Possible Rootkit

[dr.]

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 3:40:00 PM, on 11/22/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\windows\System32\smss.exe

C:\windows\system32\winlogon.exe

C:\windows\system32\services.exe

C:\windows\system32\lsass.exe

C:\windows\system32\svchost.exe

C:\windows\System32\svchost.exe

C:\windows\system32\spoolsv.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe

C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe

C:\Program Files\Lock My PC 4\lockpc.exe

C:\windows\Explorer.EXE

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

C:\windows\system\hpsysdrv.exe

C:\HP\KBD\KBD.EXE

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\windows\system32\S3tray2.exe

C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\windows\system32\ctfmon.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe

C:\Program Files\Opera\opera.exe

C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

C:\Documents and Settings\Owner\Local Settings\Application Data\Opera\Opera\temporary_downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus9.hpwis.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus9.hpwis.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus9.hpwis.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-qus9.hpwis.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=14597&l=dis

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus9.hpwis.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.1.0.37\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.1.0.37\IPSBHO.DLL

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.1.0.37\coIEPlg.dll

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [s3TRAY2] S3tray2.exe

O4 - HKLM\..\Run: [XboxStat] "c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook

O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')

O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')

O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\windows\System32\shdocvw.dll

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\windows\System32\shdocvw.dll

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1285986839921

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O20 - Winlogon Notify: fsp_lmwl - fsp_lmwl.dll (file missing)

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\windows\System32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\windows\System32\browseui.dll

O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\windows\System32\nvsvc32.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe

O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--

End of file - 7821 bytes

[kahdah]

Hello dr.

Welcome to Malwarebytes.

=====================

• Download OTL to your desktop.
  
• Double click on OTL to run it.
  
• When the window appears, underneath Output at the top change it to Minimal Output.
  
• Under the Standard Registry box change it to All.
  
• Check the boxes beside LOP Check and Purity Check.
  
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
    

====================

Please download Rootkit Unhooker and save it to your desktop.

• Note since it is in rar format and if you do not have anyhting that will open it then you can download 7 zip and use it to extract the data it can be found

here:
Right click on the .rar file and choose extract files.
Double-click RKUnhookerLE.exe to run it.
Click the Report tab, then click Scan
Check Drivers, Stealth Code, Files, and Code Hooks
Uncheck the rest, then click OK
When prompted to Select Disks for Scan, make sure C:\ is checked and click OK
Wait till the scanner has finished then go File > Save Report
Save the report somewhere you can find it, typically your desktop. Click Close
Copy the entire contents of the report and paste it in your next reply.

Note - You may get this warning it is ok, just ignore it."Rootkit Unhooker has detected a parasite inside itself!

It is recommended to remove parasite, okay?"

[dr.]

Hello dr.

Welcome to Malwarebytes.

=====================

• Download OTL to your desktop.
  
• Double click on OTL to run it.
  
• When the window appears, underneath Output at the top change it to Minimal Output.
  
• Under the Standard Registry box change it to All.
  
• Check the boxes beside LOP Check and Purity Check.
  
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
    

====================

Please download Rootkit Unhooker and save it to your desktop.

• Note since it is in rar format and if you do not have anyhting that will open it then you can download 7 zip and use it to extract the data it can be found

here:
Right click on the .rar file and choose extract files.
Double-click RKUnhookerLE.exe to run it.
Click the Report tab, then click Scan
Check Drivers, Stealth Code, Files, and Code Hooks
Uncheck the rest, then click OK
When prompted to Select Disks for Scan, make sure C:\ is checked and click OK
Wait till the scanner has finished then go File > Save Report
Save the report somewhere you can find it, typically your desktop. Click Close
Copy the entire contents of the report and paste it in your next reply.

Note - You may get this warning it is ok, just ignore it."Rootkit Unhooker has detected a parasite inside itself!

It is recommended to remove parasite, okay?"

Your software gave my computer a trojan-agent, nows it even more messed up then before IE8 cant even load thanks alot

[kahdah]

Your software gave my computer a trojan-agent, nows it even more messed up then before IE8 cant even load thanks alot

This is an incorrect statement.

This is not my software and it is not a trojan agent.

The same antivirus software that tells you this is also letting the malware run on your system.

I am not here to infect your computer I am here to disinfect the machine since you posted for assistance I will help you clean the machine up.

The alert you have received from your antivirus telling you it is a trojan agent is what is called a false positive.

This file is merely a scanner and a custom created program so it needs to be run in order to see what is going on with the system.

The IE8 opening\not opening is merely a coincidence these files are completely safe.

If you wish to proceed please disable your anti virus program to run the programs they are scanners only they do nothing but scan and move/delete files if they need to be but only if we paste a script in will it do those functions.

[dr.]

This is an incorrect statement.

This is not my software and it is not a trojan agent.

The same antivirus software that tells you this is also letting the malware run on your system.

I am not here to infect your computer I am here to disinfect the machine since you posted for assistance I will help you clean the machine up.

The alert you have received from your antivirus telling you it is a trojan agent is what is called a false positive.

This file is merely a scanner and a custom created program so it needs to be run in order to see what is going on with the system.

The IE8 opening\not opening is merely a coincidence these files are completely safe.

If you wish to proceed please disable your anti virus program to run the programs they are scanners only they do nothing but scan and move/delete files if they need to be but only if we paste a script in will it do those functions.

Okay, sorry. I just don't want to have to format it again, and my CPU is spiking hardcore for 0% to 40% to 100%

[dr.]

OTL logfile created on: 11/22/2010 10:13:47 PM - Run 1

OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Owner\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 65.00% Memory free

5.00 Gb Paging File | 4.00 Gb Available in Paging File | 89.00% Paging File free

Paging file location(s): [binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files

Drive C: | 68.35 Gb Total Space | 48.96 Gb Free Space | 71.63% Space Free | Partition Type: NTFS

Drive D: | 465.64 Gb Total Space | 334.78 Gb Free Space | 71.90% Space Free | Partition Type: FAT32

Computer Name: YOUR-LK4RLMSU41 | User Name: Owner | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/22 22:09:53 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe

PRC - [2010/10/25 12:27:44 | 001,096,872 | ---- | M] (Auslogics) -- C:\Program Files\Auslogics\Auslogics BoostSpeed\boostspeed.exe

PRC - [2010/10/08 16:00:10 | 000,836,464 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe

PRC - [2010/07/22 23:05:56 | 000,126,904 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe

PRC - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2010/04/29 15:39:32 | 000,437,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2009/09/30 17:57:20 | 000,718,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe

PRC - [2009/03/05 18:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

PRC - [2009/02/23 19:43:12 | 000,576,000 | ---- | M] (MagicISO, Inc.) -- C:\Program Files\MagicDisc\MagicDisc.exe

PRC - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2007/10/30 21:51:44 | 000,492,720 | ---- | M] () -- C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe

PRC - [2007/10/30 21:07:38 | 000,427,288 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

PRC - [2004/11/02 17:59:50 | 000,316,544 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

PRC - [2003/02/25 05:33:14 | 000,069,632 | ---- | M] (S3 Graphics, Inc.) -- C:\WINDOWS\system32\S3tray2.exe

========== Modules (SafeList) ==========

MOD - [2010/11/22 22:09:53 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe

MOD - [2010/08/23 10:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

MOD - [2010/08/16 21:39:11 | 000,413,552 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\18.1.0.37\asOEHook.dll

MOD - [2009/07/12 01:02:02 | 000,653,120 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton Internet Security\Engine\18.1.0.37\Microsoft.VC90.CRT\msvcr90.dll

MOD - [2009/07/12 01:02:00 | 000,569,664 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton Internet Security\Engine\18.1.0.37\Microsoft.VC90.CRT\msvcp90.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (NMIndexingService)

SRV - File not found [On_Demand | Stopped] -- C:\windows\System32\appmgmts.dll -- (AppMgmt)

SRV - [2010/07/22 23:05:56 | 000,126,904 | R--- | M] (Symantec Corporation) [unknown | Running] -- C:\Program Files\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe -- (NIS)

SRV - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2010/03/18 18:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state)

SRV - [2010/03/18 15:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)

SRV - [2010/03/18 15:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)

SRV - [2007/10/30 21:51:44 | 000,492,720 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe -- (TryAndDecideService)

SRV - [2007/10/30 21:07:38 | 000,427,288 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)

SRV - [2004/11/02 17:59:50 | 000,316,544 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe -- (SymWSC)

========== Driver Services (SafeList) ==========

DRV - [2010/11/22 01:32:43 | 000,004,096 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nocashio.sys -- (nocashio)

DRV - [2010/11/16 04:27:00 | 001,371,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20101122.022\NAVEX15.SYS -- (NAVEX15)

DRV - [2010/11/16 04:27:00 | 000,086,064 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20101122.022\NAVENG.SYS -- (NAVENG)

DRV - [2010/11/12 11:47:14 | 000,126,512 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)

DRV - [2010/11/12 10:51:51 | 000,231,248 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\truecrypt.sys -- (truecrypt)

DRV - [2010/11/11 03:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)

DRV - [2010/11/11 03:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)

DRV - [2010/11/03 18:07:06 | 000,691,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20101104.001\BHDrvx86.sys -- (BHDrvx86)

DRV - [2010/10/19 14:36:22 | 000,341,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20101122.004\IDSXpx86.sys -- (IDSxpx86)

DRV - [2010/10/02 07:28:09 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\timntr.sys -- (timounter)

DRV - [2010/10/02 07:28:09 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)

DRV - [2010/10/02 07:27:57 | 000,129,248 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\snapman.sys -- (snapman)

DRV - [2010/10/02 07:27:38 | 000,368,544 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\tdrpman.sys -- (tdrpman)

DRV - [2010/07/28 21:33:05 | 000,666,672 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\windows\system32\drivers\NIS\1201000.025\SYMEFA.SYS -- (SymEFA)

DRV - [2010/07/28 20:54:36 | 000,489,008 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\windows\system32\drivers\NIS\1201000.025\SRTSP.SYS -- (SRTSP)

DRV - [2010/07/28 20:54:36 | 000,050,096 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\windows\system32\drivers\NIS\1201000.025\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)

DRV - [2010/07/21 19:27:14 | 000,043,952 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIMMP)

DRV - [2010/07/21 19:27:14 | 000,043,952 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIM)

DRV - [2010/07/12 19:20:22 | 000,369,072 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\windows\system32\drivers\NIS\1201000.025\SYMTDI.SYS -- (SYMTDI)

DRV - [2010/06/26 22:05:55 | 000,134,704 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\windows\system32\drivers\NIS\1201000.025\Ironx86.SYS -- (SymIRON)

DRV - [2010/06/13 04:50:57 | 000,339,504 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\NIS\1201000.025\SYMDS.SYS -- (SymDS)

DRV - [2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2009/09/09 20:24:14 | 000,062,424 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\xusb21.sys -- (xusb21)

DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)

DRV - [2008/04/13 12:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)

DRV - [2004/10/01 11:24:02 | 002,279,424 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)

DRV - [2004/08/03 23:29:54 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)

DRV - [2003/06/19 02:59:00 | 000,140,800 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\windows\System32\DRIVERS\fasttx2k.sys -- (fasttx2k)

DRV - [2003/05/26 14:57:50 | 000,166,912 | ---- | M] (S3 Graphics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\s3gnbm.sys -- (S3Psddr)

DRV - [2003/05/06 16:34:56 | 000,394,752 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)

DRV - [2003/04/11 09:51:30 | 000,010,624 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)

DRV - [2003/03/31 22:29:42 | 000,625,537 | ---- | M] (LT) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)

DRV - [2003/03/19 23:51:00 | 000,018,688 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\windows\System32\DRIVERS\nv_agp.sys -- (nv_agp)

DRV - [2003/02/20 17:18:36 | 000,036,608 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\windows\System32\DRIVERS\SISAGPX.sys -- (SISAGP)

DRV - [2002/12/27 12:41:00 | 000,026,880 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\windows\System32\DRIVERS\viaagp1.sys -- (viaagp1)

DRV - [2002/10/04 18:04:10 | 000,046,976 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)

DRV - [2002/07/29 23:43:50 | 000,023,808 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus9.hpwis.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus9.hpwis.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://srch-qus9.hpwis.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=14597&l=dis

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0

FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.1

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - HKLM\software\mozilla\Firefox\extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ [2010/11/12 11:48:30 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn\ [2010/11/12 11:46:41 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/17 23:09:06 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/17 22:49:31 | 000,000,000 | ---D | M]

[2010/11/17 23:09:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions

[2010/11/22 18:59:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\fzr1aavl.default\extensions

[2010/11/17 23:36:57 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\fzr1aavl.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/11/17 23:10:03 | 000,002,470 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\fzr1aavl.default\searchplugins\safesearch.xml

[2010/11/17 22:49:32 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/11/17 17:10:55 | 000,433,944 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 127.0.0.1 ad.de.doubleclick.net

O1 - Hosts: 127.0.0.1 ad.dk.doubleclick.net

O1 - Hosts: 127.0.0.1 ad.doubleclick.net

O1 - Hosts: 127.0.0.1 ad.es.doubleclick.net

O1 - Hosts: 127.0.0.1 ad.fr.doubleclick.net

O1 - Hosts: 127.0.0.1 ad.it.doubleclick.net

O1 - Hosts: 127.0.0.1 ad.jp.doubleclick.net

O1 - Hosts: 127.0.0.1 ad.kr.doubleclick.net

O1 - Hosts: 127.0.0.1 ad.linkexchange.com

O1 - Hosts: 127.0.0.1 ad.linksynergy.com

O1 - Hosts: 127.0.0.1 ad.nl.doubleclick.net

O1 - Hosts: 127.0.0.1 ad.no.doubleclick.net

O1 - Hosts: 127.0.0.1 ad.preferences.com

O1 - Hosts: 127.0.0.1 ad.se.doubleclick.net

O1 - Hosts: 127.0.0.1 ad.sma.punto.net

O1 - Hosts: 127.0.0.1 ad.uk.doubleclick.net

O1 - Hosts: 127.0.0.1 ad.webprovider.com

O1 - Hosts: 127.0.0.1 ad08.focalink.com

O1 - Hosts: 127.0.0.1 ad1.adcept.net

O1 - Hosts: 127.0.0.1 ad2.adcept.net

O1 - Hosts: 127.0.0.1 ad3.adcept.net

O1 - Hosts: 127.0.0.1 ad-adex3.flycast.com

O1 - Hosts: 127.0.0.1 adcontroller.unicast.com

O1 - Hosts: 127.0.0.1 adcreatives.imaginemedia.com

O1 - Hosts: 14900 more lines...

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.1.0.37\CoIEPlg.dll (Symantec Corporation)

O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.1.0.37\IPSBHO.dll (Symantec Corporation)

O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.1.0.37\CoIEPlg.dll (Symantec Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.1.0.37\CoIEPlg.dll (Symantec Corporation)

O4 - HKLM..\Run: [KernelFaultCheck] File not found

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [NvCplDaemon] C:\windows\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\windows\System32\nwiz.exe (NVIDIA Corporation)

O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()

O4 - HKLM..\Run: [s3TRAY2] C:\windows\System32\S3tray2.exe (S3 Graphics, Inc.)

