lxciserv.dll

[2008/10/28 09:48:22 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxciprox.dll

[2008/10/28 09:48:21 | 000,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcipplc.dll

[2008/10/28 09:48:20 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcipmui.dll

[2008/10/28 09:48:19 | 000,585,728 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcilmpm.dll

[2008/10/28 09:48:16 | 000,696,320 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcihbn3.dll

[2008/10/28 09:48:11 | 000,684,032 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcicomc.dll

[2008/10/28 09:48:11 | 000,421,888 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcicomm.dll

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2087/08/09 10:15:50 | 000,001,627 | ---- | M] () -- C:\Documents and Settings\Searchlight Comics\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2087/08/09 10:15:50 | 000,001,609 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

[2010/10/20 10:26:10 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/10/20 10:25:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/10/20 10:24:06 | 000,002,529 | ---- | M] () -- C:\WINDOWS\lsrslt.ini

[2010/10/20 10:21:31 | 000,025,269 | ---- | M] () -- C:\WINDOWS\System32\PROCDB.INI

[2010/10/20 10:20:27 | 000,000,380 | ---- | M] () -- C:\WINDOWS\System32\IPSCtrl.INI

[2010/10/20 10:20:26 | 000,000,330 | -HS- | M] () -- C:\WINDOWS\tasks\ZKFOB.job

[2010/10/20 08:47:54 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Qguyoxired.dat

[2010/10/20 03:16:30 | 000,000,321 | -H-- | M] () -- C:\boot.ini

[2010/10/20 02:58:31 | 000,002,548 | ---- | M] () -- C:\config.xml

[2010/10/20 02:58:24 | 000,000,456 | ---- | M] () -- C:\WINDOWS\System32\RW_FileFlag.dat

[2010/10/20 02:58:23 | 000,021,792 | ---- | M] () -- C:\WINDOWS\System32\RW_FileType.dat

[2010/10/20 02:28:00 | 000,000,440 | ---- | M] () -- C:\WINDOWS\tasks\Updater.job

[2010/10/20 01:48:41 | 000,000,284 | ---- | M] () -- C:\Documents and Settings\Searchlight Comics\Desktop\Shortcut to iExplore.lnk

[2010/10/20 01:40:54 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Searchlight Comics\Local Settings\Application Data\prvlcl.dat

[2010/10/20 01:29:23 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Afoxogovitogol.bin

[2010/10/19 23:40:00 | 003,880,843 | R--- | M] () -- C:\Documents and Settings\Searchlight Comics\Desktop\ComboFix.exe

[2010/10/19 22:21:56 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Searchlight Comics\Desktop\OTL.exe

[2010/10/19 21:29:47 | 000,069,632 | RHS- | M] () -- C:\WINDOWS\System32\tlntsessp.dll

[2010/10/19 21:28:02 | 000,000,211 | ---- | M] () -- C:\Documents and Settings\Searchlight Comics\Application Data\37898.bat

[2010/10/19 21:27:57 | 000,958,464 | ---- | M] () -- C:\Documents and Settings\Searchlight Comics\Local Settings\Application Data\998652.exe

[2010/10/19 21:27:23 | 000,000,211 | ---- | M] () -- C:\Documents and Settings\Searchlight Comics\Application Data\33084.bat

[2010/10/19 21:27:22 | 000,000,211 | ---- | M] () -- C:\Documents and Settings\Searchlight Comics\Application Data\41204.bat

[2010/10/19 18:14:21 | 000,002,563 | ---- | M] () -- C:\Documents and Settings\Searchlight Comics\Desktop\ComicEbayInventory.lnk

[2010/10/19 13:10:09 | 002,773,594 | ---- | M] () -- C:\Documents and Settings\Searchlight Comics\Desktop\revise prices.csv

[2010/10/19 03:12:34 | 000,546,224 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Searchlight Comics\Desktop\avg_remover_stf_x86_2011_1149.exe.to_delete

[2010/10/09 18:11:08 | 000,364,032 | ---- | M] () -- C:\Documents and Settings\Searchlight Comics\Desktop\iExplore.exe

[2010/10/09 18:11:08 | 000,364,032 | ---- | M] () -- C:\Documents and Settings\Searchlight Comics\Desktop\123.com

[2010/09/30 16:37:35 | 000,087,424 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIinit.dll

[2010/09/30 16:37:35 | 000,083,360 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIRfsClientNP.dll

[2010/09/30 16:37:35 | 000,029,568 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIport.dll

[2010/09/29 17:17:39 | 000,037,888 | ---- | M] () -- C:\Documents and Settings\Searchlight Comics\My Documents\Robert_Abendschoen_Resume[2].doc

[2010/09/29 16:12:03 | 002,338,333 | ---- | M] () -- C:\Documents and Settings\Searchlight Comics\Desktop\Liberty Meadows 20 Back.jpg

[2010/09/29 16:08:29 | 004,329,047 | ---- | M] () -- C:\Documents and Settings\Searchlight Comics\Desktop\Liberty Meadows 20 Front.jpg

[2010/09/26 21:06:17 | 000,059,097 | ---- | M] () -- C:\WINDOWS\KernelMessage

[2010/09/25 09:42:25 | 000,143,360 | ---- | M] () -- C:\Documents and Settings\Searchlight Comics\My Documents\db1.mdb

[2010/09/20 10:49:41 | 000,024,650 | ---- | M] () -- C:\WINDOWS\System32\RW_AppData.dat

[2010/09/20 10:49:41 | 000,002,464 | ---- | M] () -- C:\WINDOWS\System32\RW_{FC6A118D-0837-11DE-91A2-001F3ADC5863}.dat

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/20 10:29:13 | 000,133,632 | ---- | C] () -- C:\Documents and Settings\Searchlight Comics\Desktop\RKUnhookerLE.EXE

[2010/10/20 03:09:39 | 003,880,843 | R--- | C] () -- C:\Documents and Settings\Searchlight Comics\Desktop\ComboFix.exe

[2010/10/20 02:58:31 | 000,002,548 | ---- | C] () -- C:\config.xml

[2010/10/20 02:56:26 | 000,002,529 | ---- | C] () -- C:\WINDOWS\lsrslt.ini

[2010/10/20 02:07:33 | 001,709,408 | ---- | C] () -- C:\Documents and Settings\Searchlight Comics\Desktop\taskmanager17.exe

[2010/10/20 01:50:00 | 000,364,032 | ---- | C] () -- C:\Documents and Settings\Searchlight Comics\Desktop\iExplore.exe

[2010/10/20 01:48:41 | 000,000,284 | ---- | C] () -- C:\Documents and Settings\Searchlight Comics\Desktop\Shortcut to iExplore.lnk

[2010/10/20 01:18:11 | 000,364,032 | ---- | C] () -- C:\Documents and Settings\Searchlight Comics\Desktop\123.com

[2010/10/19 21:30:20 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Qguyoxired.dat

[2010/10/19 21:30:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Afoxogovitogol.bin

[2010/10/19 21:29:50 | 000,000,330 | -HS- | C] () -- C:\WINDOWS\tasks\ZKFOB.job

[2010/10/19 21:29:47 | 000,069,632 | RHS- | C] () -- C:\WINDOWS\System32\tlntsessp.dll

[2010/10/19 21:28:06 | 000,000,440 | ---- | C] () -- C:\WINDOWS\tasks\Updater.job

[2010/10/19 21:28:02 | 000,000,211 | ---- | C] () -- C:\Documents and Settings\Searchlight Comics\Application Data\37898.bat

[2010/10/19 21:27:57 | 000,958,464 | ---- | C] () -- C:\Documents and Settings\Searchlight Comics\Local Settings\Application Data\998652.exe

[2010/10/19 21:27:23 | 000,000,211 | ---- | C] () -- C:\Documents and Settings\Searchlight Comics\Application Data\33084.bat

[2010/10/19 21:27:22 | 000,000,211 | ---- | C] () -- C:\Documents and Settings\Searchlight Comics\Application Data\41204.bat

[2010/10/19 13:08:48 | 002,773,594 | ---- | C] () -- C:\Documents and Settings\Searchlight Comics\Desktop\revise prices.csv

[2010/10/13 23:27:12 | 000,002,563 | ---- | C] () -- C:\Documents and Settings\Searchlight Comics\Desktop\ComicEbayInventory.lnk

[2010/09/29 16:12:03 | 002,338,333 | ---- | C] () -- C:\Documents and Settings\Searchlight Comics\Desktop\Liberty Meadows 20 Back.jpg

[2010/09/29 16:08:29 | 004,329,047 | ---- | C] () -- C:\Documents and Settings\Searchlight Comics\Desktop\Liberty Meadows 20 Front.jpg

[2010/09/25 09:37:52 | 000,143,360 | ---- | C] () -- C:\Documents and Settings\Searchlight Comics\My Documents\db1.mdb

[2010/09/20 10:49:41 | 000,024,650 | ---- | C] () -- C:\WINDOWS\System32\RW_AppData.dat

[2010/09/20 10:49:41 | 000,002,464 | ---- | C] () -- C:\WINDOWS\System32\RW_{FC6A118D-0837-11DE-91A2-001F3ADC5863}.dat

[2010/07/03 11:31:46 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys

[2010/01/31 23:04:33 | 000,016,456 | ---- | C] () -- C:\WINDOWS\System32\pwdrvio.sys

[2010/01/31 23:04:32 | 000,011,088 | ---- | C] () -- C:\WINDOWS\System32\pwdspio.sys

[2009/12/08 23:00:50 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Searchlight Comics\Local Settings\Application Data\prvlcl.dat

[2009/11/07 18:30:16 | 000,023,361 | ---- | C] () -- C:\Documents and Settings\Searchlight Comics\Application Data\Comma Separated Values (Windows).ADR

[2009/11/07 15:40:56 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Searchlight Comics\Application Data\$_hpcst$.hpc

[2009/07/07 17:23:38 | 000,000,027 | ---- | C] () -- C:\WINDOWS\SmAudio.INI

[2009/06/12 09:30:52 | 000,000,012 | ---- | C] () -- C:\WINDOWS\atiry80.dll

[2009/06/12 09:13:33 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\FlicPlusSDK_Win32_API.dll

[2009/05/24 12:11:10 | 000,000,050 | ---- | C] () -- C:\WINDOWS\MegaManager.INI

[2009/02/17 11:44:30 | 000,000,217 | ---- | C] () -- C:\WINDOWS\{2E11BFE5-B43B-466C-AD32-C522770576FD}_WiseFW.ini

[2009/02/06 16:00:19 | 000,000,031 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib

[2009/01/06 20:25:27 | 000,000,671 | ---- | C] () -- C:\Documents and Settings\Searchlight Comics\Application Data\vso_ts_preview.xml

[2009/01/06 20:25:10 | 000,000,034 | ---- | C] () -- C:\Documents and Settings\Searchlight Comics\Application Data\pcouffin.log

[2009/01/06 20:25:00 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Searchlight Comics\Application Data\inst.exe

[2009/01/06 20:25:00 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Searchlight Comics\Application Data\pcouffin.cat

[2009/01/06 20:25:00 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Searchlight Comics\Application Data\pcouffin.inf

[2009/01/01 22:26:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI

[2008/11/22 13:38:14 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2008/10/28 10:00:27 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\IPPCPUID.DLL

[2008/10/28 09:56:04 | 000,028,672 | ---- | C] () -- C:\WINDOWS\hookdllX.dll

[2008/10/28 09:55:41 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll

[2008/10/28 09:50:05 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxcivs.dll

[2008/10/28 09:49:56 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\lxcicoin.dll

[2008/10/28 09:49:12 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\lxcicnv4.dll

[2008/10/28 09:48:26 | 000,274,432 | ---- | C] () -- C:\WINDOWS\System32\lxciinst.dll

[2008/10/22 12:13:38 | 000,000,173 | ---- | C] () -- C:\WINDOWS\KPCMS.INI

[2008/10/22 12:12:33 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL

[2008/08/28 14:33:06 | 000,000,896 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2008/08/12 14:59:50 | 000,224,256 | ---- | C] () -- C:\Documents and Settings\Searchlight Comics\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008/08/06 21:29:20 | 000,006,370 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys

[2008/08/06 21:29:20 | 000,000,168 | RHS- | C] () -- C:\WINDOWS\System32\4132A8E190.sys

[2008/07/10 08:14:01 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2008/07/10 07:56:01 | 000,004,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys

[2008/07/10 07:47:09 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll

[2008/07/10 07:47:09 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll

[2008/07/10 07:47:09 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll

[2008/07/10 07:47:09 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll

[2008/07/10 07:47:09 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll

[2008/07/10 07:47:09 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll

[2008/07/10 07:42:09 | 000,701,840 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll

[2008/07/10 07:42:09 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4785.dll

[2008/07/10 07:40:11 | 000,012,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSMAPIP.SYS

[2008/07/10 07:40:02 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll

[2008/07/10 07:39:43 | 000,015,190 | ---- | C] () -- C:\WINDOWS\M2000Twn.ini

[2007/08/16 06:28:38 | 000,025,269 | ---- | C] () -- C:\WINDOWS\System32\PROCDB.INI

[2007/08/16 06:28:27 | 000,000,380 | ---- | C] () -- C:\WINDOWS\System32\IPSCtrl.INI

[2007/02/09 15:54:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini

[2006/11/12 00:50:38 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll

[2006/04/30 03:31:51 | 000,004,670 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

[2006/04/30 03:22:10 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini

[2006/04/30 02:55:22 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\mwigacc32.dll

[2006/04/29 20:04:28 | 000,004,370 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2006/01/30 10:00:00 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\VSHP1018.DLL

[2005/12/21 17:57:36 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\nsldap32v50.dll

[2005/12/21 17:57:04 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\nsldappr32v50.dll

[2005/12/21 17:54:34 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\nsldapssl32v50.dll

[2004/03/04 09:43:40 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\SN4Codec.dll

[2003/05/09 10:06:28 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\tjpegcodec.dll

[2001/11/14 15:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== LOP Check ==========

[2010/10/20 09:40:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9

[2008/08/27 19:44:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus

[2008/11/05 12:45:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BayLister

[2009/07/21 18:23:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Borland

[2008/10/28 10:02:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software

[2009/06/08 20:32:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Chronos Process Integration

[2009/06/10 14:13:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES

[2010/02/01 09:32:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Diskeeper Corporation

[2009/06/08 21:24:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dynacom

[2009/08/03 19:05:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FireFox

[2010/07/03 11:42:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro

[2010/09/10 17:12:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Human Computing

[2008/09/02 19:29:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lenovo

[2010/02/02 07:25:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn

[2010/07/16 21:22:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic Anti-Spyware

[2008/07/10 07:55:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC-Doctor

[2010/02/03 18:55:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PreEmptive Solutions

[2010/04/21 12:04:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion

[2009/04/29 17:57:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate

[2010/10/20 02:16:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan

[2009/02/06 16:00:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft

[2008/08/06 21:29:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TaskMgr

[2009/07/08 06:08:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2010/10/20 00:17:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Update

[2009/12/10 17:37:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VistaCodecs

[2010/02/10 21:00:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk

[2010/08/22 14:25:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2009/10/29 13:01:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}

[2009/06/08 21:30:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{B73EC431-2F59-4E5E-9CEA-001681A75E3E}

[2009/06/04 20:45:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Searchlight Comics\Application Data\Azureus

[2009/06/15 15:46:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Searchlight Comics\Application Data\Business Suite

[2009/08/01 09:51:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Searchlight Comics\Application Data\Canneverbe_Limited

[2009/06/08 20:32:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Searchlight Comics\Application Data\Chronos Process Integration

[2009/03/08 18:05:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Searchlight Comics\Application Data\cYo

[2009/04/11 11:01:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Searchlight Comics\Application Data\DC++

[2009/06/08 21:28:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Searchlight Comics\Application Data\Dynacom

[2010/01/04 12:04:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Searchlight Comics\Application Data\Endicia

[2010/10/20 02:12:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Searchlight Comics\Application Data\FC6BCBC365901A48201EB68D1596A914

[2008/09/29 12:30:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Searchlight Comics\Application Data\GamesCafe

[2010/09/10 17:16:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Searchlight Comics\Application Data\Human Computing

[2008/11/28 13:27:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Searchlight Comics\Application Data\InfraRecorder

[2009/01/01 19:54:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Searchlight Comics\Application Data\InterVideo

[2008/10/01 08:11:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Searchlight Comics\Application Data\iWin

[2008/08/06 21:09:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Searchlight Comics\Application Data\Leadertech

[2008/09/02 19:29:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Searchlight Comics\Application Data\Lenovo

[2009/07/21 18:14:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Searchlight Comics\Application Data\Listomax

[2009/12/10 18:42:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Searchlight Comics\Application Data\LogMeIn Rescue

[2008/08/21 21:10:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Searchlight Comics\Application Data\MSNInstaller

[2010/09/29 16:09:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Searchlight Comics\Application Data\NewSoft

[2010/10/19 21:53:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Searchlight Comics\Application Data\Neywo

[2009/07/08 16:38:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Searchlight Comics\Application Data\Orbit

[2010/04/21 12:05:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Searchlight Comics\Application Data\Research In Motion

[2009/10/30 13:53:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Searchlight Comics\Application Data\Resource Tuner

[2009/06/15 17:00:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Searchlight Comics\Application Data\Softplicity

[2009/06/30 08:59:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Searchlight Comics\Application Data\Stamps.com Internet Postage

[2010/09/09 15:03:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Searchlight Comics\Application Data\Thunderbird

[2010/07/05 11:35:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Searchlight Comics\Application Data\uTorrent

[2010/10/20 10:18:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Searchlight Comics\Application Data\Uzzaiw

[2010/07/22 22:42:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Searchlight Comics\Application Data\Vso

[2010/07/16 21:22:45 | 000,000,384 | ---- | M] () -- C:\WINDOWS\Tasks\Pareto UNS.job

[2010/10/20 02:28:00 | 000,000,440 | ---- | M] () -- C:\WINDOWS\Tasks\Updater.job

[2010/10/20 10:20:26 | 000,000,330 | -HS- | M] () -- C:\WINDOWS\Tasks\ZKFOB.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >

[2010/02/02 07:25:22 | 000,001,024 | ---- | M] () -- C:\.rnd

[2006/04/30 03:13:35 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT

[2009/01/06 20:05:46 | 000,000,061 | ---- | M] () -- C:\Avi2Dvd_Log.txt

[2010/10/20 03:16:30 | 000,000,321 | -H-- | M] () -- C:\boot.ini

[2010/05/22 20:20:21 | 000,004,584 | ---- | M] () -- C:\bootex.log

[2006/04/30 03:13:35 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS

[2010/10/20 02:58:31 | 000,002,548 | ---- | M] () -- C:\config.xml

[2009/01/04 20:48:27 | 000,000,039 | ---- | M] () -- C:\debug.txt

[2008/07/10 07:48:17 | 000,001,496 | ---- | M] () -- C:\drivez.log

[2007/02/02 22:37:00 | 000,000,017 | ---- | M] () -- C:\initrd.pam

[2010/01/31 21:57:35 | 000,001,648 | ---- | M] () -- C:\InstallHelper.log

[2006/04/30 03:13:35 | 000,000,000 | RHS- | M] () -- C:\IO.SYS

[2007/03/20 03:32:34 | 000,000,065 | ---- | M] () -- C:\kernel.pam

[2010/07/03 12:15:55 | 000,002,304 | ---- | M] () -- C:\lxci.log

[2006/04/30 03:13:35 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS

[2008/11/22 13:43:22 | 000,000,056 | ---- | M] () -- C:\MSg.txt

[2009/10/05 11:26:22 | 000,000,549 | ---- | M] () -- C:\NTDClient.log

[2004/08/04 08:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM

[2008/09/11 08:20:44 | 000,250,048 | RHS- | M] () -- C:\NTLDR

[2010/10/20 10:25:29 | 1598,029,824 | -HS- | M] () -- C:\pagefile.sys

[2010/10/20 10:23:56 | 000,000,220 | ---- | M] () -- C:\rkill.log

[2008/07/10 07:40:07 | 000,000,086 | ---- | M] () -- C:\setup.log

[2008/10/28 10:02:39 | 000,000,172 | ---- | M] () -- C:\setupfax.log

[2008/07/10 07:29:29 | 000,000,083 | ---- | M] () -- C:\syslevel.lgl

[2010/07/03 12:34:01 | 000,054,814 | ---- | M] () -- C:\TDSSKiller.2.3.2.2_03.07.2010_12.32.42_log.txt

[2010/07/03 12:47:08 | 000,054,086 | ---- | M] () -- C:\TDSSKiller.2.3.2.2_03.07.2010_12.45.03_log.txt

[2010/10/20 09:07:04 | 000,054,704 | ---- | M] () -- C:\TDSSKiller.2.3.2.2_20.10.2010_09.06.40_log.txt

[2010/10/20 10:25:44 | 000,003,768 | ---- | M] () -- C:\TPHKLOCK.TXT

< %systemroot%\system32\*dll /lockedfiles >

[2009/03/08 04:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll

[2009/03/08 04:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll

[2010/10/19 21:29:47 | 000,069,632 | RHS- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\tlntsessp.dll

[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

[2010/10/20 10:20:26 | 000,000,330 | -HS- | M] () Unable to obtain MD5 -- C:\WINDOWS\Tasks\ZKFOB.job

< %systemroot%\system32\drivers\*.sys /90 >

[2010/10/20 09:08:03 | 000,057,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\redbook.sys

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >

[2005/11/07 20:00:00 | 000,130,560 | ---- | M] (?????????? ??????????) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\1q93cE.dll

[2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll

[2006/01/30 10:00:00 | 000,049,152 | ---- | M] (Zenographics, Inc.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\IMFPRINT.DLL

[2010/09/30 16:37:35 | 000,053,632 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\LMIproc.dll

[2007/01/30 07:16:28 | 000,118,272 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lxcipp5c.dll

[2003/01/16 20:37:14 | 000,011,264 | ---- | M] (BVRP Software) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lxPrint2000.dll

[2007/12/10 09:00:00 | 000,057,344 | ---- | M] (Zenographics, Inc.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\ZIMFPRNT.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 24 bytes -> C:\WINDOWS:F558EB63EC52EC5B

@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:69DD03D4

@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F1CF9611

< End of report >

Link to post
Share on other sites

  • Replies 62
  • Created
  • Last Reply

Top Posters In This Topic

OTL Extras logfile created on: 10/20/2010 10:36:59 AM - Run 1

OTL by OldTimer - Version 3.2.16.0 Folder = C:\Documents and Settings\Searchlight Comics\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 691.00 Mb Available Physical Memory | 68.00% Memory free

2.00 Gb Paging File | 2.00 Gb Available in Paging File | 94.00% Paging File free

Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 113.47 Gb Total Space | 18.80 Gb Free Space | 16.57% Space Free | Partition Type: NTFS

Drive F: | 29.65 Gb Total Space | 25.00 Gb Free Space | 84.32% Space Free | Partition Type: NTFS

Drive G: | 1.92 Gb Total Space | 1.81 Gb Free Space | 93.98% Space Free | Partition Type: FAT

Computer Name: LAPTOP | User Name: Searchlight Comics | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

"4100:UDP" = 4100:UDP:*:Enabled:uPNP Router Control Port

"67:UDP" = 67:UDP:*:Enabled:DHCP Discovery Service

"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)

"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)

"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus -- File not found

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"C:\WINDOWS\system32\lxcicoms.exe" = C:\WINDOWS\system32\lxcicoms.exe:*:Enabled:7300 Series Server -- ( )

"C:\Program Files\MidTen Media\Comic Collector Live\CCL.exe" = C:\Program Files\MidTen Media\Comic Collector Live\CCL.exe:*:Enabled:Comic Collector Live -- File not found

"C:\Program Files\DC++\DCPlusPlus.exe" = C:\Program Files\DC++\DCPlusPlus.exe:*:Enabled:DC++ -- File not found

"C:\Program Files\Java\jre6\launch4j-tmp\JDownloader.exe" = C:\Program Files\Java\jre6\launch4j-tmp\JDownloader.exe:*:Enabled:Java Platform SE binary -- File not found

"C:\WINDOWS\system32\java.exe" = C:\WINDOWS\system32\java.exe:*:Enabled:Java Platform SE binary -- (Sun Microsystems, Inc.)

"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java Platform SE binary -- (Sun Microsystems, Inc.)

"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java Platform SE binary -- (Sun Microsystems, Inc.)

"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:

Link to post
Share on other sites

Hello bobabby

Welcome to Malwarebytes.

=====================

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    O4 - HKCU..\Run: [mediarealease70x700hh.exe] C:\Documents and Settings\Searchlight Comics\Application Data\FC6BCBC365901A48201EB68D1596A914\mediarealease70x700hh.exe (?????????? ??????????)
    O4 - HKCU..\RunOnce: [998652] C:\Documents and Settings\Searchlight Comics\Local Settings\Application Data\998652.exe ()
    [2010/10/19 21:27:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Searchlight Comics\Application Data\Uzzaiw
    [2010/10/19 21:27:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Searchlight Comics\Application Data\Neywo
    [2010/10/19 21:26:12 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Documents\Server
    [2010/10/19 21:25:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Searchlight Comics\Application Data\FC6BCBC365901A48201EB68D1596A914
    [2010/10/19 21:30:20 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Qguyoxired.dat
    [2010/10/19 21:30:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Afoxogovitogol.bin
    [2010/10/19 21:29:50 | 000,000,330 | -HS- | C] () -- C:\WINDOWS\tasks\ZKFOB.job
    [2010/10/19 21:28:02 | 000,000,211 | ---- | C] () -- C:\Documents and Settings\Searchlight Comics\Application Data\37898.bat
    [2010/10/19 21:27:57 | 000,958,464 | ---- | C] () -- C:\Documents and Settings\Searchlight Comics\Local Settings\Application Data\998652.exe
    [2010/10/19 21:27:23 | 000,000,211 | ---- | C] () -- C:\Documents and Settings\Searchlight Comics\Application Data\33084.bat
    [2010/10/19 21:27:22 | 000,000,211 | ---- | C] () -- C:\Documents and Settings\Searchlight Comics\Application Data\41204.bat
    [2005/11/07 20:00:00 | 000,130,560 | ---- | M] (?????????? ??????????) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\1q93cE.dll
    [2010/10/19 21:29:47 | 000,069,632 | RHS- | C] () -- C:\WINDOWS\System32\tlntsessp.dll


    :Commands
    [emptytemp]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • It will produce a log for you on reboot, please post that log in your next reply.