O4 - HKLM..\Run: [XboxStat] c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)

O4 - HKCU..\Run: [NVIEW] C:\windows\System32\nview.dll (NVIDIA Corporation)

O4 - HKCU..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5...heckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1285986839921 (WUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)

O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 76.7.255.188 65.164.201.148

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\fsp_lmwl: DllName - Reg Error: Value error. - Reg Error: Value error. File not found

O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\windows\System32\igfxsrvc.dll (Intel Corporation)

O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O30 - LSA: Authentication Packages - (relog_ap) - C:\windows\System32\relog_ap.dll (Acronis)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2003/07/24 02:29:01 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2002/10/17 09:56:50 | 000,000,036 | RH-- | M] () - D:\autorun.inf -- [ FAT32 ]

O32 - AutoRun File - [2006/02/09 14:59:36 | 000,000,000 | RH-D | M] - D:\autorun -- [ FAT32 ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O34 - HKLM BootExecute: (sasnative32) - File not found

O34 - HKLM BootExecute: (Execute settings...) - File not found

O34 - HKLM BootExecute: (on\Explore) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/22 22:09:53 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe

[2010/11/22 19:43:04 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent

[2010/11/22 19:32:35 | 000,000,000 | ---D | C] -- C:\windows\Minidump

[2010/11/22 18:29:09 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Owner\Application Data\pcouffin.sys

[2010/11/22 18:29:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\PcSetup

[2010/11/22 00:40:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\HHD Software

[2010/11/22 00:32:36 | 000,116,736 | ---- | C] (MagicISO, Inc.) -- C:\windows\System32\drivers\mcdbus.sys

[2010/11/22 00:32:33 | 000,000,000 | ---D | C] -- C:\Program Files\MagicDisc

[2010/11/21 19:29:06 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\Desktop\DBvsSF

[2010/11/21 19:28:48 | 000,000,000 | -H-D | C] -- C:\windows\PIF

[2010/11/21 05:23:59 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Installer Clean Up

[2010/11/21 05:23:06 | 000,000,000 | ---D | C] -- C:\Program Files\MSECACHE

[2010/11/21 05:20:00 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys

[2010/11/21 05:19:57 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys

[2010/11/21 05:19:57 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010/11/21 02:53:12 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\Desktop\Virtualdub

[2010/11/21 02:37:04 | 000,000,000 | ---D | C] -- C:\Program Files\YouTube Downloader

[2010/11/21 02:11:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\WMTools Downloaded Files

[2010/11/21 02:01:52 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos

[2010/11/21 02:01:51 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\My Documents\My Videos

[2010/11/20 15:07:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Identities

[2010/11/18 18:13:20 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\Desktop\Nintendo 64 (N64)

[2010/11/18 15:59:39 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XAudio2_7.dll

[2010/11/18 15:59:39 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XAPOFX1_5.dll

[2010/11/18 15:59:38 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\D3DCompiler_43.dll

[2010/11/18 15:59:38 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xactengine3_7.dll

[2010/11/18 15:59:37 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dcsx_43.dll

[2010/11/18 15:59:36 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx11_43.dll

[2010/11/18 15:59:35 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\D3DX9_43.dll

[2010/11/18 15:59:35 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx10_43.dll

[2010/11/18 15:59:34 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XAudio2_6.dll

[2010/11/18 15:59:34 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XAPOFX1_4.dll

[2010/11/18 15:59:33 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xactengine3_6.dll

[2010/11/18 15:59:32 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\X3DAudio1_7.dll

[2010/11/18 15:59:31 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XAudio2_5.dll

[2010/11/18 15:59:29 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xactengine3_5.dll

[2010/11/18 15:59:28 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\D3DCompiler_42.dll

[2010/11/18 15:59:27 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dcsx_42.dll

[2010/11/18 15:59:27 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx11_42.dll

[2010/11/18 15:59:26 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx10_42.dll

[2010/11/18 15:59:25 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\D3DX9_42.dll

[2010/11/18 15:59:24 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\D3DX9_41.dll

[2010/11/18 15:59:24 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\D3DCompiler_41.dll

[2010/11/18 15:59:24 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx10_41.dll

[2010/11/18 15:59:22 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XAudio2_4.dll

[2010/11/18 15:59:22 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XAPOFX1_3.dll

[2010/11/18 15:59:21 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xactengine3_4.dll

[2010/11/18 15:59:21 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\X3DAudio1_6.dll

[2010/11/18 15:59:20 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\D3DCompiler_40.dll

[2010/11/18 15:59:20 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx10_40.dll

[2010/11/18 15:59:19 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\D3DX9_40.dll

[2010/11/18 15:59:18 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XAudio2_3.dll

[2010/11/18 15:59:18 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XAPOFX1_2.dll

[2010/11/18 15:59:17 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xactengine3_3.dll

[2010/11/18 15:59:16 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\X3DAudio1_5.dll

[2010/11/18 15:59:15 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XAudio2_2.dll

[2010/11/18 15:59:15 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XAPOFX1_1.dll

[2010/11/18 15:59:14 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xactengine3_2.dll

[2010/11/18 15:59:13 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\D3DX9_39.dll

[2010/11/18 15:59:13 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\D3DCompiler_39.dll

[2010/11/18 15:59:13 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx10_39.dll

[2010/11/18 15:59:11 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XAudio2_1.dll

[2010/11/18 15:59:11 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xactengine3_1.dll

[2010/11/18 15:59:11 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XAPOFX1_0.dll

[2010/11/18 15:59:10 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\X3DAudio1_4.dll

[2010/11/18 15:59:09 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\D3DCompiler_38.dll

[2010/11/18 15:59:09 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx10_38.dll

[2010/11/18 15:59:08 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\D3DX9_38.dll

[2010/11/18 15:59:07 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XAudio2_0.dll

[2010/11/18 15:59:06 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xactengine3_0.dll

[2010/11/18 15:59:05 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\X3DAudio1_3.dll

[2010/11/18 15:59:04 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\D3DCompiler_37.dll

[2010/11/18 15:59:04 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx10_37.dll

[2010/11/18 15:59:03 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\D3DX9_37.dll

[2010/11/18 15:59:02 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xactengine2_10.dll

[2010/11/18 15:59:01 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\D3DCompiler_36.dll

[2010/11/18 15:59:01 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx10_36.dll

[2010/11/18 15:59:00 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx9_36.dll

[2010/11/18 15:58:58 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xactengine2_9.dll

[2010/11/18 15:58:57 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\D3DCompiler_35.dll

[2010/11/18 15:58:57 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx10_35.dll

[2010/11/18 15:58:56 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx9_35.dll

[2010/11/18 15:58:55 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xactengine2_8.dll

[2010/11/18 15:58:55 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\X3DAudio1_2.dll

[2010/11/18 15:58:54 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\D3DCompiler_34.dll

[2010/11/18 15:58:54 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx10_34.dll

[2010/11/18 15:58:53 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx9_34.dll

[2010/11/18 15:58:50 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xactengine2_7.dll

[2010/11/18 15:58:44 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\D3DCompiler_33.dll

[2010/11/18 15:58:44 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx10_33.dll

[2010/11/18 15:58:38 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx9_33.dll

[2010/11/18 15:58:37 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xactengine2_6.dll

[2010/11/18 15:58:35 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xactengine2_5.dll

[2010/11/18 15:58:34 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx9_32.dll

[2010/11/18 15:58:32 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xactengine2_4.dll

[2010/11/18 15:58:32 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\x3daudio1_1.dll

[2010/11/18 15:58:31 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx9_31.dll

[2010/11/18 15:58:30 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xactengine2_3.dll

[2010/11/18 15:58:29 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xinput1_2.dll

[2010/11/18 15:58:28 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xactengine2_2.dll

[2010/11/18 15:58:27 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xinput1_1.dll

[2010/11/18 15:58:25 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xactengine2_1.dll

[2010/11/18 15:58:20 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xactengine2_0.dll

[2010/11/18 15:58:20 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\x3daudio1_0.dll

[2010/11/18 15:58:19 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx9_29.dll

[2010/11/18 15:58:18 | 000,061,136 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xinput9_1_0.dll

[2010/11/18 15:58:17 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx9_27.dll

[2010/11/18 15:58:15 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx9_26.dll

[2010/11/18 15:58:14 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx9_25.dll

[2010/11/18 15:58:12 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx9_24.dll

[2010/11/18 15:54:20 | 000,000,000 | ---D | C] -- C:\windows\Logs

[2010/11/18 15:02:53 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\Desktop\PS2

[2010/11/17 23:53:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Auslogics

[2010/11/17 23:49:50 | 000,000,000 | ---D | C] -- C:\Program Files\Auslogics

[2010/11/17 23:08:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla

[2010/11/17 23:08:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Mozilla

[2010/11/17 22:49:28 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox

[2010/11/17 21:07:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DirectX

[2010/11/17 21:05:58 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\Desktop\dreamcast

[2010/11/17 20:05:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Downloads

[2010/11/17 20:01:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Registry Mechanic

[2010/11/17 18:24:56 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\Desktop\SNES ROMS

[2010/11/17 17:57:51 | 000,016,184 | ---- | C] (Systweak Inc., (www.systweak.com)) -- C:\windows\System32\ROBoot.exe

[2010/11/17 17:45:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Systweak

[2010/11/17 17:42:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Systweak

[2010/11/17 15:09:53 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Xbox 360 Accessories

[2010/11/17 11:55:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Threat Expert

[2010/11/16 20:40:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\WinZip

[2010/11/16 20:39:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WinZip

[2010/11/16 20:39:03 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip

[2010/11/16 19:57:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\DFX

[2010/11/16 19:54:45 | 000,000,000 | ---D | C] -- C:\Program Files\DFX

[2010/11/16 19:54:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DFX

[2010/11/16 19:52:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DFX

[2010/11/16 13:13:12 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\Desktop\Super Nintendo

[2010/11/16 11:40:33 | 000,000,000 | ---D | C] -- C:\windows\System32\XPSViewer

[2010/11/16 11:40:28 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild

[2010/11/16 11:40:17 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies

[2010/11/16 11:39:32 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\prntvpt.dll

[2010/11/16 11:39:31 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xpssvcs.dll

[2010/11/16 11:39:31 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\xpssvcs.dll

[2010/11/16 11:39:31 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\printfilterpipelinesvc.exe

[2010/11/16 11:39:31 | 000,575,488 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\xpsshhdr.dll

[2010/11/16 11:39:31 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\filterpipelineprintproc.dll

[2010/11/16 11:39:30 | 000,000,000 | ---D | C] -- C:\c2abe63ea84c83266ac191

[2010/11/16 10:38:38 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2010/11/16 10:32:41 | 000,000,000 | ---D | C] -- C:\0ac34ef71f547cdfb08e67

[2010/11/16 10:32:25 | 000,000,000 | ---D | C] -- C:\56e44aa85a13a069f62108561b886a

[2010/11/16 01:18:15 | 000,043,952 | R--- | C] (Symantec Corporation) -- C:\windows\System32\drivers\SymIM.sys

[2010/11/16 01:06:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2010/11/15 23:56:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes

[2010/11/15 23:56:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2010/11/15 23:19:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Readon_Technology

[2010/11/15 23:19:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Readon Player

[2010/11/15 22:54:58 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET

[2010/11/15 22:28:39 | 000,000,000 | ---D | C] -- C:\windows\Sun

[2010/11/15 17:37:53 | 000,014,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\spmsgXP_2k3.dll

[2010/11/15 17:29:25 | 001,112,288 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WdfCoInstaller01007.dll

[2010/11/15 17:29:25 | 000,062,424 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\xusb21.sys

[2010/11/15 17:29:25 | 000,000,000 | ---D | C] -- C:\windows\System32\DRVSTORE

[2010/11/15 17:29:14 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xinput1_3.dll

[2010/11/14 21:40:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Acronis

[2010/11/14 21:32:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Uniblue

[2010/11/14 21:32:29 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue

[2010/11/14 21:23:07 | 000,000,000 | ---D | C] -- C:\Program Files\PS3 Media Server

[2010/11/14 19:19:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\FFOutput

[2010/11/14 19:18:11 | 000,000,000 | ---D | C] -- C:\Program Files\FreeTime

[2010/11/13 02:15:49 | 000,000,000 | ---D | C] -- C:\Program Files\mkv2vob

[2010/11/13 01:04:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Yahoo

[2010/11/13 01:02:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Yahoo!

[2010/11/13 01:01:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo!

[2010/11/13 00:56:46 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!

[2010/11/12 20:19:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\vsosdk

[2010/11/12 18:18:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\ConvertXToDVD

[2010/11/12 17:46:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Vso

[2010/11/12 17:45:11 | 000,000,000 | ---D | C] -- C:\Program Files\VSO

[2010/11/12 16:49:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\OpenOffice.org

[2010/11/12 16:37:39 | 000,000,000 | ---D | C] -- C:\Program Files\JRE

[2010/11/12 16:37:33 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3

[2010/11/12 16:36:43 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\javaws.exe

[2010/11/12 16:36:43 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\javaw.exe

[2010/11/12 16:36:43 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\java.exe

[2010/11/12 12:02:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Tific

[2010/11/12 12:01:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Symantec

[2010/11/12 11:49:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Symantec

[2010/11/12 11:47:14 | 000,126,512 | ---- | C] (Symantec Corporation) -- C:\windows\System32\drivers\SYMEVENT.SYS

[2010/11/12 11:47:14 | 000,060,808 | ---- | C] (Symantec Corporation) -- C:\windows\System32\S32EVNT1.DLL

[2010/11/12 11:47:02 | 000,666,672 | R--- | C] (Symantec Corporation) -- C:\windows\System32\drivers\NIS\1201000.025\SymEFA.sys

[2010/11/12 11:47:02 | 000,489,008 | R--- | C] (Symantec Corporation) -- C:\windows\System32\drivers\NIS\1201000.025\srtsp.sys

[2010/11/12 11:47:02 | 000,369,072 | R--- | C] (Symantec Corporation) -- C:\windows\System32\drivers\NIS\1201000.025\symtdi.sys

[2010/11/12 11:47:02 | 000,339,504 | R--- | C] (Symantec Corporation) -- C:\windows\System32\drivers\NIS\1201000.025\SymDS.sys

[2010/11/12 11:47:02 | 000,331,312 | R--- | C] (Symantec Corporation) -- C:\windows\System32\drivers\NIS\1201000.025\symtdiv.sys

[2010/11/12 11:47:02 | 000,294,448 | R--- | C] (Symantec Corporation) -- C:\windows\System32\drivers\NIS\1201000.025\symnets.sys

[2010/11/12 11:47:02 | 000,134,704 | R--- | C] (Symantec Corporation) -- C:\windows\System32\drivers\NIS\1201000.025\Ironx86.sys

[2010/11/12 11:47:02 | 000,050,096 | R--- | C] (Symantec Corporation) -- C:\windows\System32\drivers\NIS\1201000.025\srtspx.sys

[2010/11/12 11:46:44 | 000,000,000 | ---D | C] -- C:\windows\System32\drivers\NIS

[2010/11/12 11:46:44 | 000,000,000 | ---D | C] -- C:\windows\System32\drivers\NIS\1201000.025

[2010/11/12 11:46:41 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar

[2010/11/12 11:46:41 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Internet Security

[2010/11/12 11:46:20 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller

[2010/11/12 11:41:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller

[2010/11/12 11:35:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Norton

[2010/11/12 11:35:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton

[2010/11/12 11:24:41 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy

[2010/11/12 11:24:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

[2010/11/12 11:03:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Adobe

[2010/11/12 11:01:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TrueCrypt

[2010/11/12 10:52:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\TrueCrypt

[2010/11/12 10:51:51 | 000,231,248 | ---- | C] (TrueCrypt Foundation) -- C:\windows\System32\drivers\truecrypt.sys

[2010/11/12 10:51:50 | 000,000,000 | ---D | C] -- C:\Program Files\TrueCrypt

[2010/11/12 10:49:49 | 003,487,848 | ---- | C] (TrueCrypt Foundation) -- C:\Documents and Settings\Owner\My Documents\TrueCrypt Setup 7.0a.exe

[2010/11/12 00:51:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Media Player Classic

[2010/11/12 00:16:39 | 000,156,672 | ---- | C] (Radioactive) -- C:\windows\System32\rmc_fixasf.exe

[2010/11/12 00:12:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\mdnslib

[2010/11/12 00:12:44 | 000,000,000 | ---D | C] -- C:\windows\Applian Director

[2010/11/12 00:12:44 | 000,000,000 | ---D | C] -- C:\Program Files\Applian Director

[2010/11/12 00:12:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\FLVService

[2010/11/12 00:12:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Ask and Record Toolbar

[2010/11/12 00:12:19 | 000,000,000 | ---D | C] -- C:\windows\Replay Media Catcher

[2010/11/11 23:41:42 | 000,232,448 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\windows\System32\mp3fhg.acm

[2010/11/11 23:41:41 | 000,217,088 | ---- | C] (www.helixcommunity.org) -- C:\windows\System32\yv12vfw.dll

[2010/11/11 23:41:41 | 000,151,552 | ---- | C] (fccHandler) -- C:\windows\System32\ac3acm.acm

[2010/11/11 23:41:36 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack

[2010/11/11 23:38:31 | 000,000,000 | ---D | C] -- C:\Program Files\Hoo Technologies

[2010/11/11 22:11:11 | 000,000,000 | ---D | C] -- C:\Program Files\Tweak-XP

[2010/11/11 22:10:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard

[2010/11/11 21:26:30 | 000,933,888 | ---- | C] (Adroit Technologies) -- C:\windows\System32\SmartTabs29.ocx

[2010/11/11 21:26:30 | 000,221,184 | ---- | C] (RSP Software - http://rspsoftware.clic3.net) -- C:\windows\System32\rspencr330.ocx

[2010/11/11 21:21:38 | 000,000,000 | ---D | C] -- C:\Program Files\Lock My PC 4

[2010/11/11 21:19:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\WinRAR

[2010/11/11 19:43:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Symantec

[2010/10/27 04:00:21 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0

[2010/10/26 13:49:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Acronis

[2010/10/26 11:26:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\ImgBurn

[2010/10/26 11:25:25 | 000,000,000 | ---D | C] -- C:\Program Files\ImgBurn

[2010/10/26 11:20:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\LightScribe

[2010/10/26 11:18:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Ahead

[2010/10/26 11:15:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LightScribe

[2010/10/26 08:46:49 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\mfc42.dll

[2010/10/26 08:46:49 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\mfc40u.dll

[2010/10/26 08:46:34 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\comctl32.dll

[2010/10/25 17:41:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Ahead

[2010/10/25 17:40:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Ahead

[2010/10/25 17:31:05 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx9_30.dll

[2010/10/25 17:31:04 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx9_28.dll

[2010/10/25 16:53:29 | 000,000,000 | ---D | C] -- C:\windows\Prefetch

[2010/10/25 16:39:43 | 000,000,000 | ---D | C] -- C:\windows\System32\scripting

[2010/10/25 16:39:42 | 000,000,000 | ---D | C] -- C:\windows\l2schemas

[2010/10/25 16:39:41 | 000,000,000 | ---D | C] -- C:\windows\System32\en

[2010/10/25 16:34:02 | 000,000,000 | ---D | C] -- C:\windows\network diagnostic

[2010/10/25 15:34:11 | 000,000,000 | ---D | C] -- C:\windows\pss

[2010/10/25 15:33:49 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner

[2010/10/25 15:05:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\VS Revo Group

[2010/10/25 14:56:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun

[2010/10/25 14:56:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java

[2010/10/25 14:56:30 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\deployJava1.dll

[2010/10/25 14:56:30 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\javacpl.cpl

[2010/10/25 14:54:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Sun

[2010/10/25 14:34:24 | 000,060,032 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\usbaudio.sys

========== Files - Modified Within 30 Days ==========

[2010/11/22 22:09:53 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe

[2010/11/22 19:46:32 | 000,000,412 | ---- | M] () -- C:\windows\tasks\Symantec NetDetect.job

[2010/11/22 19:45:41 | 000,001,394 | ---- | M] () -- C:\windows\System\hpsysdrv.DAT

[2010/11/22 19:44:28 | 000,000,408 | ---- | M] () -- C:\windows\tasks\Auslogics BoostSpeed Integrator Start On Windows Logon.job

[2010/11/22 19:44:03 | 000,002,048 | --S- | M] () -- C:\windows\bootstat.dat

[2010/11/22 19:43:51 | 2130,235,392 | -HS- | M] () -- C:\hiberfil.sys

[2010/11/22 18:29:09 | 000,087,608 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\inst.exe

[2010/11/22 18:29:09 | 000,047,360 | ---- | M] (VSO Software) -- C:\Documents and Settings\Owner\Application Data\pcouffin.sys

[2010/11/22 18:29:09 | 000,007,887 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\pcouffin.cat

[2010/11/22 18:29:09 | 000,001,144 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\pcouffin.inf

[2010/11/22 01:32:43 | 000,004,096 | ---- | M] () -- C:\windows\System32\drivers\nocashio.sys

[2010/11/22 00:40:13 | 000,002,310 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Hex Editor Neo.lnk

[2010/11/22 00:40:13 | 000,002,292 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Hex Editor Neo.lnk

[2010/11/22 00:32:50 | 000,000,652 | ---- | M] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\MagicDisc.lnk

[2010/11/22 00:32:49 | 000,000,640 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\MagicDisc.lnk

[2010/11/21 05:20:13 | 000,000,714 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/11/21 03:06:07 | 000,073,728 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/11/21 02:37:08 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\YouTube Downloader.lnk

[2010/11/18 15:58:37 | 000,752,944 | ---- | M] () -- C:\windows\System32\drivers\NIS\1201000.025\Cat.DB

[2010/11/17 23:50:05 | 000,000,924 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Auslogics BoostSpeed.lnk

[2010/11/17 23:50:04 | 000,000,906 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Auslogics BoostSpeed.lnk

[2010/11/17 23:09:12 | 000,000,000 | ---- | M] () -- C:\windows\nsreg.dat

[2010/11/17 22:49:42 | 000,001,626 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2010/11/17 22:49:42 | 000,001,608 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

[2010/11/17 18:01:42 | 000,002,576 | ---- | M] () -- C:\windows\System32\ASOROSet.bin

[2010/11/17 17:10:55 | 000,433,944 | R--- | M] () -- C:\windows\System32\drivers\etc\HOSTS

[2010/11/17 09:37:09 | 000,502,724 | ---- | M] () -- C:\windows\System32\perfh009.dat

[2010/11/17 09:37:09 | 000,087,682 | ---- | M] () -- C:\windows\System32\perfc009.dat

[2010/11/16 20:39:50 | 000,001,732 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk

[2010/11/16 12:25:32 | 000,153,976 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT

[2010/11/15 17:39:53 | 000,000,000 | -H-- | M] () -- C:\windows\System32\drivers\Msft_Kernel_xusb21_01007.Wdf

[2010/11/15 17:39:50 | 000,000,000 | -H-- | M] () -- C:\windows\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf

[2010/11/15 17:26:28 | 000,001,158 | ---- | M] () -- C:\windows\System32\wpa.dbl

[2010/11/14 21:32:32 | 000,000,747 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\SpeedUpMyPC.lnk

[2010/11/14 21:32:32 | 000,000,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SpeedUpMyPC.lnk

[2010/11/14 21:23:23 | 000,000,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PS3 Media Server.lnk

[2010/11/14 19:18:37 | 000,000,851 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Format Factory.lnk

[2010/11/13 02:15:54 | 000,001,701 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\mkv2vob.lnk

[2010/11/13 01:01:54 | 000,000,820 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk

[2010/11/13 01:01:54 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk

[2010/11/12 20:26:03 | 000,001,057 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\vso_ts_preview.xml

[2010/11/12 16:38:37 | 000,000,885 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\OpenOffice.org 3.2.lnk

[2010/11/12 11:47:14 | 000,126,512 | ---- | M] (Symantec Corporation) -- C:\windows\System32\drivers\SYMEVENT.SYS

[2010/11/12 11:47:14 | 000,060,808 | ---- | M] (Symantec Corporation) -- C:\windows\System32\S32EVNT1.DLL

[2010/11/12 11:47:14 | 000,007,456 | ---- | M] () -- C:\windows\System32\drivers\SYMEVENT.CAT

[2010/11/12 11:47:14 | 000,000,805 | ---- | M] () -- C:\windows\System32\drivers\SYMEVENT.INF

[2010/11/12 11:47:04 | 000,001,973 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton Internet Security.LNK

[2010/11/12 11:24:48 | 000,000,955 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Spybot - Search & Destroy (for blind users).lnk

[2010/11/12 11:24:48 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk

[2010/11/12 11:24:48 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Spybot - Search & Destroy.lnk

[2010/11/12 11:20:54 | 000,009,275 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts.20101112-093003.backup

[2010/11/12 11:14:53 | 003,883,008 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\True Crypt

[2010/11/12 11:04:11 | 000,369,152 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\ISORecorderV2RC1.msi

[2010/11/12 10:51:53 | 000,000,640 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TrueCrypt.lnk

[2010/11/12 10:51:51 | 000,231,248 | ---- | M] (TrueCrypt Foundation) -- C:\windows\System32\drivers\truecrypt.sys

[2010/11/12 10:50:03 | 003,487,848 | ---- | M] (TrueCrypt Foundation) -- C:\Documents and Settings\Owner\My Documents\TrueCrypt Setup 7.0a.exe

[2010/11/12 01:39:12 | 000,237,568 | ---- | M] () -- C:\windows\System32\rmc_rtspdl.dll

[2010/11/12 01:39:12 | 000,156,672 | ---- | M] (Radioactive) -- C:\windows\System32\rmc_fixasf.exe

[2010/11/11 23:41:47 | 000,000,938 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Media Player Classic.lnk

[2010/11/11 23:38:33 | 000,000,897 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\WAV MP3 Converter.lnk

[2010/11/11 22:37:56 | 000,019,734 | ---- | M] () -- C:\windows\System32\oemlogo.bmp

[2010/11/11 22:37:56 | 000,000,431 | ---- | M] () -- C:\windows\System32\oeminfo.ini

[2010/11/11 22:12:11 | 000,000,463 | ---- | M] () -- C:\windows\txp-lcn.ini

[2010/11/11 22:06:22 | 000,000,103 | ---- | M] () -- C:\windows\_vmtxp.ini

[2010/11/11 21:55:38 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk

[2010/11/11 20:49:27 | 000,000,610 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk

[2010/11/11 20:49:27 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk

[2010/10/26 11:53:22 | 000,000,608 | ---- | M] () -- C:\windows\QUICKEN.INI

[2010/10/26 11:25:27 | 000,001,554 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk

[2010/10/26 11:25:27 | 000,001,536 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ImgBurn.lnk

[2010/10/25 17:33:08 | 000,316,640 | ---- | M] () -- C:\windows\WMSysPr9.prx

[2010/10/25 16:56:09 | 000,000,812 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk

[2010/10/25 16:33:41 | 000,250,048 | RHS- | M] () -- C:\ntldr

[2010/10/25 14:58:19 | 000,001,737 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk

[2010/10/25 14:56:15 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\System32\deployJava1.dll

[2010/10/25 14:56:15 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\System32\javaws.exe

[2010/10/25 14:56:15 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\System32\javaw.exe

[2010/10/25 14:56:15 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\System32\java.exe

[2010/10/25 14:56:15 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\System32\javacpl.cpl

[2010/10/25 07:07:06 | 000,000,283 | RHS- | M] () -- C:\boot.ini

========== Files Created - No Company Name ==========

[2010/11/22 19:43:51 | 2130,235,392 | -HS- | C] () -- C:\hiberfil.sys

[2010/11/22 18:29:10 | 000,000,055 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\pcouffin.log

[2010/11/22 18:29:09 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\inst.exe

[2010/11/22 18:29:09 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\pcouffin.cat

[2010/11/22 18:29:09 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\pcouffin.inf

[2010/11/22 01:32:43 | 000,004,096 | ---- | C] () -- C:\windows\System32\drivers\nocashio.sys

[2010/11/22 00:40:13 | 000,002,310 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Hex Editor Neo.lnk

[2010/11/22 00:40:13 | 000,002,292 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Hex Editor Neo.lnk

[2010/11/22 00:32:50 | 000,000,652 | ---- | C] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\MagicDisc.lnk

[2010/11/22 00:32:49 | 000,000,640 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\MagicDisc.lnk

[2010/11/21 05:20:13 | 000,000,714 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/11/21 02:37:08 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\YouTube Downloader.lnk

[2010/11/17 23:50:48 | 000,000,408 | ---- | C] () -- C:\windows\tasks\Auslogics BoostSpeed Integrator Start On Windows Logon.job

[2010/11/17 23:50:04 | 000,000,924 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Auslogics BoostSpeed.lnk

[2010/11/17 23:50:04 | 000,000,906 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Auslogics BoostSpeed.lnk

[2010/11/17 23:09:12 | 000,000,000 | ---- | C] () -- C:\windows\nsreg.dat

[2010/11/17 22:49:42 | 000,001,626 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2010/11/17 22:49:42 | 000,001,608 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

[2010/11/17 17:57:51 | 000,002,576 | ---- | C] () -- C:\windows\System32\ASOROSet.bin

[2010/11/16 20:39:50 | 000,001,732 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk

[2010/11/15 17:39:53 | 000,000,000 | -H-- | C] () -- C:\windows\System32\drivers\Msft_Kernel_xusb21_01007.Wdf

[2010/11/15 17:39:50 | 000,000,000 | -H-- | C] () -- C:\windows\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf

[2010/11/14 21:32:32 | 000,000,747 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\SpeedUpMyPC.lnk

[2010/11/14 21:32:32 | 000,000,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SpeedUpMyPC.lnk

[2010/11/14 21:23:22 | 000,000,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PS3 Media Server.lnk

[2010/11/14 19:18:37 | 000,000,851 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Format Factory.lnk

[2010/11/13 02:15:52 | 000,001,701 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\mkv2vob.lnk

[2010/11/13 01:01:54 | 000,000,820 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk

[2010/11/13 01:01:54 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk

[2010/11/12 17:46:21 | 000,001,057 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\vso_ts_preview.xml

[2010/11/12 16:38:37 | 000,000,885 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\OpenOffice.org 3.2.lnk

[2010/11/12 11:47:20 | 000,752,944 | ---- | C] () -- C:\windows\System32\drivers\NIS\1201000.025\Cat.DB

[2010/11/12 11:47:14 | 000,007,456 | ---- | C] () -- C:\windows\System32\drivers\SYMEVENT.CAT

[2010/11/12 11:47:14 | 000,000,805 | ---- | C] () -- C:\windows\System32\drivers\SYMEVENT.INF

[2010/11/12 11:47:04 | 000,001,973 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton Internet Security.LNK

[2010/11/12 11:46:45 | 000,003,373 | R--- | C] () -- C:\windows\System32\drivers\NIS\1201000.025\SymEFA.inf

[2010/11/12 11:46:45 | 000,002,792 | R--- | C] () -- C:\windows\System32\drivers\NIS\1201000.025\SymDS.inf

[2010/11/12 11:46:45 | 000,001,473 | R--- | C] () -- C:\windows\System32\drivers\NIS\1201000.025\SymNetV.inf

[2010/11/12 11:46:45 | 000,001,445 | R--- | C] () -- C:\windows\System32\drivers\NIS\1201000.025\SymNet.inf

[2010/11/12 11:46:45 | 000,001,389 | R--- | C] () -- C:\windows\System32\drivers\NIS\1201000.025\srtspx.inf