========

Then delete your version of Combofix and do the following:

Download ComboFix from one of these locations:

Link 1

Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Link to post
Share on other sites

Ok please do the following then.

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Note if it finds a locked service named Userinit ot vbma*.sys choose for it to delete it. (the * stands for numbers.)

Link to post
Share on other sites

I forgot to select delete for the vbma the 1st time. So here is the 1st log.

2010/10/22 19:01:57.0640 TDSS rootkit removing tool 2.4.4.0 Oct 4 2010 09:06:59

2010/10/22 19:01:57.0640 ================================================================================

2010/10/22 19:01:57.0640 SystemInfo:

2010/10/22 19:01:57.0640

2010/10/22 19:01:57.0640 OS Version: 5.1.2600 ServicePack: 3.0

2010/10/22 19:01:57.0640 Product type: Workstation

2010/10/22 19:01:57.0640 ComputerName: LAPTOP

2010/10/22 19:01:57.0640 UserName: Searchlight Comics

2010/10/22 19:01:57.0640 Windows directory: C:\WINDOWS

2010/10/22 19:01:57.0640 System windows directory: C:\WINDOWS

2010/10/22 19:01:57.0640 Processor architecture: Intel x86

2010/10/22 19:01:57.0640 Number of processors: 2

2010/10/22 19:01:57.0640 Page size: 0x1000

2010/10/22 19:01:57.0640 Boot type: Normal boot

2010/10/22 19:01:57.0640 ================================================================================

2010/10/22 19:01:58.0375 Initialize success

2010/10/22 19:02:08.0218 ================================================================================

2010/10/22 19:02:08.0218 Scan started

2010/10/22 19:02:08.0218 Mode: Manual;

2010/10/22 19:02:08.0218 ================================================================================

2010/10/22 19:02:10.0062 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

2010/10/22 19:02:10.0093 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys

2010/10/22 19:02:10.0171 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2010/10/22 19:02:10.0187 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

2010/10/22 19:02:10.0234 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

2010/10/22 19:02:10.0359 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2010/10/22 19:02:10.0406 AegisP (a1ad1a4a9f18d900ca9c93fa3efdcb56) C:\WINDOWS\system32\DRIVERS\AegisP.sys

2010/10/22 19:02:10.0468 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys

2010/10/22 19:02:10.0625 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

2010/10/22 19:02:10.0671 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

2010/10/22 19:02:10.0718 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys

2010/10/22 19:02:10.0750 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

2010/10/22 19:02:10.0765 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

2010/10/22 19:02:10.0812 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

2010/10/22 19:02:10.0968 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys

2010/10/22 19:02:11.0031 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys

2010/10/22 19:02:11.0078 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys

2010/10/22 19:02:11.0125 ANC (11ab185a7af224800bbfb5b836974a17) C:\WINDOWS\system32\drivers\ANC.SYS

2010/10/22 19:02:11.0156 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

2010/10/22 19:02:11.0203 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys

2010/10/22 19:02:11.0343 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys

2010/10/22 19:02:11.0390 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys

2010/10/22 19:02:11.0437 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2010/10/22 19:02:11.0484 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2010/10/22 19:02:11.0562 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2010/10/22 19:02:11.0718 ATSWPDRV (f70d2392158cb68e775f8c4cd3d12fbb) C:\WINDOWS\system32\DRIVERS\ATSwpDrv.sys

2010/10/22 19:02:11.0796 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2010/10/22 19:02:11.0875 b57w2k (f96038aa1ec4013a93d2420fc689d1e9) C:\WINDOWS\system32\DRIVERS\b57xp32.sys

2010/10/22 19:02:11.0937 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2010/10/22 19:02:12.0078 btaudio (0f249be872f618aaba8d641e81aa3d21) C:\WINDOWS\system32\drivers\btaudio.sys

2010/10/22 19:02:12.0187 BTDriver (07f0a66cfa550b13ad0674ae09e3cba0) C:\WINDOWS\system32\DRIVERS\btport.sys

2010/10/22 19:02:12.0281 BTKRNL (d84166d41a05f66d9084039427e5025b) C:\WINDOWS\system32\DRIVERS\btkrnl.sys

2010/10/22 19:02:12.0390 BTWDNDIS (b1d350f3f13cf340fce93912d2ba1ebf) C:\WINDOWS\system32\DRIVERS\btwdndis.sys

2010/10/22 19:02:12.0484 BTWUSB (a01fd9851406de0870c23759e2f7b6ea) C:\WINDOWS\system32\Drivers\btwusb.sys

2010/10/22 19:02:12.0531 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\WINDOWS\system32\drivers\BVRPMPR5.SYS

2010/10/22 19:02:12.0609 Cam5603D (594fea3e568c39cc2487a4bc2d7062d7) C:\WINDOWS\system32\Drivers\BisonCam.sys

2010/10/22 19:02:12.0750 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

2010/10/22 19:02:12.0765 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2010/10/22 19:02:12.0828 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

2010/10/22 19:02:12.0890 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

2010/10/22 19:02:12.0937 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2010/10/22 19:02:12.0984 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2010/10/22 19:02:13.0078 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2010/10/22 19:02:13.0171 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

2010/10/22 19:02:13.0250 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys

2010/10/22 19:02:13.0265 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

2010/10/22 19:02:13.0312 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys

2010/10/22 19:02:13.0343 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

2010/10/22 19:02:13.0484 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys

2010/10/22 19:02:13.0531 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2010/10/22 19:02:13.0609 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2010/10/22 19:02:13.0718 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2010/10/22 19:02:13.0796 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2010/10/22 19:02:13.0875 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2010/10/22 19:02:13.0906 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

2010/10/22 19:02:13.0968 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2010/10/22 19:02:14.0015 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys

2010/10/22 19:02:14.0078 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2010/10/22 19:02:14.0156 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

2010/10/22 19:02:14.0187 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2010/10/22 19:02:14.0265 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

2010/10/22 19:02:14.0312 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

2010/10/22 19:02:14.0390 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2010/10/22 19:02:14.0406 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2010/10/22 19:02:14.0437 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

2010/10/22 19:02:14.0546 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2010/10/22 19:02:14.0593 HdAudAddService (c3c7500b837951492f81e68b7675cb77) C:\WINDOWS\system32\drivers\CHDAud.sys

2010/10/22 19:02:14.0703 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

2010/10/22 19:02:14.0765 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2010/10/22 19:02:14.0828 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys

2010/10/22 19:02:14.0890 HSFHWAZL (51c250fb82c12ab8b0a68b246943092c) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys

2010/10/22 19:02:14.0968 HSF_DPV (bd2abf12938a2fccc340873412c2b2ab) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys

2010/10/22 19:02:15.0109 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2010/10/22 19:02:15.0218 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

2010/10/22 19:02:15.0265 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys

2010/10/22 19:02:15.0312 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2010/10/22 19:02:15.0593 ialm (c1c2d6940d6ec2f247b0f3c11e0a18e0) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys

2010/10/22 19:02:16.0015 iaStor (fd7f9d74c2b35dbda400804a3f5ed5d8) C:\WINDOWS\system32\DRIVERS\iaStor.sys

2010/10/22 19:02:16.0062 IBMTPCHK (083d095fed4b01fff9d501b98d50db68) C:\WINDOWS\system32\Drivers\IBMBLDID.sys

2010/10/22 19:02:16.0109 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2010/10/22 19:02:16.0156 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys

2010/10/22 19:02:16.0250 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

2010/10/22 19:02:16.0312 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2010/10/22 19:02:16.0343 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

2010/10/22 19:02:16.0390 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2010/10/22 19:02:16.0437 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2010/10/22 19:02:16.0546 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2010/10/22 19:02:16.0578 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2010/10/22 19:02:16.0609 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2010/10/22 19:02:16.0640 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2010/10/22 19:02:16.0687 Iviaspi (f59c3569a2f2c464bb78cb1bdcdca55e) C:\WINDOWS\system32\drivers\iviaspi.sys

2010/10/22 19:02:16.0843 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2010/10/22 19:02:16.0921 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

2010/10/22 19:02:16.0968 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2010/10/22 19:02:17.0109 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2010/10/22 19:02:17.0234 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys

2010/10/22 19:02:17.0312 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\lmimirr.sys

2010/10/22 19:02:17.0421 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\WINDOWS\system32\drivers\LMIRfsDriver.sys

2010/10/22 19:02:17.0500 mcdbus (8fd868e32459ece2a1bb0169f513d31e) C:\WINDOWS\system32\DRIVERS\mcdbus.sys

2010/10/22 19:02:17.0562 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

2010/10/22 19:02:17.0609 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2010/10/22 19:02:17.0656 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2010/10/22 19:02:17.0750 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2010/10/22 19:02:17.0828 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2010/10/22 19:02:17.0859 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2010/10/22 19:02:17.0937 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys

2010/10/22 19:02:18.0046 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2010/10/22 19:02:18.0125 MRxSmb (60ae98742484e7ab80c3c1450e708148) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2010/10/22 19:02:18.0234 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2010/10/22 19:02:18.0265 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2010/10/22 19:02:18.0328 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2010/10/22 19:02:18.0343 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2010/10/22 19:02:18.0375 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2010/10/22 19:02:18.0500 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

2010/10/22 19:02:18.0562 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

2010/10/22 19:02:18.0609 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

2010/10/22 19:02:18.0656 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2010/10/22 19:02:18.0781 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

2010/10/22 19:02:18.0828 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2010/10/22 19:02:18.0859 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2010/10/22 19:02:18.0906 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2010/10/22 19:02:18.0953 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys

2010/10/22 19:02:19.0062 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2010/10/22 19:02:19.0109 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2010/10/22 19:02:19.0234 NETw4x32 (18b2d3e11ed7a3c898ade6a6692b6929) C:\WINDOWS\system32\DRIVERS\NETw4x32.sys

2010/10/22 19:02:19.0453 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

2010/10/22 19:02:19.0515 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2010/10/22 19:02:19.0578 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2010/10/22 19:02:19.0718 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2010/10/22 19:02:19.0828 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

2010/10/22 19:02:19.0984 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2010/10/22 19:02:20.0000 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2010/10/22 19:02:20.0062 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

2010/10/22 19:02:20.0109 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

2010/10/22 19:02:20.0125 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2010/10/22 19:02:20.0156 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2010/10/22 19:02:20.0171 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2010/10/22 19:02:20.0218 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2010/10/22 19:02:20.0359 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

2010/10/22 19:02:20.0406 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys

2010/10/22 19:02:20.0500 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys

2010/10/22 19:02:20.0515 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys

2010/10/22 19:02:20.0640 pgfilter (2ee7f9a01fac4d7c5516a5c3ce130fd7) C:\Program Files\PeerGuardian2\pgfilter.sys

2010/10/22 19:02:20.0796 pmem (dedef40e1d05842639491365cb2c069e) C:\WINDOWS\System32\drivers\pmemnt.sys

2010/10/22 19:02:20.0859 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2010/10/22 19:02:20.0921 PROCDD (c9ca089787aa4ca892f2173a8e15c1b0) C:\WINDOWS\system32\DRIVERS\PROCDD.SYS

2010/10/22 19:02:21.0062 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys

2010/10/22 19:02:21.0125 psadd (aac08defb15aaab00b30341c716efa35) C:\WINDOWS\system32\DRIVERS\psadd.sys

2010/10/22 19:02:21.0187 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2010/10/22 19:02:21.0203 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2010/10/22 19:02:21.0250 pwdrvio (99cf0190f1f346cb0a0bbd1873683425) C:\WINDOWS\system32\pwdrvio.sys

2010/10/22 19:02:21.0406 pwdspio (57febcc5f8c577faad55b0ff2d617826) C:\WINDOWS\system32\pwdspio.sys

2010/10/22 19:02:21.0453 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys

2010/10/22 19:02:21.0500 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys

2010/10/22 19:02:21.0515 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

2010/10/22 19:02:21.0546 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys

2010/10/22 19:02:21.0562 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys

2010/10/22 19:02:21.0578 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys

2010/10/22 19:02:21.0609 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2010/10/22 19:02:21.0750 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2010/10/22 19:02:21.0781 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2010/10/22 19:02:21.0796 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2010/10/22 19:02:21.0859 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2010/10/22 19:02:21.0937 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2010/10/22 19:02:22.0015 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2010/10/22 19:02:22.0062 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2010/10/22 19:02:22.0203 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2010/10/22 19:02:22.0281 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys

2010/10/22 19:02:22.0343 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys

2010/10/22 19:02:22.0390 RimUsb (f17713d108aca124a139fde877eef68a) C:\WINDOWS\system32\Drivers\RimUsb.sys

2010/10/22 19:02:22.0500 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys

2010/10/22 19:02:22.0609 rismxdp (d231b577024aa324af13a42f3a807d10) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys

2010/10/22 19:02:22.0656 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys

2010/10/22 19:02:22.0703 s24trans (2220783b32a9f91df87f3e8315f091e7) C:\WINDOWS\system32\DRIVERS\s24trans.sys

2010/10/22 19:02:22.0859 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys

2010/10/22 19:02:22.0968 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2010/10/22 19:02:23.0015 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

2010/10/22 19:02:23.0093 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

2010/10/22 19:02:23.0156 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys

2010/10/22 19:02:23.0234 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys

2010/10/22 19:02:23.0296 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys

2010/10/22 19:02:23.0421 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys

2010/10/22 19:02:23.0515 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

2010/10/22 19:02:23.0562 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS

2010/10/22 19:02:23.0671 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys

2010/10/22 19:02:23.0718 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2010/10/22 19:02:23.0843 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2010/10/22 19:02:23.0906 Srv (3bb03f2ba89d2be417206c373d2af17c) C:\WINDOWS\system32\DRIVERS\srv.sys

2010/10/22 19:02:24.0015 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

2010/10/22 19:02:24.0062 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2010/10/22 19:02:24.0156 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2010/10/22 19:02:24.0187 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

2010/10/22 19:02:24.0265 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

2010/10/22 19:02:24.0281 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

2010/10/22 19:02:24.0296 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

2010/10/22 19:02:24.0359 SynTP (4c99d3c37e8e261e141304b2936196cb) C:\WINDOWS\system32\DRIVERS\SynTP.sys

2010/10/22 19:02:24.0453 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2010/10/22 19:02:24.0515 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2010/10/22 19:02:24.0656 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2010/10/22 19:02:24.0703 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2010/10/22 19:02:24.0765 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2010/10/22 19:02:25.0015 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys

2010/10/22 19:02:25.0062 TSMAPIP (ea856d91b3c088ce331e7740c72f43a3) C:\WINDOWS\system32\drivers\TSMAPIP.SYS

2010/10/22 19:02:25.0140 tvtfilter (49258a02a1e8d304ed88b0f1c56b1738) C:\WINDOWS\system32\DRIVERS\tvtfilter.sys

2010/10/22 19:02:25.0281 TVTPktFilter (0727cce3ff1a4446f4a1d507361567ab) C:\WINDOWS\system32\DRIVERS\tvtpktfilter.sys

2010/10/22 19:02:25.0359 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2010/10/22 19:02:25.0421 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys

2010/10/22 19:02:25.0468 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2010/10/22 19:02:25.0640 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys

2010/10/22 19:02:25.0687 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2010/10/22 19:02:25.0734 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2010/10/22 19:02:25.0781 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2010/10/22 19:02:25.0937 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2010/10/22 19:02:26.0015 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2010/10/22 19:02:26.0062 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2010/10/22 19:02:26.0093 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2010/10/22 19:02:26.0234 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys

2010/10/22 19:02:26.0250 Suspicious service (NoAccess): vbma9143

2010/10/22 19:02:26.0281 vbma9143 (76c20c34ccedcc483f09bd1a187301d6) C:\WINDOWS\system32\drivers\vbma9143.sys

2010/10/22 19:02:26.0296 vbma9143 - detected Locked service (1)

2010/10/22 19:02:26.0343 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2010/10/22 19:02:26.0390 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys

2010/10/22 19:02:26.0515 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

2010/10/22 19:02:26.0562 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2010/10/22 19:02:26.0625 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2010/10/22 19:02:26.0671 wceusbsh (46a247f6617526afe38b6f12f5512120) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys

2010/10/22 19:02:26.0843 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2010/10/22 19:02:26.0937 winachsf (ea2ab3c94b1aee6aa22d543f1f0c62aa) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

2010/10/22 19:02:27.0125 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys

2010/10/22 19:02:27.0187 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys

2010/10/22 19:02:27.0234 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

2010/10/22 19:02:27.0296 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2010/10/22 19:02:27.0421 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2010/10/22 19:02:27.0500 \HardDisk0\MBR - detected Rootkit.Win32.TDSS.tdl4 (0)

2010/10/22 19:02:27.0500 ================================================================================

2010/10/22 19:02:27.0500 Scan finished

2010/10/22 19:02:27.0500 ================================================================================

2010/10/22 19:02:27.0515 Detected object count: 2

2010/10/22 19:02:53.0515 Locked service(vbma9143) - User select action: Skip

2010/10/22 19:02:53.0531 \HardDisk0\MBR - will be cured after reboot

2010/10/22 19:02:53.0531 Rootkit.Win32.TDSS.tdl4(\HardDisk0\MBR) - User select action: Cure

2010/10/22 19:03:13.0515 Deinitialize success

Link to post
Share on other sites

Here is the 2nd log.

2010/10/22 22:41:44.0718 TDSS rootkit removing tool 2.4.4.0 Oct 4 2010 09:06:59

2010/10/22 22:41:44.0718 ================================================================================

2010/10/22 22:41:44.0718 SystemInfo:

2010/10/22 22:41:44.0718

2010/10/22 22:41:44.0718 OS Version: 5.1.2600 ServicePack: 3.0

2010/10/22 22:41:44.0718 Product type: Workstation

2010/10/22 22:41:44.0718 ComputerName: LAPTOP

2010/10/22 22:41:44.0718 UserName: Searchlight Comics

2010/10/22 22:41:44.0718 Windows directory: C:\WINDOWS

2010/10/22 22:41:44.0718 System windows directory: C:\WINDOWS

2010/10/22 22:41:44.0718 Processor architecture: Intel x86

2010/10/22 22:41:44.0718 Number of processors: 2

2010/10/22 22:41:44.0718 Page size: 0x1000

2010/10/22 22:41:44.0718 Boot type: Normal boot

2010/10/22 22:41:44.0718 ================================================================================

2010/10/22 22:41:45.0375 Initialize success

2010/10/22 22:41:47.0312 ================================================================================

2010/10/22 22:41:47.0312 Scan started

2010/10/22 22:41:47.0312 Mode: Manual;

2010/10/22 22:41:47.0312 ================================================================================

2010/10/22 22:41:49.0109 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

2010/10/22 22:41:49.0171 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys

2010/10/22 22:41:49.0218 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2010/10/22 22:41:49.0250 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

2010/10/22 22:41:49.0296 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

2010/10/22 22:41:49.0421 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2010/10/22 22:41:49.0468 AegisP (a1ad1a4a9f18d900ca9c93fa3efdcb56) C:\WINDOWS\system32\DRIVERS\AegisP.sys

2010/10/22 22:41:49.0531 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys

2010/10/22 22:41:49.0640 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

2010/10/22 22:41:49.0671 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

2010/10/22 22:41:49.0734 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys

2010/10/22 22:41:49.0781 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

2010/10/22 22:41:49.0796 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

2010/10/22 22:41:49.0828 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

2010/10/22 22:41:49.0937 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys

2010/10/22 22:41:49.0984 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys

2010/10/22 22:41:50.0046 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys

2010/10/22 22:41:50.0109 ANC (11ab185a7af224800bbfb5b836974a17) C:\WINDOWS\system32\drivers\ANC.SYS

2010/10/22 22:41:50.0125 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

2010/10/22 22:41:50.0171 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys

2010/10/22 22:41:50.0265 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys

2010/10/22 22:41:50.0312 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys

2010/10/22 22:41:50.0375 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2010/10/22 22:41:50.0421 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2010/10/22 22:41:50.0484 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2010/10/22 22:41:50.0609 ATSWPDRV (f70d2392158cb68e775f8c4cd3d12fbb) C:\WINDOWS\system32\DRIVERS\ATSwpDrv.sys

2010/10/22 22:41:50.0656 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2010/10/22 22:41:50.0718 b57w2k (f96038aa1ec4013a93d2420fc689d1e9) C:\WINDOWS\system32\DRIVERS\b57xp32.sys

2010/10/22 22:41:50.0750 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2010/10/22 22:41:50.0906 btaudio (0f249be872f618aaba8d641e81aa3d21) C:\WINDOWS\system32\drivers\btaudio.sys

2010/10/22 22:41:51.0000 BTDriver (07f0a66cfa550b13ad0674ae09e3cba0) C:\WINDOWS\system32\DRIVERS\btport.sys

2010/10/22 22:41:51.0093 BTKRNL (d84166d41a05f66d9084039427e5025b) C:\WINDOWS\system32\DRIVERS\btkrnl.sys

2010/10/22 22:41:51.0218 BTWDNDIS (b1d350f3f13cf340fce93912d2ba1ebf) C:\WINDOWS\system32\DRIVERS\btwdndis.sys

2010/10/22 22:41:51.0250 BTWUSB (a01fd9851406de0870c23759e2f7b6ea) C:\WINDOWS\system32\Drivers\btwusb.sys

2010/10/22 22:41:51.0296 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\WINDOWS\system32\drivers\BVRPMPR5.SYS

2010/10/22 22:41:51.0359 Cam5603D (594fea3e568c39cc2487a4bc2d7062d7) C:\WINDOWS\system32\Drivers\BisonCam.sys

2010/10/22 22:41:51.0515 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

2010/10/22 22:41:51.0531 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2010/10/22 22:41:51.0593 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

2010/10/22 22:41:51.0625 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

2010/10/22 22:41:51.0671 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2010/10/22 22:41:51.0687 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2010/10/22 22:41:51.0781 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2010/10/22 22:41:51.0859 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

2010/10/22 22:41:51.0906 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys

2010/10/22 22:41:51.0921 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

2010/10/22 22:41:51.0953 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys

2010/10/22 22:41:52.0000 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

2010/10/22 22:41:52.0109 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys

2010/10/22 22:41:52.0156 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2010/10/22 22:41:52.0203 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2010/10/22 22:41:52.0312 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2010/10/22 22:41:52.0375 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2010/10/22 22:41:52.0421 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2010/10/22 22:41:52.0453 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

2010/10/22 22:41:52.0546 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2010/10/22 22:41:52.0593 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys

2010/10/22 22:41:52.0656 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2010/10/22 22:41:52.0703 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

2010/10/22 22:41:52.0734 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2010/10/22 22:41:52.0843 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

2010/10/22 22:41:52.0875 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

2010/10/22 22:41:52.0953 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2010/10/22 22:41:52.0968 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2010/10/22 22:41:53.0015 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

2010/10/22 22:41:53.0125 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2010/10/22 22:41:53.0187 HdAudAddService (c3c7500b837951492f81e68b7675cb77) C:\WINDOWS\system32\drivers\CHDAud.sys

2010/10/22 22:41:53.0281 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

2010/10/22 22:41:53.0328 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2010/10/22 22:41:53.0406 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys

2010/10/22 22:41:53.0468 HSFHWAZL (51c250fb82c12ab8b0a68b246943092c) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys

2010/10/22 22:41:53.0515 HSF_DPV (bd2abf12938a2fccc340873412c2b2ab) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys

2010/10/22 22:41:53.0656 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2010/10/22 22:41:53.0765 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

2010/10/22 22:41:53.0812 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys

2010/10/22 22:41:53.0843 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2010/10/22 22:41:54.0062 ialm (c1c2d6940d6ec2f247b0f3c11e0a18e0) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys

2010/10/22 22:41:54.0343 iaStor (fd7f9d74c2b35dbda400804a3f5ed5d8) C:\WINDOWS\system32\DRIVERS\iaStor.sys

2010/10/22 22:41:54.0390 IBMTPCHK (083d095fed4b01fff9d501b98d50db68) C:\WINDOWS\system32\Drivers\IBMBLDID.sys

2010/10/22 22:41:54.0437 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2010/10/22 22:41:54.0468 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys

2010/10/22 22:41:54.0500 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

2010/10/22 22:41:54.0609 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2010/10/22 22:41:54.0625 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

2010/10/22 22:41:54.0671 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2010/10/22 22:41:54.0718 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2010/10/22 22:41:54.0765 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2010/10/22 22:41:54.0875 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2010/10/22 22:41:54.0906 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2010/10/22 22:41:54.0968 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2010/10/22 22:41:55.0000 Iviaspi (f59c3569a2f2c464bb78cb1bdcdca55e) C:\WINDOWS\system32\drivers\iviaspi.sys

2010/10/22 22:41:55.0109 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2010/10/22 22:41:55.0125 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

2010/10/22 22:41:55.0156 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2010/10/22 22:41:55.0203 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2010/10/22 22:41:55.0328 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys

2010/10/22 22:41:55.0437 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\lmimirr.sys

2010/10/22 22:41:55.0468 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\WINDOWS\system32\drivers\LMIRfsDriver.sys