[2010/11/12 11:46:45 | 000,001,383 | R--- | C] () -- C:\windows\System32\drivers\NIS\1201000.025\srtsp.inf

[2010/11/12 11:46:45 | 000,000,741 | R--- | C] () -- C:\windows\System32\drivers\NIS\1201000.025\Iron.inf

[2010/11/12 11:46:44 | 000,007,787 | R--- | C] () -- C:\windows\System32\drivers\NIS\1201000.025\symnetv.cat

[2010/11/12 11:46:44 | 000,007,446 | R--- | C] () -- C:\windows\System32\drivers\NIS\1201000.025\SymNet.cat

[2010/11/12 11:46:44 | 000,007,444 | R--- | C] () -- C:\windows\System32\drivers\NIS\1201000.025\SymEFA.cat

[2010/11/12 11:46:44 | 000,007,442 | R--- | C] () -- C:\windows\System32\drivers\NIS\1201000.025\srtspx.cat

[2010/11/12 11:46:44 | 000,007,438 | R--- | C] () -- C:\windows\System32\drivers\NIS\1201000.025\SymDS.cat

[2010/11/12 11:46:44 | 000,007,438 | R--- | C] () -- C:\windows\System32\drivers\NIS\1201000.025\srtsp.cat

[2010/11/12 11:46:44 | 000,007,438 | R--- | C] () -- C:\windows\System32\drivers\NIS\1201000.025\iron.cat

[2010/11/12 11:46:44 | 000,000,172 | ---- | C] () -- C:\windows\System32\drivers\NIS\1201000.025\isolate.ini

[2010/11/12 11:24:48 | 000,000,955 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Spybot - Search & Destroy (for blind users).lnk

[2010/11/12 11:24:48 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk

[2010/11/12 11:24:48 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Spybot - Search & Destroy.lnk

[2010/11/12 11:14:53 | 003,883,008 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\True Crypt

[2010/11/12 11:04:11 | 000,369,152 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\ISORecorderV2RC1.msi

[2010/11/12 10:51:53 | 000,000,640 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TrueCrypt.lnk

[2010/11/12 00:16:38 | 000,237,568 | ---- | C] () -- C:\windows\System32\rmc_rtspdl.dll

[2010/11/11 23:41:47 | 000,000,938 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Media Player Classic.lnk

[2010/11/11 23:41:45 | 000,165,376 | ---- | C] () -- C:\windows\System32\unrar.dll

[2010/11/11 23:41:44 | 000,000,038 | ---- | C] () -- C:\windows\avisplitter.ini

[2010/11/11 23:41:41 | 000,790,528 | ---- | C] () -- C:\windows\System32\xvidcore.dll

[2010/11/11 23:41:40 | 000,134,144 | ---- | C] () -- C:\windows\System32\xvidvfw.dll

[2010/11/11 23:41:40 | 000,108,032 | ---- | C] () -- C:\windows\System32\ff_vfw.dll

[2010/11/11 23:38:33 | 000,000,897 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\WAV MP3 Converter.lnk

[2010/11/11 22:12:11 | 000,000,463 | ---- | C] () -- C:\windows\txp-lcn.ini

[2010/11/11 22:06:08 | 000,000,103 | ---- | C] () -- C:\windows\_vmtxp.ini

[2010/11/11 21:55:38 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk

[2010/10/26 13:11:08 | 000,073,728 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/10/26 11:25:27 | 000,001,554 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk

[2010/10/26 11:25:27 | 000,001,536 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ImgBurn.lnk

[2010/10/25 14:58:19 | 000,001,737 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk

[2010/10/01 20:49:03 | 000,067,630 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\bdinstall.bin

[2004/09/17 18:37:42 | 000,061,440 | ---- | C] () -- C:\windows\System32\vuins32.dll

[2003/07/26 04:17:16 | 000,000,061 | ---- | C] () -- C:\windows\smscfg.ini

[2003/07/26 04:16:43 | 000,000,000 | ---- | C] () -- C:\windows\System32\iAlmcoin.dll

[2003/07/26 02:57:44 | 000,000,051 | ---- | C] () -- C:\windows\System32\mshrml.ini

[2003/07/24 04:05:31 | 000,167,936 | ---- | C] () -- C:\windows\System32\PCDrJNI_1_1.dll

[2003/07/24 04:02:11 | 000,025,438 | ---- | C] () -- C:\windows\System32\CHODDI.SYS

[2003/07/24 04:01:47 | 000,024,576 | ---- | C] () -- C:\windows\System32\syscontr.dll

[2003/07/24 04:01:15 | 000,045,056 | ---- | C] () -- C:\windows\System32\hpreg.dll

[2003/07/24 03:47:54 | 000,000,052 | ---- | C] () -- C:\windows\intuprof.ini

[2003/07/24 03:47:40 | 000,000,608 | ---- | C] () -- C:\windows\QUICKEN.INI

[2003/07/24 03:19:54 | 000,001,793 | ---- | C] () -- C:\windows\System32\fxsperf.ini

[2003/07/24 02:52:31 | 000,363,520 | ---- | C] () -- C:\windows\System32\psisdecd.dll

[2003/07/24 02:44:55 | 000,299,073 | ---- | C] () -- C:\windows\System32\PythonCOM22.dll

[2003/07/24 02:44:55 | 000,065,536 | ---- | C] () -- C:\windows\System32\PyWinTypes22.dll

[2003/07/24 02:44:37 | 000,016,896 | ---- | C] () -- C:\windows\System32\bcbmm.dll

[2003/07/24 02:32:33 | 000,000,802 | ---- | C] () -- C:\windows\orun32.ini

[2003/07/24 02:18:12 | 000,000,431 | ---- | C] () -- C:\windows\System32\oeminfo.ini

[2003/07/23 23:46:21 | 000,000,438 | ---- | C] () -- C:\windows\System32\1_ssetup.ini

[2003/07/23 23:46:21 | 000,000,000 | ---- | C] () -- C:\windows\System32\sunistlog.ini

[2003/07/23 19:22:12 | 000,004,161 | ---- | C] () -- C:\windows\ODBCINST.INI

========== LOP Check ==========

[2010/10/02 07:28:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis

[2010/10/01 20:49:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BitDefender

[2010/11/16 19:52:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DFX

[2010/10/26 11:20:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe

[2010/11/21 04:31:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Systweak

[2010/11/22 22:30:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2010/11/12 11:01:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TrueCrypt

[2010/11/12 20:19:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk

[2010/11/16 20:40:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip

[2010/10/26 13:49:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Acronis

[2010/11/17 23:53:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Auslogics

[2010/10/26 11:26:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ImgBurn

[2010/10/25 15:29:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\interMute

[2010/11/12 16:49:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OpenOffice.org

[2010/10/02 06:48:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Opera

[2010/11/17 20:03:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Registry Mechanic

[2003/07/24 04:02:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SampleView

[2010/11/21 04:31:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Systweak

[2010/11/12 12:02:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Tific

[2010/11/12 11:09:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TrueCrypt

[2010/11/14 21:32:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Uniblue

[2010/11/22 18:29:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Vso

[2010/11/22 19:44:28 | 000,000,408 | ---- | M] () -- C:\windows\Tasks\Auslogics BoostSpeed Integrator Start On Windows Logon.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 48 bytes -> C:\Documents and Settings\All Users\DRM:??????????

@Alternate Data Stream - 159 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07BF512B

@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8

@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1

< End of report >

[dr.]

OTL logfile created on: 11/22/2010 10:13:47 PM - Run 1

OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Owner\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 65.00% Memory free

5.00 Gb Paging File | 4.00 Gb Available in Paging File | 89.00% Paging File free

Paging file location(s): [binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files

Drive C: | 68.35 Gb Total Space | 48.96 Gb Free Space | 71.63% Space Free | Partition Type: NTFS

Drive D: | 465.64 Gb Total Space | 334.78 Gb Free Space | 71.90% Space Free | Partition Type: FAT32

Computer Name: YOUR-LK4RLMSU41 | User Name: Owner | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/22 22:09:53 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe

PRC - [2010/10/25 12:27:44 | 001,096,872 | ---- | M] (Auslogics) -- C:\Program Files\Auslogics\Auslogics BoostSpeed\boostspeed.exe

PRC - [2010/10/08 16:00:10 | 000,836,464 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe

PRC - [2010/07/22 23:05:56 | 000,126,904 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe

PRC - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2010/04/29 15:39:32 | 000,437,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2009/09/30 17:57:20 | 000,718,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe

PRC - [2009/03/05 18:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

PRC - [2009/02/23 19:43:12 | 000,576,000 | ---- | M] (MagicISO, Inc.) -- C:\Program Files\MagicDisc\MagicDisc.exe

PRC - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2007/10/30 21:51:44 | 000,492,720 | ---- | M] () -- C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe

PRC - [2007/10/30 21:07:38 | 000,427,288 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

PRC - [2004/11/02 17:59:50 | 000,316,544 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

PRC - [2003/02/25 05:33:14 | 000,069,632 | ---- | M] (S3 Graphics, Inc.) -- C:\WINDOWS\system32\S3tray2.exe

========== Modules (SafeList) ==========

MOD - [2010/11/22 22:09:53 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe

MOD - [2010/08/23 10:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

MOD - [2010/08/16 21:39:11 | 000,413,552 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\18.1.0.37\asOEHook.dll

MOD - [2009/07/12 01:02:02 | 000,653,120 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton Internet Security\Engine\18.1.0.37\Microsoft.VC90.CRT\msvcr90.dll

MOD - [2009/07/12 01:02:00 | 000,569,664 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton Internet Security\Engine\18.1.0.37\Microsoft.VC90.CRT\msvcp90.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (NMIndexingService)

SRV - File not found [On_Demand | Stopped] -- C:\windows\System32\appmgmts.dll -- (AppMgmt)

SRV - [2010/07/22 23:05:56 | 000,126,904 | R--- | M] (Symantec Corporation) [unknown | Running] -- C:\Program Files\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe -- (NIS)

SRV - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2010/03/18 18:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state)

SRV - [2010/03/18 15:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)

SRV - [2010/03/18 15:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)

SRV - [2007/10/30 21:51:44 | 000,492,720 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe -- (TryAndDecideService)

SRV - [2007/10/30 21:07:38 | 000,427,288 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)

SRV - [2004/11/02 17:59:50 | 000,316,544 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe -- (SymWSC)

========== Driver Services (SafeList) ==========

DRV - [2010/11/22 01:32:43 | 000,004,096 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nocashio.sys -- (nocashio)

DRV - [2010/11/16 04:27:00 | 001,371,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20101122.022\NAVEX15.SYS -- (NAVEX15)

DRV - [2010/11/16 04:27:00 | 000,086,064 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20101122.022\NAVENG.SYS -- (NAVENG)

DRV - [2010/11/12 11:47:14 | 000,126,512 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)

DRV - [2010/11/12 10:51:51 | 000,231,248 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\truecrypt.sys -- (truecrypt)

DRV - [2010/11/11 03:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)

DRV - [2010/11/11 03:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)

DRV - [2010/11/03 18:07:06 | 000,691,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20101104.001\BHDrvx86.sys -- (BHDrvx86)

DRV - [2010/10/19 14:36:22 | 000,341,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20101122.004\IDSXpx86.sys -- (IDSxpx86)

DRV - [2010/10/02 07:28:09 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\timntr.sys -- (timounter)

DRV - [2010/10/02 07:28:09 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)

DRV - [2010/10/02 07:27:57 | 000,129,248 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\snapman.sys -- (snapman)

DRV - [2010/10/02 07:27:38 | 000,368,544 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\tdrpman.sys -- (tdrpman)

DRV - [2010/07/28 21:33:05 | 000,666,672 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\windows\system32\drivers\NIS\1201000.025\SYMEFA.SYS -- (SymEFA)

DRV - [2010/07/28 20:54:36 | 000,489,008 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\windows\system32\drivers\NIS\1201000.025\SRTSP.SYS -- (SRTSP)

DRV - [2010/07/28 20:54:36 | 000,050,096 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\windows\system32\drivers\NIS\1201000.025\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)

DRV - [2010/07/21 19:27:14 | 000,043,952 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIMMP)

DRV - [2010/07/21 19:27:14 | 000,043,952 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIM)

DRV - [2010/07/12 19:20:22 | 000,369,072 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\windows\system32\drivers\NIS\1201000.025\SYMTDI.SYS -- (SYMTDI)

DRV - [2010/06/26 22:05:55 | 000,134,704 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\windows\system32\drivers\NIS\1201000.025\Ironx86.SYS -- (SymIRON)

DRV - [2010/06/13 04:50:57 | 000,339,504 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\NIS\1201000.025\SYMDS.SYS -- (SymDS)

DRV - [2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2009/09/09 20:24:14 | 000,062,424 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\xusb21.sys -- (xusb21)

DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)

DRV - [2008/04/13 12:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)

DRV - [2004/10/01 11:24:02 | 002,279,424 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)

DRV - [2004/08/03 23:29:54 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)

DRV - [2003/06/19 02:59:00 | 000,140,800 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\windows\System32\DRIVERS\fasttx2k.sys -- (fasttx2k)

DRV - [2003/05/26 14:57:50 | 000,166,912 | ---- | M] (S3 Graphics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\s3gnbm.sys -- (S3Psddr)

DRV - [2003/05/06 16:34:56 | 000,394,752 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)

DRV - [2003/04/11 09:51:30 | 000,010,624 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)

DRV - [2003/03/31 22:29:42 | 000,625,537 | ---- | M] (LT) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)

DRV - [2003/03/19 23:51:00 | 000,018,688 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\windows\System32\DRIVERS\nv_agp.sys -- (nv_agp)

DRV - [2003/02/20 17:18:36 | 000,036,608 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\windows\System32\DRIVERS\SISAGPX.sys -- (SISAGP)

DRV - [2002/12/27 12:41:00 | 000,026,880 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\windows\System32\DRIVERS\viaagp1.sys -- (viaagp1)

DRV - [2002/10/04 18:04:10 | 000,046,976 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)

DRV - [2002/07/29 23:43:50 | 000,023,808 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus9.hpwis.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus9.hpwis.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://srch-qus9.hpwis.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=14597&l=dis

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0

FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.1

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - HKLM\software\mozilla\Firefox\extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ [2010/11/12 11:48:30 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn\ [2010/11/12 11:46:41 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/17 23:09:06 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/17 22:49:31 | 000,000,000 | ---D | M]

[2010/11/17 23:09:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions

[2010/11/22 18:59:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\fzr1aavl.default\extensions

[2010/11/17 23:36:57 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\fzr1aavl.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/11/17 23:10:03 | 000,002,470 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\fzr1aavl.default\searchplugins\safesearch.xml

[2010/11/17 22:49:32 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/11/17 17:10:55 | 000,433,944 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 127.0.0.1 ad.de.doubleclick.net

O1 - Hosts: 127.0.0.1 ad.dk.doubleclick.net

O1 - Hosts: 127.0.0.1 ad.doubleclick.net

O1 - Hosts: 127.0.0.1 ad.es.doubleclick.net

O1 - Hosts: 127.0.0.1 ad.fr.doubleclick.net

O1 - Hosts: 127.0.0.1 ad.it.doubleclick.net

O1 - Hosts: 127.0.0.1 ad.jp.doubleclick.net

O1 - Hosts: 127.0.0.1 ad.kr.doubleclick.net

O1 - Hosts: 127.0.0.1 ad.linkexchange.com

O1 - Hosts: 127.0.0.1 ad.linksynergy.com

O1 - Hosts: 127.0.0.1 ad.nl.doubleclick.net

O1 - Hosts: 127.0.0.1 ad.no.doubleclick.net

O1 - Hosts: 127.0.0.1 ad.preferences.com

O1 - Hosts: 127.0.0.1 ad.se.doubleclick.net

O1 - Hosts: 127.0.0.1 ad.sma.punto.net

O1 - Hosts: 127.0.0.1 ad.uk.doubleclick.net

O1 - Hosts: 127.0.0.1 ad.webprovider.com

O1 - Hosts: 127.0.0.1 ad08.focalink.com

O1 - Hosts: 127.0.0.1 ad1.adcept.net

O1 - Hosts: 127.0.0.1 ad2.adcept.net

O1 - Hosts: 127.0.0.1 ad3.adcept.net

O1 - Hosts: 127.0.0.1 ad-adex3.flycast.com

O1 - Hosts: 127.0.0.1 adcontroller.unicast.com

O1 - Hosts: 127.0.0.1 adcreatives.imaginemedia.com

O1 - Hosts: 14900 more lines...

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.1.0.37\CoIEPlg.dll (Symantec Corporation)

O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.1.0.37\IPSBHO.dll (Symantec Corporation)

O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.1.0.37\CoIEPlg.dll (Symantec Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.1.0.37\CoIEPlg.dll (Symantec Corporation)

O4 - HKLM..\Run: [KernelFaultCheck] File not found

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [NvCplDaemon] C:\windows\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\windows\System32\nwiz.exe (NVIDIA Corporation)

O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()

O4 - HKLM..\Run: [s3TRAY2] C:\windows\System32\S3tray2.exe (S3 Graphics, Inc.)

O4 - HKLM..\Run: [XboxStat] c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)

O4 - HKCU..\Run: [NVIEW] C:\windows\System32\nview.dll (NVIDIA Corporation)

O4 - HKCU..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5...heckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1285986839921 (WUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)

O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 76.7.255.188 65.164.201.148

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\fsp_lmwl: DllName - Reg Error: Value error. - Reg Error: Value error. File not found

O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\windows\System32\igfxsrvc.dll (Intel Corporation)

O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O30 - LSA: Authentication Packages - (relog_ap) - C:\windows\System32\relog_ap.dll (Acronis)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2003/07/24 02:29:01 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2002/10/17 09:56:50 | 000,000,036 | RH-- | M] () - D:\autorun.inf -- [ FAT32 ]

O32 - AutoRun File - [2006/02/09 14:59:36 | 000,000,000 | RH-D | M] - D:\autorun -- [ FAT32 ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O34 - HKLM BootExecute: (sasnative32) - File not found

O34 - HKLM BootExecute: (Execute settings...) - File not found

O34 - HKLM BootExecute: (on\Explore) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/22 22:09:53 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe

[2010/11/22 19:43:04 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent

[2010/11/22 19:32:35 | 000,000,000 | ---D | C] -- C:\windows\Minidump

[2010/11/22 18:29:09 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Owner\Application Data\pcouffin.sys

[2010/11/22 18:29:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\PcSetup

[2010/11/22 00:40:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\HHD Software

[2010/11/22 00:32:36 | 000,116,736 | ---- | C] (MagicISO, Inc.) -- C:\windows\System32\drivers\mcdbus.sys

[2010/11/22 00:32:33 | 000,000,000 | ---D | C] -- C:\Program Files\MagicDisc

[2010/11/21 19:29:06 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\Desktop\DBvsSF

[2010/11/21 19:28:48 | 000,000,000 | -H-D | C] -- C:\windows\PIF

[2010/11/21 05:23:59 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Installer Clean Up

[2010/11/21 05:23:06 | 000,000,000 | ---D | C] -- C:\Program Files\MSECACHE

[2010/11/21 05:20:00 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys

[2010/11/21 05:19:57 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys

[2010/11/21 05:19:57 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010/11/21 02:53:12 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\Desktop\Virtualdub

[2010/11/21 02:37:04 | 000,000,000 | ---D | C] -- C:\Program Files\YouTube Downloader

[2010/11/21 02:11:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\WMTools Downloaded Files

[2010/11/21 02:01:52 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos

[2010/11/21 02:01:51 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\My Documents\My Videos

[2010/11/20 15:07:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Identities

[2010/11/18 18:13:20 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\Desktop\Nintendo 64 (N64)

[2010/11/18 15:59:39 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XAudio2_7.dll

[2010/11/18 15:59:39 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XAPOFX1_5.dll

[2010/11/18 15:59:38 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\D3DCompiler_43.dll

[2010/11/18 15:59:38 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xactengine3_7.dll

[2010/11/18 15:59:37 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dcsx_43.dll

[2010/11/18 15:59:36 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx11_43.dll

[2010/11/18 15:59:35 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\D3DX9_43.dll

[2010/11/18 15:59:35 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx10_43.dll

[2010/11/18 15:59:34 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XAudio2_6.dll

[2010/11/18 15:59:34 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XAPOFX1_4.dll

[2010/11/18 15:59:33 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xactengine3_6.dll

[2010/11/18 15:59:32 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\X3DAudio1_7.dll

[2010/11/18 15:59:31 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XAudio2_5.dll

[2010/11/18 15:59:29 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xactengine3_5.dll

[2010/11/18 15:59:28 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\D3DCompiler_42.dll

[2010/11/18 15:59:27 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dcsx_42.dll

[2010/11/18 15:59:27 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx11_42.dll

[2010/11/18 15:59:26 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx10_42.dll

[2010/11/18 15:59:25 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\D3DX9_42.dll

[2010/11/18 15:59:24 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\D3DX9_41.dll

[2010/11/18 15:59:24 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\D3DCompiler_41.dll

[2010/11/18 15:59:24 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx10_41.dll

[2010/11/18 15:59:22 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XAudio2_4.dll

[2010/11/18 15:59:22 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XAPOFX1_3.dll

[2010/11/18 15:59:21 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xactengine3_4.dll

[2010/11/18 15:59:21 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\X3DAudio1_6.dll

[2010/11/18 15:59:20 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\D3DCompiler_40.dll

[2010/11/18 15:59:20 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx10_40.dll

[2010/11/18 15:59:19 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\D3DX9_40.dll

[2010/11/18 15:59:18 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XAudio2_3.dll

[2010/11/18 15:59:18 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XAPOFX1_2.dll

[2010/11/18 15:59:17 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xactengine3_3.dll

[2010/11/18 15:59:16 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\X3DAudio1_5.dll

[2010/11/18 15:59:15 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XAudio2_2.dll

[2010/11/18 15:59:15 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XAPOFX1_1.dll

[2010/11/18 15:59:14 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xactengine3_2.dll

[2010/11/18 15:59:13 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\D3DX9_39.dll

[2010/11/18 15:59:13 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\D3DCompiler_39.dll

[2010/11/18 15:59:13 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx10_39.dll

[2010/11/18 15:59:11 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XAudio2_1.dll

[2010/11/18 15:59:11 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xactengine3_1.dll

[2010/11/18 15:59:11 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XAPOFX1_0.dll

[2010/11/18 15:59:10 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\X3DAudio1_4.dll

[2010/11/18 15:59:09 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\D3DCompiler_38.dll

[2010/11/18 15:59:09 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx10_38.dll

[2010/11/18 15:59:08 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\D3DX9_38.dll

[2010/11/18 15:59:07 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XAudio2_0.dll

[2010/11/18 15:59:06 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xactengine3_0.dll

[2010/11/18 15:59:05 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\X3DAudio1_3.dll

[2010/11/18 15:59:04 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\D3DCompiler_37.dll

[2010/11/18 15:59:04 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx10_37.dll

[2010/11/18 15:59:03 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\D3DX9_37.dll

[2010/11/18 15:59:02 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xactengine2_10.dll

[2010/11/18 15:59:01 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\D3DCompiler_36.dll

[2010/11/18 15:59:01 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx10_36.dll

[2010/11/18 15:59:00 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx9_36.dll

[2010/11/18 15:58:58 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xactengine2_9.dll

[2010/11/18 15:58:57 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\D3DCompiler_35.dll

[2010/11/18 15:58:57 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx10_35.dll

[2010/11/18 15:58:56 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx9_35.dll

[2010/11/18 15:58:55 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xactengine2_8.dll

[2010/11/18 15:58:55 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\X3DAudio1_2.dll

[2010/11/18 15:58:54 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\D3DCompiler_34.dll

[2010/11/18 15:58:54 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx10_34.dll

[2010/11/18 15:58:53 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx9_34.dll

[2010/11/18 15:58:50 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xactengine2_7.dll

[2010/11/18 15:58:44 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\D3DCompiler_33.dll

[2010/11/18 15:58:44 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx10_33.dll

[2010/11/18 15:58:38 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx9_33.dll

[2010/11/18 15:58:37 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xactengine2_6.dll

[2010/11/18 15:58:35 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xactengine2_5.dll

[2010/11/18 15:58:34 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx9_32.dll

[2010/11/18 15:58:32 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xactengine2_4.dll

[2010/11/18 15:58:32 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\x3daudio1_1.dll

[2010/11/18 15:58:31 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx9_31.dll

[2010/11/18 15:58:30 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xactengine2_3.dll

[2010/11/18 15:58:29 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xinput1_2.dll

[2010/11/18 15:58:28 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xactengine2_2.dll

[2010/11/18 15:58:27 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xinput1_1.dll

[2010/11/18 15:58:25 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xactengine2_1.dll

[2010/11/18 15:58:20 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xactengine2_0.dll

[2010/11/18 15:58:20 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\x3daudio1_0.dll

[2010/11/18 15:58:19 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx9_29.dll

[2010/11/18 15:58:18 | 000,061,136 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xinput9_1_0.dll

[2010/11/18 15:58:17 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx9_27.dll

[2010/11/18 15:58:15 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx9_26.dll

[2010/11/18 15:58:14 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx9_25.dll

[2010/11/18 15:58:12 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx9_24.dll

[2010/11/18 15:54:20 | 000,000,000 | ---D | C] -- C:\windows\Logs

[2010/11/18 15:02:53 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\Desktop\PS2

[2010/11/17 23:53:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Auslogics

[2010/11/17 23:49:50 | 000,000,000 | ---D | C] -- C:\Program Files\Auslogics

[2010/11/17 23:08:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla

[2010/11/17 23:08:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Mozilla

[2010/11/17 22:49:28 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox

[2010/11/17 21:07:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DirectX

[2010/11/17 21:05:58 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\Desktop\dreamcast

[2010/11/17 20:05:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Downloads

[2010/11/17 20:01:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Registry Mechanic

[2010/11/17 18:24:56 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\Desktop\SNES ROMS

[2010/11/17 17:57:51 | 000,016,184 | ---- | C] (Systweak Inc., (www.systweak.com)) -- C:\windows\System32\ROBoot.exe

[2010/11/17 17:45:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Systweak

[2010/11/17 17:42:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Systweak

[2010/11/17 15:09:53 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Xbox 360 Accessories

[2010/11/17 11:55:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Threat Expert

[2010/11/16 20:40:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\WinZip

[2010/11/16 20:39:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WinZip

[2010/11/16 20:39:03 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip

[2010/11/16 19:57:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\DFX

[2010/11/16 19:54:45 | 000,000,000 | ---D | C] -- C:\Program Files\DFX

[2010/11/16 19:54:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DFX

[2010/11/16 19:52:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DFX

[2010/11/16 13:13:12 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\Desktop\Super Nintendo

[2010/11/16 11:40:33 | 000,000,000 | ---D | C] -- C:\windows\System32\XPSViewer

[2010/11/16 11:40:28 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild

[2010/11/16 11:40:17 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies

[2010/11/16 11:39:32 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\prntvpt.dll

[2010/11/16 11:39:31 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xpssvcs.dll

[2010/11/16 11:39:31 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\xpssvcs.dll

[2010/11/16 11:39:31 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\printfilterpipelinesvc.exe

[2010/11/16 11:39:31 | 000,575,488 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\xpsshhdr.dll

[2010/11/16 11:39:31 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\filterpipelineprintproc.dll

[2010/11/16 11:39:30 | 000,000,000 | ---D | C] -- C:\c2abe63ea84c83266ac191

[2010/11/16 10:38:38 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2010/11/16 10:32:41 | 000,000,000 | ---D | C] -- C:\0ac34ef71f547cdfb08e67

[2010/11/16 10:32:25 | 000,000,000 | ---D | C] -- C:\56e44aa85a13a069f62108561b886a

[2010/11/16 01:18:15 | 000,043,952 | R--- | C] (Symantec Corporation) -- C:\windows\System32\drivers\SymIM.sys

[2010/11/16 01:06:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2010/11/15 23:56:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes

[2010/11/15 23:56:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2010/11/15 23:19:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Readon_Technology

[2010/11/15 23:19:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Readon Player

[2010/11/15 22:54:58 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET

[2010/11/15 22:28:39 | 000,000,000 | ---D | C] -- C:\windows\Sun

[2010/11/15 17:37:53 | 000,014,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\spmsgXP_2k3.dll

[2010/11/15 17:29:25 | 001,112,288 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WdfCoInstaller01007.dll

[2010/11/15 17:29:25 | 000,062,424 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\xusb21.sys

[2010/11/15 17:29:25 | 000,000,000 | ---D | C] -- C:\windows\System32\DRVSTORE

[2010/11/15 17:29:14 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xinput1_3.dll

[2010/11/14 21:40:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Acronis

[2010/11/14 21:32:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Uniblue

[2010/11/14 21:32:29 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue

[2010/11/14 21:23:07 | 000,000,000 | ---D | C] -- C:\Program Files\PS3 Media Server

[2010/11/14 19:19:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\FFOutput

[2010/11/14 19:18:11 | 000,000,000 | ---D | C] -- C:\Program Files\FreeTime

[2010/11/13 02:15:49 | 000,000,000 | ---D | C] -- C:\Program Files\mkv2vob

[2010/11/13 01:04:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Yahoo

[2010/11/13 01:02:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Yahoo!

[2010/11/13 01:01:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo!

[2010/11/13 00:56:46 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!