2010/10/22 22:41:55.0531 mcdbus (8fd868e32459ece2a1bb0169f513d31e) C:\WINDOWS\system32\DRIVERS\mcdbus.sys

2010/10/22 22:41:55.0578 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

2010/10/22 22:41:55.0625 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2010/10/22 22:41:55.0656 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2010/10/22 22:41:55.0734 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2010/10/22 22:41:55.0781 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2010/10/22 22:41:55.0828 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2010/10/22 22:41:55.0843 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys

2010/10/22 22:41:55.0921 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2010/10/22 22:41:56.0046 MRxSmb (60ae98742484e7ab80c3c1450e708148) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2010/10/22 22:41:56.0156 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2010/10/22 22:41:56.0203 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2010/10/22 22:41:56.0218 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2010/10/22 22:41:56.0250 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2010/10/22 22:41:56.0265 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2010/10/22 22:41:56.0390 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

2010/10/22 22:41:56.0453 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

2010/10/22 22:41:56.0484 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

2010/10/22 22:41:56.0515 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2010/10/22 22:41:56.0625 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

2010/10/22 22:41:56.0671 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2010/10/22 22:41:56.0687 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2010/10/22 22:41:56.0703 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2010/10/22 22:41:56.0734 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys

2010/10/22 22:41:56.0828 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2010/10/22 22:41:56.0875 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2010/10/22 22:41:57.0000 NETw4x32 (18b2d3e11ed7a3c898ade6a6692b6929) C:\WINDOWS\system32\DRIVERS\NETw4x32.sys

2010/10/22 22:41:57.0171 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

2010/10/22 22:41:57.0250 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2010/10/22 22:41:57.0281 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2010/10/22 22:41:57.0406 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2010/10/22 22:41:57.0484 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

2010/10/22 22:41:57.0625 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2010/10/22 22:41:57.0640 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2010/10/22 22:41:57.0687 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

2010/10/22 22:41:57.0718 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

2010/10/22 22:41:57.0734 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2010/10/22 22:41:57.0750 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2010/10/22 22:41:57.0781 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2010/10/22 22:41:57.0828 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2010/10/22 22:41:57.0875 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

2010/10/22 22:41:57.0968 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys

2010/10/22 22:41:58.0062 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys

2010/10/22 22:41:58.0093 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys

2010/10/22 22:41:58.0187 pgfilter (2ee7f9a01fac4d7c5516a5c3ce130fd7) C:\Program Files\PeerGuardian2\pgfilter.sys

2010/10/22 22:41:58.0250 pmem (dedef40e1d05842639491365cb2c069e) C:\WINDOWS\System32\drivers\pmemnt.sys

2010/10/22 22:41:58.0375 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2010/10/22 22:41:58.0437 PROCDD (c9ca089787aa4ca892f2173a8e15c1b0) C:\WINDOWS\system32\DRIVERS\PROCDD.SYS

2010/10/22 22:41:58.0453 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys

2010/10/22 22:41:58.0515 psadd (aac08defb15aaab00b30341c716efa35) C:\WINDOWS\system32\DRIVERS\psadd.sys

2010/10/22 22:41:58.0625 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2010/10/22 22:41:58.0656 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2010/10/22 22:41:58.0703 pwdrvio (99cf0190f1f346cb0a0bbd1873683425) C:\WINDOWS\system32\pwdrvio.sys

2010/10/22 22:41:58.0843 pwdspio (57febcc5f8c577faad55b0ff2d617826) C:\WINDOWS\system32\pwdspio.sys

2010/10/22 22:41:58.0921 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys

2010/10/22 22:41:58.0984 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys

2010/10/22 22:41:59.0000 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

2010/10/22 22:41:59.0015 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys

2010/10/22 22:41:59.0031 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys

2010/10/22 22:41:59.0046 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys

2010/10/22 22:41:59.0078 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2010/10/22 22:41:59.0171 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2010/10/22 22:41:59.0203 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2010/10/22 22:41:59.0234 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2010/10/22 22:41:59.0265 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2010/10/22 22:41:59.0281 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2010/10/22 22:41:59.0390 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2010/10/22 22:41:59.0453 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2010/10/22 22:41:59.0484 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2010/10/22 22:41:59.0593 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys

2010/10/22 22:41:59.0640 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys

2010/10/22 22:41:59.0687 RimUsb (f17713d108aca124a139fde877eef68a) C:\WINDOWS\system32\Drivers\RimUsb.sys

2010/10/22 22:41:59.0734 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys

2010/10/22 22:41:59.0828 rismxdp (d231b577024aa324af13a42f3a807d10) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys

2010/10/22 22:41:59.0890 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys

2010/10/22 22:41:59.0953 s24trans (2220783b32a9f91df87f3e8315f091e7) C:\WINDOWS\system32\DRIVERS\s24trans.sys

2010/10/22 22:42:00.0015 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys

2010/10/22 22:42:00.0125 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2010/10/22 22:42:00.0171 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

2010/10/22 22:42:00.0203 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

2010/10/22 22:42:00.0250 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys

2010/10/22 22:42:00.0328 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys

2010/10/22 22:42:00.0390 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys

2010/10/22 22:42:00.0453 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys

2010/10/22 22:42:00.0546 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

2010/10/22 22:42:00.0609 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS

2010/10/22 22:42:00.0656 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys

2010/10/22 22:42:00.0687 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2010/10/22 22:42:00.0718 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2010/10/22 22:42:00.0828 Srv (3bb03f2ba89d2be417206c373d2af17c) C:\WINDOWS\system32\DRIVERS\srv.sys

2010/10/22 22:42:00.0875 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

2010/10/22 22:42:01.0046 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2010/10/22 22:42:01.0093 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2010/10/22 22:42:01.0156 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

2010/10/22 22:42:01.0187 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

2010/10/22 22:42:01.0265 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

2010/10/22 22:42:01.0281 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

2010/10/22 22:42:01.0343 SynTP (4c99d3c37e8e261e141304b2936196cb) C:\WINDOWS\system32\DRIVERS\SynTP.sys

2010/10/22 22:42:01.0390 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2010/10/22 22:42:01.0453 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2010/10/22 22:42:01.0546 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2010/10/22 22:42:01.0609 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2010/10/22 22:42:01.0640 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2010/10/22 22:42:01.0703 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys

2010/10/22 22:42:01.0812 TSMAPIP (ea856d91b3c088ce331e7740c72f43a3) C:\WINDOWS\system32\drivers\TSMAPIP.SYS

2010/10/22 22:42:01.0875 tvtfilter (49258a02a1e8d304ed88b0f1c56b1738) C:\WINDOWS\system32\DRIVERS\tvtfilter.sys

2010/10/22 22:42:01.0937 TVTPktFilter (0727cce3ff1a4446f4a1d507361567ab) C:\WINDOWS\system32\DRIVERS\tvtpktfilter.sys

2010/10/22 22:42:01.0984 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2010/10/22 22:42:02.0109 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys

2010/10/22 22:42:02.0171 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2010/10/22 22:42:02.0343 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys

2010/10/22 22:42:02.0390 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2010/10/22 22:42:02.0453 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2010/10/22 22:42:02.0468 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2010/10/22 22:42:02.0515 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2010/10/22 22:42:02.0625 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2010/10/22 22:42:02.0671 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2010/10/22 22:42:02.0718 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2010/10/22 22:42:02.0765 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys

2010/10/22 22:42:02.0765 Suspicious service (NoAccess): vbma9143

2010/10/22 22:42:02.0890 vbma9143 (76c20c34ccedcc483f09bd1a187301d6) C:\WINDOWS\system32\drivers\vbma9143.sys

2010/10/22 22:42:02.0890 vbma9143 - detected Locked service (1)

2010/10/22 22:42:02.0953 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2010/10/22 22:42:03.0015 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys

2010/10/22 22:42:03.0062 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

2010/10/22 22:42:03.0140 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2010/10/22 22:42:03.0171 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2010/10/22 22:42:03.0218 wceusbsh (46a247f6617526afe38b6f12f5512120) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys

2010/10/22 22:42:03.0281 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2010/10/22 22:42:03.0359 winachsf (ea2ab3c94b1aee6aa22d543f1f0c62aa) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

2010/10/22 22:42:03.0515 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys

2010/10/22 22:42:03.0562 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys

2010/10/22 22:42:03.0593 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

2010/10/22 22:42:03.0656 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2010/10/22 22:42:03.0687 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2010/10/22 22:42:03.0906 ================================================================================

2010/10/22 22:42:03.0906 Scan finished

2010/10/22 22:42:03.0906 ================================================================================

2010/10/22 22:42:03.0906 Detected object count: 1

2010/10/22 22:42:23.0421 HKLM\SYSTEM\ControlSet001\services\vbma9143 - will be deleted after reboot

2010/10/22 22:42:23.0515 HKLM\SYSTEM\ControlSet002\services\vbma9143 - will be deleted after reboot

2010/10/22 22:42:23.0578 HKLM\SYSTEM\ControlSet003\services\vbma9143 - will be deleted after reboot

2010/10/22 22:42:23.0640 HKLM\SYSTEM\ControlSet004\services\vbma9143 - will be deleted after reboot

2010/10/22 22:42:23.0718 C:\WINDOWS\system32\drivers\vbma9143.sys - will be deleted after reboot

2010/10/22 22:42:23.0718 Locked service(vbma9143) - User select action: Delete

Link to post
Share on other sites

ComboFix is saying that it has detected that AVG Anti-Virus Free is active. I uninstalled that when I first got this virus days ago because it was affecting another virus system I was trying to install. I ran the AVG removal tool and apparently it didn't fully remove it. It doesn't show up on my system tray and it's not in add/remove programs. What should I do?

Link to post
Share on other sites

It didn't give me an extras file this time.

OTL logfile created on: 10/25/2010 5:40:41 AM - Run 2

OTL by OldTimer - Version 3.2.17.1 Folder = C:\Documents and Settings\Searchlight Comics\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 197.00 Mb Available Physical Memory | 19.00% Memory free

2.00 Gb Paging File | 1.00 Gb Available in Paging File | 53.00% Paging File free

Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 113.47 Gb Total Space | 19.05 Gb Free Space | 16.79% Space Free | Partition Type: NTFS

Drive F: | 29.65 Gb Total Space | 25.00 Gb Free Space | 84.32% Space Free | Partition Type: NTFS

Computer Name: LAPTOP | User Name: Searchlight Comics | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Searchlight Comics\Desktop\OTL3.exe (OldTimer Tools)

PRC - C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)

PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Program Files\LogMeIn\x86\ramaint.exe (LogMeIn, Inc.)

PRC - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.)

PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)

PRC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe (Seagate Technology LLC)

PRC - C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)

PRC - C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)

PRC - c:\Program Files\Lenovo\System Update\SUService.exe (Lenovo Group Limited)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)

PRC - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe (Lenovo Group Limited)

PRC - C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)

PRC - C:\Program Files\Lenovo\Client Security Solution\cssauth.exe (Lenovo Group Limited)

PRC - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)

PRC - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Lenovo )

PRC - C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe (Lenovo )

PRC - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe (Lenovo )

PRC - C:\WINDOWS\system32\FpLogonServ.exe (AuthenTec,Inc)

PRC - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)

PRC - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )

PRC - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)

PRC - C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe (Lenovo Group Limited)

PRC - C:\Program Files\Lenovo\HOTKEY\FnF5svc.exe (Lenovo.)

PRC - C:\WINDOWS\BisonCam\BsMnt.exe ()

PRC - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe (Pure Networks, Inc.)

PRC - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe ()

PRC - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe (Lenovo Group Limited)

PRC - C:\WINDOWS\system32\lxcicoms.exe ( )

PRC - C:\WINDOWS\system32\IPSSVC.EXE (Lenovo Group Limited)

PRC - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)

PRC - C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)

PRC - C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)

PRC - C:\WINDOWS\system32\PSIService.exe ()

PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe ()

PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe ()

PRC - C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe ()

PRC - C:\Program Files\PM Agent\WisFnCtrlSvc.exe (Wistron Corp.)

PRC - C:\Program Files\Common Files\Installshield\UpdateService\issch.exe (InstallShield Software Corporation)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Searchlight Comics\Desktop\OTL3.exe (OldTimer Tools)

MOD - C:\WINDOWS\odomipobe.dll ()

MOD - C:\WINDOWS\system32\opengl32.dll (Microsoft Corporation)

MOD - C:\WINDOWS\system32\iphlpapi.dll (Microsoft Corporation)

MOD - C:\WINDOWS\system32\glu32.dll (Microsoft Corporation)

MOD - C:\WINDOWS\system32\ddraw.dll (Microsoft Corporation)

MOD - C:\WINDOWS\system32\dciman32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (LMIMaint) -- C:\Program Files\LogMeIn\x86\RaMaint.exe (LogMeIn, Inc.)

SRV - (LMIGuardianSvc) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.)

SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)

SRV - (FreeAgentGoNext Service) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe (Seagate Technology LLC)

SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)

SRV - (LogMeIn) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)

SRV - (SUService) -- c:\Program Files\Lenovo\System Update\SUService.exe (Lenovo Group Limited)

SRV - (TVT Scheduler) -- c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe (Lenovo Group Limited)

SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)

SRV - (ThinkVantage Registry Monitor Service) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)

SRV - (AcPrfMgrSvc) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Lenovo )

SRV - (AcSvc) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe (Lenovo )

SRV - (FingerprintServer) -- C:\WINDOWS\system32\FpLogonServ.exe (AuthenTec,Inc)

SRV - (EvtEng) Intel® -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)

SRV - (S24EventMonitor) Intel® -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )

SRV - (RegSrvc) Intel® -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)

SRV - (FNF5SVC) -- C:\Program Files\Lenovo\HOTKEY\FnF5svc.exe (Lenovo.)

SRV - (nmservice) -- C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe (Pure Networks, Inc.)

SRV - (nmraapache) -- C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe (Pure Networks, Inc.)

SRV - (TVT Backup Protection Service) -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe ()

SRV - (TVT Backup Service) -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe (Lenovo Group Limited)

SRV - (lxci_device) -- C:\WINDOWS\System32\lxcicoms.exe ( )

SRV - (IPSSVC) -- C:\WINDOWS\system32\IPSSVC.EXE (Lenovo Group Limited)

SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)

SRV - (btwdins) -- C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)

SRV - (ProtexisLicensing) -- C:\WINDOWS\system32\PSIService.exe ()

SRV - (WisFnCtrlSvc) -- C:\Program Files\PM Agent\WisFnCtrlSvc.exe (Wistron Corp.)

SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)

SRV - (msvsmon80) -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (UIUSys) -- C:\WINDOWS\System32\DRIVERS\UIUSYS.SYS File not found

DRV - (LMIRfsClientNP) -- C:\WINDOWS\System32\LMIRfsClientNP.dll (LogMeIn, Inc.)

DRV - (pwdrvio) -- C:\WINDOWS\system32\pwdrvio.sys ()

DRV - (pwdspio) -- C:\WINDOWS\system32\pwdspio.sys ()

DRV - (mcdbus) -- C:\WINDOWS\system32\drivers\mcdbus.sys (MagicISO, Inc.)

DRV - (LMIRfsDriver) -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)

DRV - (LMIInfo) -- C:\Program Files\LogMeIn\x86\rainfo.sys (LogMeIn, Inc.)

DRV - (tvtfilter) -- C:\WINDOWS\system32\drivers\tvtfilter.sys (Lenovo)

DRV - (pmem) -- C:\WINDOWS\system32\drivers\pmemnt.sys (Microsoft Corporation)

DRV - (BVRPMPR5) -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS (Avanquest Software)

DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)

DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)

DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)

DRV - (Cam5603D) -- C:\WINDOWS\system32\drivers\BisonCam.sys (Bison Electronics. Inc. )

DRV - (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor) -- C:\WINDOWS\system32\drivers\atswpdrv.sys (AuthenTec, Inc.)

DRV - (psadd) -- C:\WINDOWS\system32\drivers\psadd.sys (Lenovo (United States) Inc.)

DRV - (NETw4x32) Intel® -- C:\WINDOWS\system32\drivers\NETw4x32.sys (Intel Corporation)

DRV - (TSMAPIP) -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS ()

DRV - (IBMTPCHK) -- C:\WINDOWS\system32\drivers\IBMBLDID.sys ()

DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)

DRV - (rismxdp) -- C:\WINDOWS\system32\drivers\rixdptsk.sys (REDC)

DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\CHDAud.sys (Conexant Systems Inc.)

DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)

DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC)

DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)

DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)

DRV - (iaStor) -- C:\WINDOWS\system32\DRIVERS\iaStor.sys (Intel Corporation)

DRV - (TVTPktFilter) -- C:\WINDOWS\system32\drivers\tvtpktfilter.sys (Lenovo Group Limited)

DRV - (pgfilter) -- C:\Program Files\PeerGuardian2\pgfilter.sys ()

DRV - (rimsptsk) -- C:\WINDOWS\system32\drivers\rimsptsk.sys (REDC)

DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)

DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)

DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)

DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)

DRV - (PROCDD) -- C:\WINDOWS\system32\drivers\PROCDD.SYS (Lenovo Group Limited)

DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.)

DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)

DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation.)

DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation.)

DRV - (ANC) -- C:\WINDOWS\system32\drivers\ANC.sys (IBM Corp.)

DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)

DRV - (Iviaspi) -- C:\WINDOWS\system32\drivers\iviaspi.sys (InterVideo, Inc.)

DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)

DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)

DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)

DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)

DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)

DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)

DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)

DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)

DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)

DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)

DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)

DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)

DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)

DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)

DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)

DRV - (ac97intc) Intel® 82801 Audio Driver Install Service (WDM) -- C:\WINDOWS\system32\drivers\ac97intc.sys (Intel Corporation)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.suggest.enabled: false

FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.7

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11

FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1

FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000006

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}:6.0.18

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: LogMeInClient@logmein.com:1.0.0.608

FF - prefs.js..extensions.enabledItems: {F8E5F8BE-1E4C-4AD8-B0A0-FAABB8D136D7}:1.9.1

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.11

FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2008/12/17 12:32:11 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{F8E5F8BE-1E4C-4AD8-B0A0-FAABB8D136D7}: C:\Documents and Settings\Searchlight Comics\Local Settings\Application Data\{F8E5F8BE-1E4C-4AD8-B0A0-FAABB8D136D7} [2010/10/19 21:30:12 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/20 09:33:39 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/20 09:33:39 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.4\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/09/20 14:35:32 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.4\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010/08/22 14:20:40 | 000,000,000 | ---D | M]

[2010/09/09 15:03:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Searchlight Comics\Application Data\Mozilla\Extensions

[2010/09/09 15:03:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Searchlight Comics\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}

[2008/08/06 22:45:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Searchlight Comics\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2010/10/25 03:38:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Searchlight Comics\Application Data\Mozilla\Firefox\Profiles\93ufhb43.default\extensions

[2009/09/26 10:57:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Searchlight Comics\Application Data\Mozilla\Firefox\Profiles\93ufhb43.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2009/03/11 09:04:51 | 000,000,000 | ---D | M] (Live HTTP Headers) -- C:\Documents and Settings\Searchlight Comics\Application Data\Mozilla\Firefox\Profiles\93ufhb43.default\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}

[2010/05/18 22:14:29 | 000,000,000 | ---D | M] (FireFTP) -- C:\Documents and Settings\Searchlight Comics\Application Data\Mozilla\Firefox\Profiles\93ufhb43.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}

[2009/05/24 13:10:27 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\Searchlight Comics\Application Data\Mozilla\Firefox\Profiles\93ufhb43.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}

[2009/05/23 19:19:21 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Searchlight Comics\Application Data\Mozilla\Firefox\Profiles\93ufhb43.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}

[2009/04/19 21:37:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Searchlight Comics\Application Data\Mozilla\Firefox\Profiles\93ufhb43.default\extensions\dave2x@download

[2010/07/14 20:20:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Searchlight Comics\Application Data\Mozilla\Firefox\Profiles\93ufhb43.default\extensions\LogMeInClient@logmein.com

[2009/05/20 22:25:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Searchlight Comics\Application Data\Mozilla\Firefox\Profiles\93ufhb43.default\extensions\moveplayer@movenetworks.com

[2009/12/10 18:33:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Searchlight Comics\Application Data\Mozilla\Firefox\Profiles\93ufhb43.default\extensions\TechnicianConsole@logmeinrescue.com

[2010/10/25 02:22:07 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2010/10/20 09:33:26 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2008/08/06 21:18:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

[2008/12/17 12:32:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

[2010/02/08 16:21:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

[2010/10/20 09:33:26 | 000,025,048 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll

[2010/10/20 09:33:26 | 000,140,248 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll

[2007/04/10 18:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll

[2009/12/17 18:14:01 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll

[2009/02/06 12:44:28 | 001,447,296 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll

[2010/10/20 09:33:31 | 000,066,520 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll

[2009/02/27 12:13:42 | 000,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll

[2010/08/22 14:20:38 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll

[2010/08/22 14:20:38 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll

[2010/08/22 14:20:38 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll

[2010/08/22 14:20:38 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll

[2010/08/22 14:20:39 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll

[2010/08/22 14:20:39 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll

[2010/08/22 14:20:39 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll

[2010/10/18 09:56:32 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml

[2010/10/18 09:56:32 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml

[2010/10/18 09:56:32 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml

[2010/10/18 09:56:32 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml

[2010/10/18 09:56:33 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml

[2010/10/18 09:56:33 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml

[2010/10/18 09:56:33 | 000,001,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2010/07/02 23:24:50 | 000,411,396 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 127.0.0.1 www.007guard.com

O1 - Hosts: 127.0.0.1 007guard.com

O1 - Hosts: 127.0.0.1 008i.com

O1 - Hosts: 127.0.0.1 www.008k.com

O1 - Hosts: 127.0.0.1 008k.com

O1 - Hosts: 127.0.0.1 www.00hq.com

O1 - Hosts: 127.0.0.1 00hq.com

O1 - Hosts: 127.0.0.1 010402.com

O1 - Hosts: 127.0.0.1 www.032439.com

O1 - Hosts: 127.0.0.1 032439.com

O1 - Hosts: 127.0.0.1 www.0scan.com

O1 - Hosts: 127.0.0.1 0scan.com

O1 - Hosts: 127.0.0.1 1000gratisproben.com

O1 - Hosts: 127.0.0.1 www.1000gratisproben.com

O1 - Hosts: 127.0.0.1 1001namen.com

O1 - Hosts: 127.0.0.1 www.1001namen.com

O1 - Hosts: 127.0.0.1 100888290cs.com

O1 - Hosts: 127.0.0.1 www.100888290cs.com

O1 - Hosts: 127.0.0.1 www.100sexlinks.com

O1 - Hosts: 127.0.0.1 100sexlinks.com

O1 - Hosts: 127.0.0.1 10sek.com

O1 - Hosts: 127.0.0.1 www.10sek.com

O1 - Hosts: 127.0.0.1 www.1-2005-search.com

O1 - Hosts: 127.0.0.1 1-2005-search.com

O1 - Hosts: 14217 more lines...

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.

O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)

O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O2 - BHO: (CPwmIEBrowserHelper Object) - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)

O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()

O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe (LENOVO)

O4 - HKLM..\Run: [bsMnt] C:\WINDOWS\BisonCam\BsMnt.exe ()

O4 - HKLM..\Run: [cssauth] C:\Program Files\Lenovo\Client Security Solution\cssauth.exe (Lenovo Group Limited)

O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)

O4 - HKLM..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)

O4 - HKLM..\Run: [iSUSPM Startup] C:\Program Files\Common Files\Installshield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)

O4 - HKLM..\Run: [iSUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)

O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)

O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)

O4 - HKLM..\Run: [LPManager] C:\Program Files\Lenovo\LenovoCare\LPMGR.EXE (Lenovo Group Limited)

O4 - HKLM..\Run: [LXCICATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCItime.DLL (Lexmark International Inc.)

O4 - HKLM..\Run: [Ntacetohekafom] C:\WINDOWS\odomipobe.DLL ()

O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)

O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)

O4 - HKLM..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe (Lenovo Group Limited)

O4 - HKLM..\Run: [TPWAUDAP] C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe ()

O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)

O4 - HKLM..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe ()

O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)

O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)

O4 - HKCU..\Run: [mediarealease70x700hh.exe] C:\Documents and Settings\Searchlight Comics\Application Data\FC6BCBC365901A48201EB68D1596A914\mediarealease70x700hh.exe (?????????? ??????????)

O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)

O4 - HKLM..\RunOnce: [*upd_debug.exe] C:\Documents and Settings\Searchlight Comics\Application Data\FC6BCBC365901A48201EB68D1596A914\upd_debug.exe (?????????? ??????????)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta ()

O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()

O9 - Extra 'Tools' menuitem : ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)

O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\puresp3.dll (Pure Networks, Inc.)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)

O20 - Winlogon\Notify\ACNotify: DllName - ACNotify.dll - C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll (Lenovo )

O20 - Winlogon\Notify\ATFUS: DllName - C:\WINDOWS\system32\FpWinLogonNp.dll - C:\WINDOWS\system32\FpWinlogonNp.dll (AuthenTec,Inc)

O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - File not found

O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)

O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)

O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)

O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\tphotkey: DllName - C:\Program Files\Lenovo\HOTKEY\tphklock.dll - C:\Program Files\Lenovo\HOTKEY\tphklock.dll ()

O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)

O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)

O21 - SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O24 - Desktop Components:0 (My Current Home Page) - About:Home

O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp

O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/04/30 03:13:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2006/11/13 13:35:04 | 000,000,052 | ---- | M] () - F:\Autorun.inf -- [ NTFS ]

O33 - MountPoints2\{42b0e680-6650-11de-91b8-001f3adc5863}\Shell - "" = AutoRun

O33 - MountPoints2\{42b0e680-6650-11de-91b8-001f3adc5863}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{42b0e680-6650-11de-91b8-001f3adc5863}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found

O33 - MountPoints2\{47974cb0-ab9c-11df-b178-001f3adc5863}\Shell - "" = AutoRun

O33 - MountPoints2\{47974cb0-ab9c-11df-b178-001f3adc5863}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{47974cb0-ab9c-11df-b178-001f3adc5863}\Shell\AutoRun\command - "" = H:\iStudio.exe -- File not found

O33 - MountPoints2\{8dfee434-6764-11de-91b9-001f3adc5863}\Shell\AutoRun\command - "" = .\Encryption Tool\MaxtorEncryption.exe

O33 - MountPoints2\{92838a13-ddae-11dd-918b-001f3adc5863}\Shell\AutoRun\command - "" = G:\setupSNK.exe -- File not found

O33 - MountPoints2\{d0c60b4b-0f66-11df-b301-806d6172696f}\Shell\AutoRun\command - "" = F:\Setup.exe -- [2007/02/21 11:50:42 | 000,751,824 | ---- | M] (Conexant Systems, Inc.)