[2010/11/12 20:19:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\vsosdk

[2010/11/12 18:18:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\ConvertXToDVD

[2010/11/12 17:46:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Vso

[2010/11/12 17:45:11 | 000,000,000 | ---D | C] -- C:\Program Files\VSO

[2010/11/12 16:49:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\OpenOffice.org

[2010/11/12 16:37:39 | 000,000,000 | ---D | C] -- C:\Program Files\JRE

[2010/11/12 16:37:33 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3

[2010/11/12 16:36:43 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\javaws.exe

[2010/11/12 16:36:43 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\javaw.exe

[2010/11/12 16:36:43 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\java.exe

[2010/11/12 12:02:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Tific

[2010/11/12 12:01:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Symantec

[2010/11/12 11:49:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Symantec

[2010/11/12 11:47:14 | 000,126,512 | ---- | C] (Symantec Corporation) -- C:\windows\System32\drivers\SYMEVENT.SYS

[2010/11/12 11:47:14 | 000,060,808 | ---- | C] (Symantec Corporation) -- C:\windows\System32\S32EVNT1.DLL

[2010/11/12 11:47:02 | 000,666,672 | R--- | C] (Symantec Corporation) -- C:\windows\System32\drivers\NIS\1201000.025\SymEFA.sys

[2010/11/12 11:47:02 | 000,489,008 | R--- | C] (Symantec Corporation) -- C:\windows\System32\drivers\NIS\1201000.025\srtsp.sys

[2010/11/12 11:47:02 | 000,369,072 | R--- | C] (Symantec Corporation) -- C:\windows\System32\drivers\NIS\1201000.025\symtdi.sys

[2010/11/12 11:47:02 | 000,339,504 | R--- | C] (Symantec Corporation) -- C:\windows\System32\drivers\NIS\1201000.025\SymDS.sys

[2010/11/12 11:47:02 | 000,331,312 | R--- | C] (Symantec Corporation) -- C:\windows\System32\drivers\NIS\1201000.025\symtdiv.sys

[2010/11/12 11:47:02 | 000,294,448 | R--- | C] (Symantec Corporation) -- C:\windows\System32\drivers\NIS\1201000.025\symnets.sys

[2010/11/12 11:47:02 | 000,134,704 | R--- | C] (Symantec Corporation) -- C:\windows\System32\drivers\NIS\1201000.025\Ironx86.sys

[2010/11/12 11:47:02 | 000,050,096 | R--- | C] (Symantec Corporation) -- C:\windows\System32\drivers\NIS\1201000.025\srtspx.sys

[2010/11/12 11:46:44 | 000,000,000 | ---D | C] -- C:\windows\System32\drivers\NIS

[2010/11/12 11:46:44 | 000,000,000 | ---D | C] -- C:\windows\System32\drivers\NIS\1201000.025

[2010/11/12 11:46:41 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar

[2010/11/12 11:46:41 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Internet Security

[2010/11/12 11:46:20 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller

[2010/11/12 11:41:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller

[2010/11/12 11:35:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Norton

[2010/11/12 11:35:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton

[2010/11/12 11:24:41 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy

[2010/11/12 11:24:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

[2010/11/12 11:03:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Adobe

[2010/11/12 11:01:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TrueCrypt

[2010/11/12 10:52:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\TrueCrypt

[2010/11/12 10:51:51 | 000,231,248 | ---- | C] (TrueCrypt Foundation) -- C:\windows\System32\drivers\truecrypt.sys

[2010/11/12 10:51:50 | 000,000,000 | ---D | C] -- C:\Program Files\TrueCrypt

[2010/11/12 10:49:49 | 003,487,848 | ---- | C] (TrueCrypt Foundation) -- C:\Documents and Settings\Owner\My Documents\TrueCrypt Setup 7.0a.exe

[2010/11/12 00:51:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Media Player Classic

[2010/11/12 00:16:39 | 000,156,672 | ---- | C] (Radioactive) -- C:\windows\System32\rmc_fixasf.exe

[2010/11/12 00:12:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\mdnslib

[2010/11/12 00:12:44 | 000,000,000 | ---D | C] -- C:\windows\Applian Director

[2010/11/12 00:12:44 | 000,000,000 | ---D | C] -- C:\Program Files\Applian Director

[2010/11/12 00:12:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\FLVService

[2010/11/12 00:12:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Ask and Record Toolbar

[2010/11/12 00:12:19 | 000,000,000 | ---D | C] -- C:\windows\Replay Media Catcher

[2010/11/11 23:41:42 | 000,232,448 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\windows\System32\mp3fhg.acm

[2010/11/11 23:41:41 | 000,217,088 | ---- | C] (www.helixcommunity.org) -- C:\windows\System32\yv12vfw.dll

[2010/11/11 23:41:41 | 000,151,552 | ---- | C] (fccHandler) -- C:\windows\System32\ac3acm.acm

[2010/11/11 23:41:36 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack

[2010/11/11 23:38:31 | 000,000,000 | ---D | C] -- C:\Program Files\Hoo Technologies

[2010/11/11 22:11:11 | 000,000,000 | ---D | C] -- C:\Program Files\Tweak-XP

[2010/11/11 22:10:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard

[2010/11/11 21:26:30 | 000,933,888 | ---- | C] (Adroit Technologies) -- C:\windows\System32\SmartTabs29.ocx

[2010/11/11 21:26:30 | 000,221,184 | ---- | C] (RSP Software - http://rspsoftware.clic3.net) -- C:\windows\System32\rspencr330.ocx

[2010/11/11 21:21:38 | 000,000,000 | ---D | C] -- C:\Program Files\Lock My PC 4

[2010/11/11 21:19:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\WinRAR

[2010/11/11 19:43:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Symantec

[2010/10/27 04:00:21 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0

[2010/10/26 13:49:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Acronis

[2010/10/26 11:26:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\ImgBurn

[2010/10/26 11:25:25 | 000,000,000 | ---D | C] -- C:\Program Files\ImgBurn

[2010/10/26 11:20:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\LightScribe

[2010/10/26 11:18:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Ahead

[2010/10/26 11:15:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LightScribe

[2010/10/26 08:46:49 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\mfc42.dll

[2010/10/26 08:46:49 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\mfc40u.dll

[2010/10/26 08:46:34 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\comctl32.dll

[2010/10/25 17:41:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Ahead

[2010/10/25 17:40:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Ahead

[2010/10/25 17:31:05 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx9_30.dll

[2010/10/25 17:31:04 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx9_28.dll

[2010/10/25 16:53:29 | 000,000,000 | ---D | C] -- C:\windows\Prefetch

[2010/10/25 16:39:43 | 000,000,000 | ---D | C] -- C:\windows\System32\scripting

[2010/10/25 16:39:42 | 000,000,000 | ---D | C] -- C:\windows\l2schemas

[2010/10/25 16:39:41 | 000,000,000 | ---D | C] -- C:\windows\System32\en

[2010/10/25 16:34:02 | 000,000,000 | ---D | C] -- C:\windows\network diagnostic

[2010/10/25 15:34:11 | 000,000,000 | ---D | C] -- C:\windows\pss

[2010/10/25 15:33:49 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner

[2010/10/25 15:05:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\VS Revo Group

[2010/10/25 14:56:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun

[2010/10/25 14:56:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java

[2010/10/25 14:56:30 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\deployJava1.dll

[2010/10/25 14:56:30 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\javacpl.cpl

[2010/10/25 14:54:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Sun

[2010/10/25 14:34:24 | 000,060,032 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\usbaudio.sys

========== Files - Modified Within 30 Days ==========

[2010/11/22 22:09:53 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe

[2010/11/22 19:46:32 | 000,000,412 | ---- | M] () -- C:\windows\tasks\Symantec NetDetect.job

[2010/11/22 19:45:41 | 000,001,394 | ---- | M] () -- C:\windows\System\hpsysdrv.DAT

[2010/11/22 19:44:28 | 000,000,408 | ---- | M] () -- C:\windows\tasks\Auslogics BoostSpeed Integrator Start On Windows Logon.job

[2010/11/22 19:44:03 | 000,002,048 | --S- | M] () -- C:\windows\bootstat.dat

[2010/11/22 19:43:51 | 2130,235,392 | -HS- | M] () -- C:\hiberfil.sys

[2010/11/22 18:29:09 | 000,087,608 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\inst.exe

[2010/11/22 18:29:09 | 000,047,360 | ---- | M] (VSO Software) -- C:\Documents and Settings\Owner\Application Data\pcouffin.sys

[2010/11/22 18:29:09 | 000,007,887 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\pcouffin.cat

[2010/11/22 18:29:09 | 000,001,144 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\pcouffin.inf

[2010/11/22 01:32:43 | 000,004,096 | ---- | M] () -- C:\windows\System32\drivers\nocashio.sys

[2010/11/22 00:40:13 | 000,002,310 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Hex Editor Neo.lnk

[2010/11/22 00:40:13 | 000,002,292 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Hex Editor Neo.lnk

[2010/11/22 00:32:50 | 000,000,652 | ---- | M] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\MagicDisc.lnk

[2010/11/22 00:32:49 | 000,000,640 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\MagicDisc.lnk

[2010/11/21 05:20:13 | 000,000,714 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/11/21 03:06:07 | 000,073,728 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/11/21 02:37:08 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\YouTube Downloader.lnk

[2010/11/18 15:58:37 | 000,752,944 | ---- | M] () -- C:\windows\System32\drivers\NIS\1201000.025\Cat.DB

[2010/11/17 23:50:05 | 000,000,924 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Auslogics BoostSpeed.lnk

[2010/11/17 23:50:04 | 000,000,906 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Auslogics BoostSpeed.lnk

[2010/11/17 23:09:12 | 000,000,000 | ---- | M] () -- C:\windows\nsreg.dat

[2010/11/17 22:49:42 | 000,001,626 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2010/11/17 22:49:42 | 000,001,608 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

[2010/11/17 18:01:42 | 000,002,576 | ---- | M] () -- C:\windows\System32\ASOROSet.bin

[2010/11/17 17:10:55 | 000,433,944 | R--- | M] () -- C:\windows\System32\drivers\etc\HOSTS

[2010/11/17 09:37:09 | 000,502,724 | ---- | M] () -- C:\windows\System32\perfh009.dat

[2010/11/17 09:37:09 | 000,087,682 | ---- | M] () -- C:\windows\System32\perfc009.dat

[2010/11/16 20:39:50 | 000,001,732 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk

[2010/11/16 12:25:32 | 000,153,976 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT

[2010/11/15 17:39:53 | 000,000,000 | -H-- | M] () -- C:\windows\System32\drivers\Msft_Kernel_xusb21_01007.Wdf

[2010/11/15 17:39:50 | 000,000,000 | -H-- | M] () -- C:\windows\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf

[2010/11/15 17:26:28 | 000,001,158 | ---- | M] () -- C:\windows\System32\wpa.dbl

[2010/11/14 21:32:32 | 000,000,747 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\SpeedUpMyPC.lnk

[2010/11/14 21:32:32 | 000,000,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SpeedUpMyPC.lnk

[2010/11/14 21:23:23 | 000,000,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PS3 Media Server.lnk

[2010/11/14 19:18:37 | 000,000,851 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Format Factory.lnk

[2010/11/13 02:15:54 | 000,001,701 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\mkv2vob.lnk

[2010/11/13 01:01:54 | 000,000,820 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk

[2010/11/13 01:01:54 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk

[2010/11/12 20:26:03 | 000,001,057 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\vso_ts_preview.xml

[2010/11/12 16:38:37 | 000,000,885 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\OpenOffice.org 3.2.lnk

[2010/11/12 11:47:14 | 000,126,512 | ---- | M] (Symantec Corporation) -- C:\windows\System32\drivers\SYMEVENT.SYS

[2010/11/12 11:47:14 | 000,060,808 | ---- | M] (Symantec Corporation) -- C:\windows\System32\S32EVNT1.DLL

[2010/11/12 11:47:14 | 000,007,456 | ---- | M] () -- C:\windows\System32\drivers\SYMEVENT.CAT

[2010/11/12 11:47:14 | 000,000,805 | ---- | M] () -- C:\windows\System32\drivers\SYMEVENT.INF

[2010/11/12 11:47:04 | 000,001,973 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton Internet Security.LNK

[2010/11/12 11:24:48 | 000,000,955 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Spybot - Search & Destroy (for blind users).lnk

[2010/11/12 11:24:48 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk

[2010/11/12 11:24:48 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Spybot - Search & Destroy.lnk

[2010/11/12 11:20:54 | 000,009,275 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts.20101112-093003.backup

[2010/11/12 11:14:53 | 003,883,008 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\True Crypt

[2010/11/12 11:04:11 | 000,369,152 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\ISORecorderV2RC1.msi

[2010/11/12 10:51:53 | 000,000,640 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TrueCrypt.lnk

[2010/11/12 10:51:51 | 000,231,248 | ---- | M] (TrueCrypt Foundation) -- C:\windows\System32\drivers\truecrypt.sys

[2010/11/12 10:50:03 | 003,487,848 | ---- | M] (TrueCrypt Foundation) -- C:\Documents and Settings\Owner\My Documents\TrueCrypt Setup 7.0a.exe

[2010/11/12 01:39:12 | 000,237,568 | ---- | M] () -- C:\windows\System32\rmc_rtspdl.dll

[2010/11/12 01:39:12 | 000,156,672 | ---- | M] (Radioactive) -- C:\windows\System32\rmc_fixasf.exe

[2010/11/11 23:41:47 | 000,000,938 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Media Player Classic.lnk

[2010/11/11 23:38:33 | 000,000,897 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\WAV MP3 Converter.lnk

[2010/11/11 22:37:56 | 000,019,734 | ---- | M] () -- C:\windows\System32\oemlogo.bmp

[2010/11/11 22:37:56 | 000,000,431 | ---- | M] () -- C:\windows\System32\oeminfo.ini

[2010/11/11 22:12:11 | 000,000,463 | ---- | M] () -- C:\windows\txp-lcn.ini

[2010/11/11 22:06:22 | 000,000,103 | ---- | M] () -- C:\windows\_vmtxp.ini

[2010/11/11 21:55:38 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk

[2010/11/11 20:49:27 | 000,000,610 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk

[2010/11/11 20:49:27 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk

[2010/10/26 11:53:22 | 000,000,608 | ---- | M] () -- C:\windows\QUICKEN.INI

[2010/10/26 11:25:27 | 000,001,554 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk

[2010/10/26 11:25:27 | 000,001,536 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ImgBurn.lnk

[2010/10/25 17:33:08 | 000,316,640 | ---- | M] () -- C:\windows\WMSysPr9.prx

[2010/10/25 16:56:09 | 000,000,812 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk

[2010/10/25 16:33:41 | 000,250,048 | RHS- | M] () -- C:\ntldr

[2010/10/25 14:58:19 | 000,001,737 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk

[2010/10/25 14:56:15 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\System32\deployJava1.dll

[2010/10/25 14:56:15 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\System32\javaws.exe

[2010/10/25 14:56:15 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\System32\javaw.exe

[2010/10/25 14:56:15 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\System32\java.exe

[2010/10/25 14:56:15 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\System32\javacpl.cpl

[2010/10/25 07:07:06 | 000,000,283 | RHS- | M] () -- C:\boot.ini

========== Files Created - No Company Name ==========

[2010/11/22 19:43:51 | 2130,235,392 | -HS- | C] () -- C:\hiberfil.sys

[2010/11/22 18:29:10 | 000,000,055 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\pcouffin.log

[2010/11/22 18:29:09 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\inst.exe

[2010/11/22 18:29:09 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\pcouffin.cat

[2010/11/22 18:29:09 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\pcouffin.inf

[2010/11/22 01:32:43 | 000,004,096 | ---- | C] () -- C:\windows\System32\drivers\nocashio.sys

[2010/11/22 00:40:13 | 000,002,310 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Hex Editor Neo.lnk

[2010/11/22 00:40:13 | 000,002,292 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Hex Editor Neo.lnk

[2010/11/22 00:32:50 | 000,000,652 | ---- | C] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\MagicDisc.lnk

[2010/11/22 00:32:49 | 000,000,640 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\MagicDisc.lnk

[2010/11/21 05:20:13 | 000,000,714 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/11/21 02:37:08 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\YouTube Downloader.lnk

[2010/11/17 23:50:48 | 000,000,408 | ---- | C] () -- C:\windows\tasks\Auslogics BoostSpeed Integrator Start On Windows Logon.job

[2010/11/17 23:50:04 | 000,000,924 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Auslogics BoostSpeed.lnk

[2010/11/17 23:50:04 | 000,000,906 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Auslogics BoostSpeed.lnk

[2010/11/17 23:09:12 | 000,000,000 | ---- | C] () -- C:\windows\nsreg.dat

[2010/11/17 22:49:42 | 000,001,626 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2010/11/17 22:49:42 | 000,001,608 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

[2010/11/17 17:57:51 | 000,002,576 | ---- | C] () -- C:\windows\System32\ASOROSet.bin

[2010/11/16 20:39:50 | 000,001,732 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk

[2010/11/15 17:39:53 | 000,000,000 | -H-- | C] () -- C:\windows\System32\drivers\Msft_Kernel_xusb21_01007.Wdf

[2010/11/15 17:39:50 | 000,000,000 | -H-- | C] () -- C:\windows\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf

[2010/11/14 21:32:32 | 000,000,747 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\SpeedUpMyPC.lnk

[2010/11/14 21:32:32 | 000,000,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SpeedUpMyPC.lnk

[2010/11/14 21:23:22 | 000,000,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PS3 Media Server.lnk

[2010/11/14 19:18:37 | 000,000,851 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Format Factory.lnk

[2010/11/13 02:15:52 | 000,001,701 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\mkv2vob.lnk

[2010/11/13 01:01:54 | 000,000,820 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk

[2010/11/13 01:01:54 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk

[2010/11/12 17:46:21 | 000,001,057 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\vso_ts_preview.xml

[2010/11/12 16:38:37 | 000,000,885 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\OpenOffice.org 3.2.lnk

[2010/11/12 11:47:20 | 000,752,944 | ---- | C] () -- C:\windows\System32\drivers\NIS\1201000.025\Cat.DB

[2010/11/12 11:47:14 | 000,007,456 | ---- | C] () -- C:\windows\System32\drivers\SYMEVENT.CAT

[2010/11/12 11:47:14 | 000,000,805 | ---- | C] () -- C:\windows\System32\drivers\SYMEVENT.INF

[2010/11/12 11:47:04 | 000,001,973 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton Internet Security.LNK

[2010/11/12 11:46:45 | 000,003,373 | R--- | C] () -- C:\windows\System32\drivers\NIS\1201000.025\SymEFA.inf

[2010/11/12 11:46:45 | 000,002,792 | R--- | C] () -- C:\windows\System32\drivers\NIS\1201000.025\SymDS.inf

[2010/11/12 11:46:45 | 000,001,473 | R--- | C] () -- C:\windows\System32\drivers\NIS\1201000.025\SymNetV.inf

[2010/11/12 11:46:45 | 000,001,445 | R--- | C] () -- C:\windows\System32\drivers\NIS\1201000.025\SymNet.inf

[2010/11/12 11:46:45 | 000,001,389 | R--- | C] () -- C:\windows\System32\drivers\NIS\1201000.025\srtspx.inf

[2010/11/12 11:46:45 | 000,001,383 | R--- | C] () -- C:\windows\System32\drivers\NIS\1201000.025\srtsp.inf

[2010/11/12 11:46:45 | 000,000,741 | R--- | C] () -- C:\windows\System32\drivers\NIS\1201000.025\Iron.inf

[2010/11/12 11:46:44 | 000,007,787 | R--- | C] () -- C:\windows\System32\drivers\NIS\1201000.025\symnetv.cat

[2010/11/12 11:46:44 | 000,007,446 | R--- | C] () -- C:\windows\System32\drivers\NIS\1201000.025\SymNet.cat

[2010/11/12 11:46:44 | 000,007,444 | R--- | C] () -- C:\windows\System32\drivers\NIS\1201000.025\SymEFA.cat

[2010/11/12 11:46:44 | 000,007,442 | R--- | C] () -- C:\windows\System32\drivers\NIS\1201000.025\srtspx.cat

[2010/11/12 11:46:44 | 000,007,438 | R--- | C] () -- C:\windows\System32\drivers\NIS\1201000.025\SymDS.cat

[2010/11/12 11:46:44 | 000,007,438 | R--- | C] () -- C:\windows\System32\drivers\NIS\1201000.025\srtsp.cat

[2010/11/12 11:46:44 | 000,007,438 | R--- | C] () -- C:\windows\System32\drivers\NIS\1201000.025\iron.cat

[2010/11/12 11:46:44 | 000,000,172 | ---- | C] () -- C:\windows\System32\drivers\NIS\1201000.025\isolate.ini

[2010/11/12 11:24:48 | 000,000,955 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Spybot - Search & Destroy (for blind users).lnk

[2010/11/12 11:24:48 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk

[2010/11/12 11:24:48 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Spybot - Search & Destroy.lnk

[2010/11/12 11:14:53 | 003,883,008 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\True Crypt

[2010/11/12 11:04:11 | 000,369,152 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\ISORecorderV2RC1.msi

[2010/11/12 10:51:53 | 000,000,640 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TrueCrypt.lnk

[2010/11/12 00:16:38 | 000,237,568 | ---- | C] () -- C:\windows\System32\rmc_rtspdl.dll

[2010/11/11 23:41:47 | 000,000,938 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Media Player Classic.lnk

[2010/11/11 23:41:45 | 000,165,376 | ---- | C] () -- C:\windows\System32\unrar.dll

[2010/11/11 23:41:44 | 000,000,038 | ---- | C] () -- C:\windows\avisplitter.ini

[2010/11/11 23:41:41 | 000,790,528 | ---- | C] () -- C:\windows\System32\xvidcore.dll

[2010/11/11 23:41:40 | 000,134,144 | ---- | C] () -- C:\windows\System32\xvidvfw.dll

[2010/11/11 23:41:40 | 000,108,032 | ---- | C] () -- C:\windows\System32\ff_vfw.dll

[2010/11/11 23:38:33 | 000,000,897 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\WAV MP3 Converter.lnk

[2010/11/11 22:12:11 | 000,000,463 | ---- | C] () -- C:\windows\txp-lcn.ini

[2010/11/11 22:06:08 | 000,000,103 | ---- | C] () -- C:\windows\_vmtxp.ini

[2010/11/11 21:55:38 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk

[2010/10/26 13:11:08 | 000,073,728 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/10/26 11:25:27 | 000,001,554 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk

[2010/10/26 11:25:27 | 000,001,536 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ImgBurn.lnk

[2010/10/25 14:58:19 | 000,001,737 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk

[2010/10/01 20:49:03 | 000,067,630 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\bdinstall.bin

[2004/09/17 18:37:42 | 000,061,440 | ---- | C] () -- C:\windows\System32\vuins32.dll

[2003/07/26 04:17:16 | 000,000,061 | ---- | C] () -- C:\windows\smscfg.ini

[2003/07/26 04:16:43 | 000,000,000 | ---- | C] () -- C:\windows\System32\iAlmcoin.dll

[2003/07/26 02:57:44 | 000,000,051 | ---- | C] () -- C:\windows\System32\mshrml.ini

[2003/07/24 04:05:31 | 000,167,936 | ---- | C] () -- C:\windows\System32\PCDrJNI_1_1.dll

[2003/07/24 04:02:11 | 000,025,438 | ---- | C] () -- C:\windows\System32\CHODDI.SYS

[2003/07/24 04:01:47 | 000,024,576 | ---- | C] () -- C:\windows\System32\syscontr.dll

[2003/07/24 04:01:15 | 000,045,056 | ---- | C] () -- C:\windows\System32\hpreg.dll

[2003/07/24 03:47:54 | 000,000,052 | ---- | C] () -- C:\windows\intuprof.ini

[2003/07/24 03:47:40 | 000,000,608 | ---- | C] () -- C:\windows\QUICKEN.INI

[2003/07/24 03:19:54 | 000,001,793 | ---- | C] () -- C:\windows\System32\fxsperf.ini

[2003/07/24 02:52:31 | 000,363,520 | ---- | C] () -- C:\windows\System32\psisdecd.dll

[2003/07/24 02:44:55 | 000,299,073 | ---- | C] () -- C:\windows\System32\PythonCOM22.dll

[2003/07/24 02:44:55 | 000,065,536 | ---- | C] () -- C:\windows\System32\PyWinTypes22.dll

[2003/07/24 02:44:37 | 000,016,896 | ---- | C] () -- C:\windows\System32\bcbmm.dll

[2003/07/24 02:32:33 | 000,000,802 | ---- | C] () -- C:\windows\orun32.ini

[2003/07/24 02:18:12 | 000,000,431 | ---- | C] () -- C:\windows\System32\oeminfo.ini

[2003/07/23 23:46:21 | 000,000,438 | ---- | C] () -- C:\windows\System32\1_ssetup.ini

[2003/07/23 23:46:21 | 000,000,000 | ---- | C] () -- C:\windows\System32\sunistlog.ini

[2003/07/23 19:22:12 | 000,004,161 | ---- | C] () -- C:\windows\ODBCINST.INI

========== LOP Check ==========

[2010/10/02 07:28:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis

[2010/10/01 20:49:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BitDefender

[2010/11/16 19:52:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DFX

[2010/10/26 11:20:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe

[2010/11/21 04:31:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Systweak

[2010/11/22 22:30:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2010/11/12 11:01:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TrueCrypt

[2010/11/12 20:19:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk

[2010/11/16 20:40:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip

[2010/10/26 13:49:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Acronis

[2010/11/17 23:53:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Auslogics

[2010/10/26 11:26:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ImgBurn

[2010/10/25 15:29:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\interMute

[2010/11/12 16:49:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OpenOffice.org

[2010/10/02 06:48:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Opera

[2010/11/17 20:03:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Registry Mechanic

[2003/07/24 04:02:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SampleView

[2010/11/21 04:31:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Systweak

[2010/11/12 12:02:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Tific

[2010/11/12 11:09:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TrueCrypt

[2010/11/14 21:32:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Uniblue

[2010/11/22 18:29:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Vso

[2010/11/22 19:44:28 | 000,000,408 | ---- | M] () -- C:\windows\Tasks\Auslogics BoostSpeed Integrator Start On Windows Logon.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 48 bytes -> C:\Documents and Settings\All Users\DRM:??????????

@Alternate Data Stream - 159 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07BF512B

@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8

@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1

< End of report >

>Drivers

>Stealth

>Files

Suspect File: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\BASH\BHREGISTRYINFO.DB-journal Status: Hidden

Suspect File: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\SymDS\Temp\sdmys_E931690641B79AB76BDEF98B Status: Hidden

>Hooks

ntoskrnl.exe+0x00004AA2, Type: Inline - RelativeJump at address 0x804DBAA2 hook handler located in [ntoskrnl.exe]

ntoskrnl.exe+0x0000B704, Type: Inline - RelativeJump at address 0x804E2704 hook handler located in [ntoskrnl.exe]

ntoskrnl.exe+0x0000B788, Type: Inline - RelativeCall at address 0x804E2788 hook handler located in [unknown_code_page]

ntoskrnl.exe+0x0000B78D, Type: Inline - RelativeJump at address 0x804E278D hook handler located in [ntoskrnl.exe]

ntoskrnl.exe+0x0000B79C, Type: Inline - RelativeJump at address 0x804E279C hook handler located in [ntoskrnl.exe]

ntoskrnl.exe+0x0000B880, Type: Inline - RelativeJump at address 0x804E2880 hook handler located in [ntoskrnl.exe]

ntoskrnl.exe+0x0000B8A0, Type: Inline - RelativeJump at address 0x804E28A0 hook handler located in [ntoskrnl.exe]

ntoskrnl.exe+0x0000BAAC, Type: Inline - RelativeJump at address 0x804E2AAC hook handler located in [ntoskrnl.exe]

ntoskrnl.exe+0x0000BAE4, Type: Inline - RelativeJump at address 0x804E2AE4 hook handler located in [ntoskrnl.exe]

ntoskrnl.exe+0x0000BB0C, Type: Inline - RelativeJump at address 0x804E2B0C hook handler located in [ntoskrnl.exe]

[1448]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification at address 0x01001268 hook handler located in [shimeng.dll]

!!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)

[dr.]

>Drivers

>Stealth

>Files

Suspect File: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\BASH\BHREGISTRYINFO.DB-journal Status: Hidden

Suspect File: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\SymDS\Temp\sdmys_E931690641B79AB76BDEF98B Status: Hidden

>Hooks

ntoskrnl.exe+0x00004AA2, Type: Inline - RelativeJump at address 0x804DBAA2 hook handler located in [ntoskrnl.exe]

ntoskrnl.exe+0x0000B704, Type: Inline - RelativeJump at address 0x804E2704 hook handler located in [ntoskrnl.exe]

ntoskrnl.exe+0x0000B788, Type: Inline - RelativeCall at address 0x804E2788 hook handler located in [unknown_code_page]

ntoskrnl.exe+0x0000B78D, Type: Inline - RelativeJump at address 0x804E278D hook handler located in [ntoskrnl.exe]

ntoskrnl.exe+0x0000B79C, Type: Inline - RelativeJump at address 0x804E279C hook handler located in [ntoskrnl.exe]

ntoskrnl.exe+0x0000B880, Type: Inline - RelativeJump at address 0x804E2880 hook handler located in [ntoskrnl.exe]

ntoskrnl.exe+0x0000B8A0, Type: Inline - RelativeJump at address 0x804E28A0 hook handler located in [ntoskrnl.exe]

ntoskrnl.exe+0x0000BAAC, Type: Inline - RelativeJump at address 0x804E2AAC hook handler located in [ntoskrnl.exe]

ntoskrnl.exe+0x0000BAE4, Type: Inline - RelativeJump at address 0x804E2AE4 hook handler located in [ntoskrnl.exe]

ntoskrnl.exe+0x0000BB0C, Type: Inline - RelativeJump at address 0x804E2B0C hook handler located in [ntoskrnl.exe]

[1448]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification at address 0x01001268 hook handler located in [shimeng.dll]

!!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)

RkUnhooker report generator v0.7

==============================================

Rootkit Unhooker kernel version: 3.7.300.509

==============================================

Windows Major Version: 5

Windows Minor Version: 1

Windows Build Number: 2600

==============================================

>Drivers

Driver: C:\windows\system32\drivers\ALCXWDM.SYS

Address: 0xB98D6000

Size: 2281472 bytes

Driver: C:\windows\system32\ntoskrnl.exe

Address: 0x804D7000

Size: 2189952 bytes

Driver: PnpManager

Address: 0x804D7000

Size: 2189952 bytes

Driver: RAW

Address: 0x804D7000

Size: 2189952 bytes

Driver: WMIxWDM

Address: 0x804D7000

Size: 2189952 bytes

Driver: Win32k

Address: 0xBF800000

Size: 1855488 bytes

Driver: C:\windows\System32\win32k.sys

Address: 0xBF800000

Size: 1855488 bytes

Driver: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20101122.022\NAVEX15.SYS

Address: 0xB33DE000

Size: 1368064 bytes

Driver: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20101104.001\BHDrvx86.sys

Address: 0xB79A1000

Size: 704512 bytes

Driver: SYMEFA.SYS

Address: 0xF7B36000

Size: 692224 bytes

Driver: C:\windows\System32\DRIVERS\ltmdmnt.sys

Address: 0xB9B26000

Size: 610304 bytes

Driver: Ntfs.sys

Address: 0xBA773000

Size: 577536 bytes

Driver: C:\windows\system32\drivers\NIS\1201000.025\SRTSP.SYS

Address: 0xB352C000

Size: 528384 bytes

Driver: C:\windows\System32\Drivers\wdf01000.sys

Address: 0xB78FD000

Size: 507904 bytes

Driver: C:\windows\System32\DRIVERS\mrxsmb.sys

Address: 0xB7AC8000

Size: 458752 bytes

Driver: timntr.sys

Address: 0xBA6DB000

Size: 438272 bytes

Driver: C:\windows\System32\s3gnb.dll

Address: 0xBF012000

Size: 397312 bytes

Driver: C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

Address: 0xB7A6A000

Size: 385024 bytes

Driver: C:\windows\System32\DRIVERS\update.sys

Address: 0xB8FF5000

Size: 385024 bytes

Driver: C:\windows\system32\drivers\NIS\1201000.025\SYMTDI.SYS

Address: 0xB7D4B000

Size: 364544 bytes

Driver: C:\windows\System32\DRIVERS\tcpip.sys

Address: 0xB7DA4000

Size: 364544 bytes

Driver: tdrpman.sys

Address: 0xBA682000

Size: 364544 bytes

Driver: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20101122.004\IDSxpx86.sys