O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Setup.exe -- [2007/02/21 11:50:42 | 000,751,824 | ---- | M] (Conexant Systems, Inc.)

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/10/25 05:34:31 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Searchlight Comics\Desktop\OTL3.exe

[2010/10/25 03:25:42 | 000,000,000 | --SD | C] -- C:\ComboFix

[2010/10/23 01:10:38 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2010/10/23 00:53:58 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2010/10/23 00:53:58 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2010/10/23 00:53:58 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2010/10/23 00:53:58 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2010/10/22 19:01:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Searchlight Comics\Desktop\tdsskiller

[2010/10/22 01:53:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Searchlight Comics\Desktop\Save Me

[2010/10/21 12:24:30 | 000,000,000 | -HSD | C] -- C:\found.000

[2010/10/21 10:08:37 | 000,000,000 | ---D | C] -- C:\_OTL

[2010/10/20 18:42:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe

[2010/10/20 17:16:01 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group

[2010/10/20 17:08:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools

[2010/10/20 14:51:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{E961CE1B-C3EA-4882-9F67-F859B555D097}

[2010/10/20 14:50:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData

[2010/10/20 13:18:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\LogMeIn

[2010/10/20 03:16:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2010/10/20 03:09:58 | 000,000,000 | ---D | C] -- C:\Qoobox

[2010/10/20 02:16:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan

[2010/10/19 22:45:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia

[2010/10/19 22:45:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe

[2010/10/19 21:30:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Searchlight Comics\Local Settings\Application Data\{F8E5F8BE-1E4C-4AD8-B0A0-FAABB8D136D7}

[2010/10/19 21:27:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Update

[2010/10/19 21:27:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Searchlight Comics\Application Data\Uzzaiw1

[2010/10/19 21:27:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Searchlight Comics\Application Data\Neywo1

[2010/10/19 21:26:12 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Documents\Server

[2010/10/19 21:25:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Searchlight Comics\Application Data\FC6BCBC365901A48201EB68D1596A914

[2010/09/29 16:09:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Searchlight Comics\Application Data\NewSoft

[2010/09/29 16:08:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Searchlight Comics\Local Settings\Application Data\NewSoft

[2009/01/06 20:25:00 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Searchlight Comics\Application Data\pcouffin.sys

[2008/10/28 09:48:26 | 000,323,584 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcihcp.dll

[2008/10/28 09:48:25 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxciinpa.dll

[2008/10/28 09:48:25 | 000,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\lxciiesc.dll

[2008/10/28 09:48:24 | 000,991,232 | ---- | C] ( ) -- C:\WINDOWS\System32\lxciusb1.dll

[2008/10/28 09:48:23 | 001,224,704 | ---- | C] ( ) -- C:\WINDOWS\System32\lxciserv.dll

[2008/10/28 09:48:22 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxciprox.dll

[2008/10/28 09:48:21 | 000,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcipplc.dll

[2008/10/28 09:48:20 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcipmui.dll

[2008/10/28 09:48:19 | 000,585,728 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcilmpm.dll

[2008/10/28 09:48:16 | 000,696,320 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcihbn3.dll

[2008/10/28 09:48:11 | 000,684,032 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcicomc.dll

[2008/10/28 09:48:11 | 000,421,888 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcicomm.dll

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2087/08/09 10:15:50 | 000,001,627 | ---- | M] () -- C:\Documents and Settings\Searchlight Comics\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2087/08/09 10:15:50 | 000,001,609 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

[2010/10/25 05:34:34 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Searchlight Comics\Desktop\OTL3.exe

[2010/10/25 05:33:09 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Qguyoxired.dat

[2010/10/25 03:20:36 | 003,883,109 | R--- | M] () -- C:\Documents and Settings\Searchlight Comics\Desktop\ComboFix.exe

[2010/10/25 02:28:00 | 000,000,440 | ---- | M] () -- C:\WINDOWS\tasks\Updater.job

[2010/10/25 02:11:07 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Afoxogovitogol.bin

[2010/10/25 02:10:16 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/10/25 02:10:08 | 000,025,269 | ---- | M] () -- C:\WINDOWS\System32\PROCDB.INI

[2010/10/25 02:09:51 | 000,000,380 | ---- | M] () -- C:\WINDOWS\System32\IPSCtrl.INI

[2010/10/25 02:09:51 | 000,000,330 | -HS- | M] () -- C:\WINDOWS\tasks\ZKFOB.job

[2010/10/25 02:09:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/10/25 02:09:47 | 1063,702,528 | -HS- | M] () -- C:\hiberfil.sys

[2010/10/23 02:59:36 | 000,002,529 | ---- | M] () -- C:\WINDOWS\lsrslt.ini

[2010/10/23 02:42:59 | 000,002,563 | ---- | M] () -- C:\Documents and Settings\Searchlight Comics\Desktop\ComicEbayInventory.lnk

[2010/10/23 01:10:44 | 000,000,437 | RHS- | M] () -- C:\boot.ini

[2010/10/22 19:01:28 | 001,211,285 | ---- | M] () -- C:\Documents and Settings\Searchlight Comics\Desktop\tdsskiller.zip

[2010/10/21 20:55:36 | 000,575,488 | ---- | M] () -- C:\Documents and Settings\Searchlight Comics\Desktop\OTL2.com

[2010/10/21 20:29:07 | 000,575,488 | ---- | M] () -- C:\Documents and Settings\Searchlight Comics\Desktop\OTL.com

[2010/10/21 01:21:14 | 094,688,116 | ---- | M] () -- C:\Documents and Settings\Searchlight Comics\Desktop\avg_arl_ffi_all_100_100826a3693.zip

[2010/10/20 22:15:37 | 000,006,400 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010/10/20 22:12:07 | 000,000,321 | ---- | M] () -- C:\Boot.bak

[2010/10/20 17:54:03 | 000,006,438 | ---- | M] () -- C:\Documents and Settings\Searchlight Comics\My Documents\cc_20101020_175346.reg

[2010/10/20 17:46:38 | 000,012,315 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\.wtav

[2010/10/20 17:16:01 | 000,000,924 | ---- | M] () -- C:\Documents and Settings\Searchlight Comics\Desktop\Revo Uninstaller.lnk

[2010/10/20 02:58:31 | 000,002,548 | ---- | M] () -- C:\config.xml

[2010/10/20 02:58:24 | 000,000,456 | ---- | M] () -- C:\WINDOWS\System32\RW_FileFlag.dat

[2010/10/20 02:58:23 | 000,021,792 | ---- | M] () -- C:\WINDOWS\System32\RW_FileType.dat

[2010/10/20 01:40:54 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Searchlight Comics\Local Settings\Application Data\prvlcl.dat

[2010/10/19 22:21:56 | 000,575,488 | ---- | M] () -- C:\Documents and Settings\Searchlight Comics\Desktop\OTL.exe

[2010/10/19 21:29:47 | 000,069,632 | RHS- | M] () -- C:\WINDOWS\System32\tlntsessp.dll

[2010/10/19 21:28:02 | 000,000,211 | ---- | M] () -- C:\Documents and Settings\Searchlight Comics\Application Data\378981.bat

[2010/10/19 21:27:57 | 000,958,464 | ---- | M] () -- C:\Documents and Settings\Searchlight Comics\Local Settings\Application Data\998652.exe

[2010/10/19 21:27:23 | 000,000,211 | ---- | M] () -- C:\Documents and Settings\Searchlight Comics\Application Data\330841.bat

[2010/10/19 21:27:22 | 000,000,211 | ---- | M] () -- C:\Documents and Settings\Searchlight Comics\Application Data\412041.bat

[2010/10/19 13:10:09 | 002,773,594 | ---- | M] () -- C:\Documents and Settings\Searchlight Comics\Desktop\revise prices.csv

[2010/10/09 18:11:08 | 000,364,032 | ---- | M] () -- C:\Documents and Settings\Searchlight Comics\Desktop\123.com

[2010/09/30 16:37:35 | 000,087,424 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIinit.dll

[2010/09/30 16:37:35 | 000,083,360 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIRfsClientNP.dll

[2010/09/30 16:37:35 | 000,029,568 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIport.dll

[2010/09/29 16:12:03 | 002,338,333 | ---- | M] () -- C:\Documents and Settings\Searchlight Comics\Desktop\Liberty Meadows 20 Back.jpg

[2010/09/29 16:08:29 | 004,329,047 | ---- | M] () -- C:\Documents and Settings\Searchlight Comics\Desktop\Liberty Meadows 20 Front.jpg

[2010/09/26 21:06:17 | 000,059,097 | ---- | M] () -- C:\WINDOWS\KernelMessage

[2010/09/25 09:42:25 | 000,143,360 | ---- | M] () -- C:\Documents and Settings\Searchlight Comics\My Documents\db1.mdb

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/25 03:20:31 | 003,883,109 | R--- | C] () -- C:\Documents and Settings\Searchlight Comics\Desktop\ComboFix.exe

[2010/10/23 01:10:44 | 000,000,321 | ---- | C] () -- C:\Boot.bak

[2010/10/23 01:10:40 | 000,260,272 | RHS- | C] () -- C:\cmldr

[2010/10/23 00:53:58 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2010/10/23 00:53:58 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2010/10/23 00:53:58 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2010/10/23 00:53:58 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2010/10/23 00:53:58 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2010/10/22 19:01:23 | 001,211,285 | ---- | C] () -- C:\Documents and Settings\Searchlight Comics\Desktop\tdsskiller.zip

[2010/10/22 04:56:20 | 1063,702,528 | -HS- | C] () -- C:\hiberfil.sys

[2010/10/21 20:55:33 | 000,575,488 | ---- | C] () -- C:\Documents and Settings\Searchlight Comics\Desktop\OTL2.com

[2010/10/21 20:29:03 | 000,575,488 | ---- | C] () -- C:\Documents and Settings\Searchlight Comics\Desktop\OTL.com

[2010/10/21 01:21:14 | 094,688,116 | ---- | C] () -- C:\Documents and Settings\Searchlight Comics\Desktop\avg_arl_ffi_all_100_100826a3693.zip

[2010/10/20 17:53:49 | 000,006,438 | ---- | C] () -- C:\Documents and Settings\Searchlight Comics\My Documents\cc_20101020_175346.reg

[2010/10/20 17:16:54 | 000,012,315 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\.wtav

[2010/10/20 17:16:01 | 000,000,924 | ---- | C] () -- C:\Documents and Settings\Searchlight Comics\Desktop\Revo Uninstaller.lnk

[2010/10/20 10:29:13 | 000,133,632 | ---- | C] () -- C:\Documents and Settings\Searchlight Comics\Desktop\RKUnhookerLE.EXE

[2010/10/20 10:29:12 | 000,575,488 | ---- | C] () -- C:\Documents and Settings\Searchlight Comics\Desktop\OTL.exe

[2010/10/20 02:58:31 | 000,002,548 | ---- | C] () -- C:\config.xml

[2010/10/20 02:56:26 | 000,002,529 | ---- | C] () -- C:\WINDOWS\lsrslt.ini

[2010/10/20 01:18:11 | 000,364,032 | ---- | C] () -- C:\Documents and Settings\Searchlight Comics\Desktop\123.com

[2010/10/19 21:30:20 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Qguyoxired.dat

[2010/10/19 21:30:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Afoxogovitogol.bin

[2010/10/19 21:29:50 | 000,000,330 | -HS- | C] () -- C:\WINDOWS\tasks\ZKFOB.job

[2010/10/19 21:29:47 | 000,069,632 | RHS- | C] () -- C:\WINDOWS\System32\tlntsessp.dll

[2010/10/19 21:28:06 | 000,000,440 | ---- | C] () -- C:\WINDOWS\tasks\Updater.job

[2010/10/19 21:28:02 | 000,000,211 | ---- | C] () -- C:\Documents and Settings\Searchlight Comics\Application Data\378981.bat

[2010/10/19 21:27:57 | 000,958,464 | ---- | C] () -- C:\Documents and Settings\Searchlight Comics\Local Settings\Application Data\998652.exe

[2010/10/19 21:27:23 | 000,000,211 | ---- | C] () -- C:\Documents and Settings\Searchlight Comics\Application Data\330841.bat

[2010/10/19 21:27:22 | 000,000,211 | ---- | C] () -- C:\Documents and Settings\Searchlight Comics\Application Data\412041.bat

[2010/10/19 13:08:48 | 002,773,594 | ---- | C] () -- C:\Documents and Settings\Searchlight Comics\Desktop\revise prices.csv

[2010/10/13 23:27:12 | 000,002,563 | ---- | C] () -- C:\Documents and Settings\Searchlight Comics\Desktop\ComicEbayInventory.lnk

[2010/09/29 16:12:03 | 002,338,333 | ---- | C] () -- C:\Documents and Settings\Searchlight Comics\Desktop\Liberty Meadows 20 Back.jpg

[2010/09/29 16:08:29 | 004,329,047 | ---- | C] () -- C:\Documents and Settings\Searchlight Comics\Desktop\Liberty Meadows 20 Front.jpg

[2010/09/25 09:37:52 | 000,143,360 | ---- | C] () -- C:\Documents and Settings\Searchlight Comics\My Documents\db1.mdb

[2010/07/03 11:31:46 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys

[2010/01/31 23:04:33 | 000,016,456 | ---- | C] () -- C:\WINDOWS\System32\pwdrvio.sys

[2010/01/31 23:04:32 | 000,011,088 | ---- | C] () -- C:\WINDOWS\System32\pwdspio.sys

[2009/12/08 23:00:50 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Searchlight Comics\Local Settings\Application Data\prvlcl.dat

[2009/11/07 18:30:16 | 000,023,361 | ---- | C] () -- C:\Documents and Settings\Searchlight Comics\Application Data\Comma Separated Values (Windows).ADR

[2009/11/07 15:40:56 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Searchlight Comics\Application Data\$_hpcst$.hpc

[2009/07/07 17:23:38 | 000,000,027 | ---- | C] () -- C:\WINDOWS\SmAudio.INI

[2009/06/12 09:30:52 | 000,000,012 | ---- | C] () -- C:\WINDOWS\atiry80.dll

[2009/06/12 09:13:33 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\FlicPlusSDK_Win32_API.dll

[2009/05/24 12:11:10 | 000,000,050 | ---- | C] () -- C:\WINDOWS\MegaManager.INI

[2009/02/17 11:44:30 | 000,000,217 | ---- | C] () -- C:\WINDOWS\{2E11BFE5-B43B-466C-AD32-C522770576FD}_WiseFW.ini

[2009/02/06 16:00:19 | 000,000,031 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib

[2009/01/06 20:25:27 | 000,000,671 | ---- | C] () -- C:\Documents and Settings\Searchlight Comics\Application Data\vso_ts_preview.xml

[2009/01/06 20:25:10 | 000,000,034 | ---- | C] () -- C:\Documents and Settings\Searchlight Comics\Application Data\pcouffin.log

[2009/01/06 20:25:00 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Searchlight Comics\Application Data\inst.exe

[2009/01/06 20:25:00 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Searchlight Comics\Application Data\pcouffin.cat

[2009/01/06 20:25:00 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Searchlight Comics\Application Data\pcouffin.inf

[2009/01/01 22:26:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI

[2008/11/22 13:38:14 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2008/10/28 10:00:27 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\IPPCPUID.DLL

[2008/10/28 09:56:04 | 000,028,672 | ---- | C] () -- C:\WINDOWS\hookdllX.dll

[2008/10/28 09:55:41 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll

[2008/10/28 09:50:05 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxcivs.dll

[2008/10/28 09:49:56 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\lxcicoin.dll

[2008/10/28 09:49:12 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\lxcicnv4.dll

[2008/10/28 09:48:26 | 000,274,432 | ---- | C] () -- C:\WINDOWS\System32\lxciinst.dll

[2008/10/22 12:13:38 | 000,000,173 | ---- | C] () -- C:\WINDOWS\KPCMS.INI

[2008/10/22 12:12:33 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL

[2008/08/28 14:33:06 | 000,000,896 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2008/08/12 14:59:50 | 000,224,256 | ---- | C] () -- C:\Documents and Settings\Searchlight Comics\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008/08/06 21:29:20 | 000,006,370 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys

[2008/08/06 21:29:20 | 000,000,168 | RHS- | C] () -- C:\WINDOWS\System32\4132A8E190.sys

[2008/07/10 08:14:01 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2008/07/10 07:56:01 | 000,004,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys

[2008/07/10 07:47:09 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll

[2008/07/10 07:47:09 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll

[2008/07/10 07:47:09 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll

[2008/07/10 07:47:09 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll

[2008/07/10 07:47:09 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll

[2008/07/10 07:47:09 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll

[2008/07/10 07:42:09 | 000,701,840 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll

[2008/07/10 07:42:09 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4785.dll

[2008/07/10 07:40:11 | 000,012,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSMAPIP.SYS

[2008/07/10 07:40:02 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll

[2008/07/10 07:39:43 | 000,015,190 | ---- | C] () -- C:\WINDOWS\M2000Twn.ini

[2007/08/16 06:28:38 | 000,025,269 | ---- | C] () -- C:\WINDOWS\System32\PROCDB.INI

[2007/08/16 06:28:27 | 000,000,380 | ---- | C] () -- C:\WINDOWS\System32\IPSCtrl.INI

[2007/02/09 15:54:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini

[2006/11/12 00:50:38 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll

[2006/04/30 03:31:51 | 000,004,670 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

[2006/04/30 03:22:10 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini

[2006/04/30 02:55:22 | 000,206,336 | ---- | C] () -- C:\WINDOWS\odomipobe.dll

[2006/04/30 02:55:22 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\mwigacc32.dll

[2006/04/29 20:04:28 | 000,004,370 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2006/01/30 10:00:00 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\VSHP1018.DLL

[2005/12/21 17:57:36 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\nsldap32v50.dll

[2005/12/21 17:57:04 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\nsldappr32v50.dll

[2005/12/21 17:54:34 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\nsldapssl32v50.dll

[2004/03/04 09:43:40 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\SN4Codec.dll

[2003/05/09 10:06:28 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\tjpegcodec.dll

[2001/11/14 15:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== LOP Check ==========

[2010/10/20 09:40:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9

[2008/08/27 19:44:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus

[2008/11/05 12:45:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BayLister

[2009/07/21 18:23:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Borland

[2008/10/28 10:02:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software

[2009/06/08 20:32:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Chronos Process Integration

[2009/06/10 14:13:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES

[2009/06/08 21:24:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dynacom

[2009/08/03 19:05:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FireFox

[2010/07/03 11:42:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro

[2010/09/10 17:12:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Human Computing

[2008/09/02 19:29:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lenovo

[2010/10/20 13:18:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn

[2010/10/20 14:50:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData

[2010/07/16 21:22:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic Anti-Spyware

[2008/07/10 07:55:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC-Doctor

[2010/02/03 18:55:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PreEmptive Solutions

[2010/04/21 12:04:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion

[2009/04/29 17:57:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate

[2010/10/20 02:16:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan

[2009/02/06 16:00:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft

[2008/08/06 21:29:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TaskMgr

[2010/10/20 18:12:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2010/10/20 00:17:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Update

[2009/12/10 17:37:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VistaCodecs

[2010/02/10 21:00:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk

[2010/08/22 14:25:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2009/10/29 13:01:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}

[2009/06/08 21:30:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{B73EC431-2F59-4E5E-9CEA-001681A75E3E}

[2010/10/20 14:51:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{E961CE1B-C3EA-4882-9F67-F859B555D097}

[2009/06/04 20:45:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Searchlight Comics\Application Data\Azureus

[2009/06/15 15:46:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Searchlight Comics\Application Data\Business Suite

[2009/08/01 09:51:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Searchlight Comics\Application Data\Canneverbe_Limited

[2009/06/08 20:32:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Searchlight Comics\Application Data\Chronos Process Integration

[2009/03/08 18:05:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Searchlight Comics\Application Data\cYo

[2009/04/11 11:01:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Searchlight Comics\Application Data\DC++

[2009/06/08 21:28:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Searchlight Comics\Application Data\Dynacom

[2010/01/04 12:04:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Searchlight Comics\Application Data\Endicia

[2010/10/22 05:03:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Searchlight Comics\Application Data\FC6BCBC365901A48201EB68D1596A914

[2008/09/29 12:30:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Searchlight Comics\Application Data\GamesCafe

[2010/09/10 17:16:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Searchlight Comics\Application Data\Human Computing

[2008/11/28 13:27:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Searchlight Comics\Application Data\InfraRecorder

[2009/01/01 19:54:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Searchlight Comics\Application Data\InterVideo

[2008/10/01 08:11:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Searchlight Comics\Application Data\iWin

[2008/08/06 21:09:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Searchlight Comics\Application Data\Leadertech

[2008/09/02 19:29:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Searchlight Comics\Application Data\Lenovo

[2009/07/21 18:14:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Searchlight Comics\Application Data\Listomax

[2009/12/10 18:42:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Searchlight Comics\Application Data\LogMeIn Rescue

[2008/08/21 21:10:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Searchlight Comics\Application Data\MSNInstaller

[2010/09/29 16:09:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Searchlight Comics\Application Data\NewSoft

[2010/10/19 21:53:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Searchlight Comics\Application Data\Neywo1

[2009/07/08 16:38:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Searchlight Comics\Application Data\Orbit

[2010/04/21 12:05:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Searchlight Comics\Application Data\Research In Motion

[2009/10/30 13:53:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Searchlight Comics\Application Data\Resource Tuner

[2009/06/15 17:00:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Searchlight Comics\Application Data\Softplicity

[2009/06/30 08:59:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Searchlight Comics\Application Data\Stamps.com Internet Postage

[2010/09/09 15:03:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Searchlight Comics\Application Data\Thunderbird

[2010/07/05 11:35:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Searchlight Comics\Application Data\uTorrent

[2010/10/20 10:18:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Searchlight Comics\Application Data\Uzzaiw1

[2010/07/22 22:42:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Searchlight Comics\Application Data\Vso

[2010/07/16 21:22:45 | 000,000,384 | ---- | M] () -- C:\WINDOWS\Tasks\Pareto UNS.job

[2010/10/25 02:28:00 | 000,000,440 | ---- | M] () -- C:\WINDOWS\Tasks\Updater.job

[2010/10/25 02:09:51 | 000,000,330 | -HS- | M] () -- C:\WINDOWS\Tasks\ZKFOB.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 24 bytes -> C:\WINDOWS:F558EB63EC52EC5B

@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:69DD03D4

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F1CF9611

< End of report >

Link to post
Share on other sites

1. Please download The Avenger2 by Swandog46 to your Desktop.

  • Right click on the Avenger.zip folder and select "Extract All..."
  • Follow the prompts and extract the avenger folder to your desktop

2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Files to delete:
C:\WINDOWS\Qguyoxired.dat
C:\WINDOWS\Afoxogovitogol.bin
C:\WINDOWS\tasks\ZKFOB.job
C:\Documents and Settings\All Users\Application Data\.wtav
C:\Documents and Settings\Searchlight Comics\Application Data\378981.bat
C:\Documents and Settings\Searchlight Comics\Local Settings\Application Data\998652.exe
C:\Documents and Settings\Searchlight Comics\Application Data\330841.bat
C:\Documents and Settings\Searchlight Comics\Application Data\412041.bat


Folders to delete:
C:\Documents and Settings\Searchlight Comics\Application Data\Uzzaiw1
C:\Documents and Settings\Searchlight Comics\Application Data\Neywo1
C:\Documents and Settings\All Users\Documents\Server
C:\Documents and Settings\Searchlight Comics\Application Data\FC6BCBC365901A48201EB68D1596A914

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, open the avenger folder and start The Avenger program by clicking on its icon.

  • Right click on the window under Input script here:, and select Paste.
  • You can also Paste the text copied to the clipboard into this window by pressing (Ctrl+V), or click on the third button under the menu to paste it from the clipboard.
  • Click on Execute
  • Answer "Yes" twice when prompted.

4. The Avenger will automatically do the following:

[*]It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete" or "Drivers to Disable", The Avenger will actually restart your system twice.)

[*]On reboot, it will briefly open a black command window on your desktop, this is normal.

[*]After the restart, it creates a log file that should open with the results of Avenger

Link to post
Share on other sites

When did that happen?

After running the Avenger?

Try to boot in to Last known good configuration.

It will be one of the options when the system restarts.

If it is not present on restart then tap the F8 key like booting into Safe mode.

Instead of choosing safe mode choose Last known.

Let me know if that boots normally.

Link to post
Share on other sites

This happened during the first Avenger restart. I tried the last know configuration as well and had no luck. A small blue screen in the upper left hand corner of the screen flashes really quick then restarts the computer. I can't read what it says because it's to small.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.