Address: 0xB2DE1000

Size: 360448 bytes

Driver: C:\windows\System32\DRIVERS\srv.sys

Address: 0xB3A20000

Size: 360448 bytes

Driver: SYMDS.SYS

Address: 0xF740E000

Size: 356352 bytes

Driver: C:\windows\System32\ATMFD.DLL

Address: 0xBFFA0000

Size: 286720 bytes

Driver: C:\windows\System32\Drivers\HTTP.sys

Address: 0xB3041000

Size: 266240 bytes

Driver: C:\windows\System32\drivers\truecrypt.sys

Address: 0xB7B86000

Size: 225280 bytes

Driver: ACPI.sys

Address: 0xF75A8000

Size: 188416 bytes

Driver: NDIS.sys

Address: 0xBA746000

Size: 184320 bytes

Driver: C:\windows\System32\DRIVERS\rdbss.sys

Address: 0xB7B38000

Size: 176128 bytes

Driver: C:\windows\System32\DRIVERS\s3gnbm.sys

Address: 0xB9BF3000

Size: 167936 bytes

Driver: C:\windows\System32\DRIVERS\netbt.sys

Address: 0xB7BDF000

Size: 163840 bytes

Driver: C:\windows\System32\DRIVERS\ipnat.sys

Address: 0xB7CFF000

Size: 155648 bytes

Driver: C:\windows\system32\Drivers\SYMEVENT.SYS

Address: 0xB7D25000

Size: 155648 bytes

Driver: C:\windows\System32\Drivers\Fastfat.SYS

Address: 0xB3ED8000

Size: 147456 bytes

Driver: C:\windows\system32\drivers\portcls.sys

Address: 0xB988C000

Size: 147456 bytes

Driver: C:\windows\System32\DRIVERS\USBPORT.SYS

Address: 0xB9BBB000

Size: 147456 bytes

Driver: fasttx2k.sys

Address: 0xF749D000

Size: 143360 bytes

Driver: C:\windows\system32\drivers\NIS\1201000.025\Ironx86.SYS

Address: 0xB7B63000

Size: 143360 bytes

Driver: C:\windows\System32\DRIVERS\ks.sys

Address: 0xB9B03000

Size: 143360 bytes

Driver: C:\windows\System32\drivers\afd.sys

Address: 0xB7BBD000

Size: 139264 bytes

Driver: ACPI_HAL

Address: 0x806EE000

Size: 131840 bytes

Driver: C:\windows\system32\hal.dll

Address: 0x806EE000

Size: 131840 bytes

Driver: fltmgr.sys

Address: 0xF7465000

Size: 131072 bytes

Driver: ftdisk.sys

Address: 0xF74D8000

Size: 126976 bytes

Driver: snapman.sys

Address: 0xBA664000

Size: 122880 bytes

Driver: C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

Address: 0xB7A4D000

Size: 118784 bytes

Driver: C:\windows\system32\DRIVERS\mcdbus.sys

Address: 0xB9053000

Size: 118784 bytes

Driver: Mup.sys

Address: 0xBA64A000

Size: 106496 bytes

Driver: atapi.sys

Address: 0xF74C0000

Size: 98304 bytes

Driver: C:\windows\System32\Drivers\dump_atapi.sys

Address: 0xB7845000

Size: 98304 bytes

Driver: C:\windows\System32\DRIVERS\SCSIPORT.SYS

Address: 0xF7485000

Size: 98304 bytes

Driver: KSecDD.sys

Address: 0xF7880000

Size: 94208 bytes

Driver: C:\windows\System32\DRIVERS\ndiswan.sys

Address: 0xB97C1000

Size: 94208 bytes

Driver: C:\windows\system32\drivers\wdmaud.sys

Address: 0xB36EB000

Size: 86016 bytes

Driver: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20101122.022\NAVENG.SYS

Address: 0xB33CA000

Size: 81920 bytes

Driver: C:\windows\System32\DRIVERS\parport.sys

Address: 0xB9878000

Size: 81920 bytes

Driver: C:\windows\System32\DRIVERS\VIDEOPRT.SYS

Address: 0xB9BDF000

Size: 81920 bytes

Driver: C:\windows\System32\DRIVERS\ipsec.sys

Address: 0xB7DFD000

Size: 77824 bytes

Driver: C:\windows\System32\drivers\dxg.sys

Address: 0xBF000000

Size: 73728 bytes

Driver: pci.sys

Address: 0xF7597000

Size: 69632 bytes

Driver: C:\windows\System32\DRIVERS\psched.sys

Address: 0xB97B0000

Size: 69632 bytes

Driver: C:\windows\System32\Drivers\Cdfs.SYS

Address: 0xF7577000

Size: 65536 bytes

Driver: C:\windows\System32\DRIVERS\cdrom.sys

Address: 0xF7517000

Size: 65536 bytes

Driver: C:\windows\System32\DRIVERS\serial.sys

Address: 0xBA592000

Size: 65536 bytes

Driver: C:\windows\system32\drivers\drmk.sys

Address: 0xF74F7000

Size: 61440 bytes

Driver: C:\windows\System32\DRIVERS\redbook.sys

Address: 0xF7507000

Size: 61440 bytes

Driver: C:\windows\system32\drivers\sysaudio.sys

Address: 0xB785D000

Size: 61440 bytes

Driver: C:\windows\system32\drivers\usbaudio.sys

Address: 0xB9858000

Size: 61440 bytes

Driver: C:\windows\System32\DRIVERS\usbhub.sys

Address: 0xF7697000

Size: 61440 bytes

Driver: C:\windows\system32\DRIVERS\xusb21.sys

Address: 0xF7567000

Size: 57344 bytes

Driver: C:\windows\System32\DRIVERS\CLASSPNP.SYS

Address: 0xF7637000

Size: 53248 bytes

Driver: C:\windows\System32\DRIVERS\i8042prt.sys

Address: 0xBA582000

Size: 53248 bytes

Driver: C:\windows\System32\DRIVERS\rasl2tp.sys

Address: 0xBA572000

Size: 53248 bytes

Driver: VolSnap.sys

Address: 0xF7617000

Size: 53248 bytes

Driver: C:\windows\system32\DRIVERS\WDFLDR.SYS

Address: 0xF7557000

Size: 53248 bytes

Driver: C:\windows\System32\DRIVERS\raspptp.sys

Address: 0xBA552000

Size: 49152 bytes

Driver: agp440.sys

Address: 0xF7657000

Size: 45056 bytes

Driver: C:\windows\system32\DRIVERS\fetnd5bv.sys

Address: 0xBA5A2000

Size: 45056 bytes

Driver: C:\windows\System32\Drivers\Fips.SYS

Address: 0xF76F7000

Size: 45056 bytes

Driver: C:\windows\System32\DRIVERS\imapi.sys

Address: 0xF7527000

Size: 45056 bytes

Driver: MountMgr.sys

Address: 0xF7607000

Size: 45056 bytes

Driver: C:\windows\System32\DRIVERS\raspppoe.sys

Address: 0xBA562000

Size: 45056 bytes

Driver: C:\windows\system32\drivers\NIS\1201000.025\SRTSPX.SYS

Address: 0xF76E7000

Size: 45056 bytes

Driver: C:\windows\System32\DRIVERS\amdk7.sys

Address: 0xF7537000

Size: 40960 bytes

Driver: isapnp.sys

Address: 0xF75F7000

Size: 40960 bytes

Driver: C:\windows\System32\Drivers\NDProxy.SYS

Address: 0xBA512000

Size: 40960 bytes

Driver: C:\windows\system32\DRIVERS\SymIM.sys

Address: 0xBA522000

Size: 40960 bytes

Driver: C:\windows\System32\DRIVERS\termdd.sys

Address: 0xBA532000

Size: 40960 bytes

Driver: C:\windows\system32\DRIVERS\tifsfilt.sys

Address: 0xB78ED000

Size: 40960 bytes

Driver: disk.sys

Address: 0xF7627000

Size: 36864 bytes

Driver: C:\windows\system32\DRIVERS\HIDCLASS.SYS

Address: 0xF7547000

Size: 36864 bytes

Driver: C:\windows\System32\DRIVERS\ipfltdrv.sys

Address: 0xB318A000

Size: 36864 bytes

Driver: C:\windows\System32\DRIVERS\msgpc.sys

Address: 0xBA542000

Size: 36864 bytes

Driver: C:\windows\System32\DRIVERS\netbios.sys

Address: 0xF76C7000

Size: 36864 bytes

Driver: SISAGPX.sys

Address: 0xF7647000

Size: 36864 bytes

Driver: C:\windows\System32\Drivers\Modem.SYS

Address: 0xF77C7000

Size: 32768 bytes

Driver: C:\windows\System32\Drivers\Npfs.SYS

Address: 0xF7747000

Size: 32768 bytes

Driver: C:\windows\System32\DRIVERS\usbccgp.sys

Address: 0xF776F000

Size: 32768 bytes

Driver: C:\windows\System32\DRIVERS\usbehci.sys

Address: 0xF77BF000

Size: 32768 bytes

Driver: C:\windows\System32\DRIVERS\fdc.sys

Address: 0xF77D7000

Size: 28672 bytes

Driver: C:\windows\system32\DRIVERS\HIDPARSE.SYS

Address: 0xF7767000

Size: 28672 bytes

Driver: C:\windows\System32\DRIVERS\PCIIDEX.SYS

Address: 0xF7707000

Size: 28672 bytes

Driver: C:\windows\System32\DRIVERS\USBSTOR.SYS

Address: 0xF7777000

Size: 28672 bytes

Driver: viaagp1.sys

Address: 0xF7717000

Size: 28672 bytes

Driver: C:\windows\System32\DRIVERS\kbdclass.sys

Address: 0xF77EF000

Size: 24576 bytes

Driver: C:\windows\System32\DRIVERS\mouclass.sys

Address: 0xF77DF000

Size: 24576 bytes

Driver: C:\windows\System32\DRIVERS\PS2.sys

Address: 0xF77E7000

Size: 24576 bytes

Driver: C:\windows\System32\Drivers\rkhdrv40.SYS

Address: 0xF779F000

Size: 24576 bytes

Driver: C:\windows\System32\DRIVERS\usbuhci.sys

Address: 0xF77CF000

Size: 24576 bytes

Driver: C:\windows\System32\drivers\vga.sys

Address: 0xF7737000

Size: 24576 bytes

Driver: C:\windows\System32\DRIVERS\flpydisk.sys

Address: 0xF7817000

Size: 20480 bytes

Driver: C:\windows\System32\Drivers\Msfs.SYS

Address: 0xF773F000

Size: 20480 bytes

Driver: nv_agp.sys

Address: 0xF771F000

Size: 20480 bytes

Driver: PartMgr.sys

Address: 0xF770F000

Size: 20480 bytes

Driver: C:\windows\System32\DRIVERS\ptilink.sys

Address: 0xF77FF000

Size: 20480 bytes

Driver: C:\windows\System32\DRIVERS\raspti.sys

Address: 0xF7807000

Size: 20480 bytes

Driver: C:\windows\System32\DRIVERS\TDI.SYS

Address: 0xF77F7000

Size: 20480 bytes

Driver: C:\windows\System32\DRIVERS\usbohci.sys

Address: 0xF77B7000

Size: 20480 bytes

Driver: C:\windows\System32\watchdog.sys

Address: 0xF7787000

Size: 20480 bytes

Driver: C:\windows\system32\drivers\mbam.sys

Address: 0xB781D000

Size: 16384 bytes

Driver: C:\windows\System32\DRIVERS\mssmbios.sys

Address: 0xBA506000

Size: 16384 bytes

Driver: C:\windows\System32\DRIVERS\serenum.sys

Address: 0xBA5BA000

Size: 16384 bytes

Driver: C:\windows\system32\BOOTVID.dll

Address: 0xF7897000

Size: 12288 bytes

Driver: C:\windows\System32\drivers\Dxapi.sys

Address: 0xB7EA7000

Size: 12288 bytes

Driver: C:\windows\system32\DRIVERS\hidusb.sys

Address: 0xB7F28000

Size: 12288 bytes

Driver: C:\windows\System32\DRIVERS\ndistapi.sys

Address: 0xBA5B6000

Size: 12288 bytes

Driver: C:\windows\System32\DRIVERS\srvkp.sys

Address: 0xB8FD5000

Size: 12288 bytes

Driver: C:\windows\System32\Drivers\Beep.SYS

Address: 0xF79B3000

Size: 8192 bytes

Driver: C:\windows\System32\Drivers\dump_WMILIB.SYS

Address: 0xF79B9000

Size: 8192 bytes

Driver: C:\windows\System32\Drivers\Fs_Rec.SYS

Address: 0xF79B1000

Size: 8192 bytes

Driver: C:\windows\system32\KDCOM.DLL

Address: 0xF7987000

Size: 8192 bytes

Driver: C:\windows\System32\Drivers\mnmdd.SYS

Address: 0xF79B5000

Size: 8192 bytes

Driver: C:\windows\System32\Drivers\ParVdm.SYS

Address: 0xF79C5000

Size: 8192 bytes

Driver: C:\windows\System32\DRIVERS\RDPCDD.sys

Address: 0xF79B7000

Size: 8192 bytes

Driver: C:\windows\System32\DRIVERS\swenum.sys

Address: 0xF79AD000

Size: 8192 bytes

Driver: C:\windows\System32\DRIVERS\USBD.SYS

Address: 0xF79AF000

Size: 8192 bytes

Driver: viaide.sys

Address: 0xF798B000

Size: 8192 bytes

Driver: C:\windows\System32\DRIVERS\WMILIB.SYS

Address: 0xF7989000

Size: 8192 bytes

Driver: C:\windows\System32\DRIVERS\audstub.sys

Address: 0xF7AB4000

Size: 4096 bytes

Driver: C:\windows\System32\drivers\dxgthk.sys

Address: 0xF7A7A000

Size: 4096 bytes

Driver: C:\windows\System32\Drivers\Null.SYS

Address: 0xB9DEF000

Size: 4096 bytes

==============================================

>Stealth

==============================================

>Files

Suspect File: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\BASH\BHREGISTRYINFO.DB-journal Status: Hidden

Suspect File: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\SymDS\Temp\sdmys_E931690641B79AB76BDEF98B Status: Hidden

==============================================

>Hooks

ntoskrnl.exe+0x00004AA2, Type: Inline - RelativeJump at address 0x804DBAA2 hook handler located in [ntoskrnl.exe]

ntoskrnl.exe+0x0000B704, Type: Inline - RelativeJump at address 0x804E2704 hook handler located in [ntoskrnl.exe]

ntoskrnl.exe+0x0000B788, Type: Inline - RelativeCall at address 0x804E2788 hook handler located in [unknown_code_page]

ntoskrnl.exe+0x0000B78D, Type: Inline - RelativeJump at address 0x804E278D hook handler located in [ntoskrnl.exe]

ntoskrnl.exe+0x0000B79C, Type: Inline - RelativeJump at address 0x804E279C hook handler located in [ntoskrnl.exe]

ntoskrnl.exe+0x0000B880, Type: Inline - RelativeJump at address 0x804E2880 hook handler located in [ntoskrnl.exe]

ntoskrnl.exe+0x0000B8A0, Type: Inline - RelativeJump at address 0x804E28A0 hook handler located in [ntoskrnl.exe]

ntoskrnl.exe+0x0000BAAC, Type: Inline - RelativeJump at address 0x804E2AAC hook handler located in [ntoskrnl.exe]

ntoskrnl.exe+0x0000BAE4, Type: Inline - RelativeJump at address 0x804E2AE4 hook handler located in [ntoskrnl.exe]

ntoskrnl.exe+0x0000BB0C, Type: Inline - RelativeJump at address 0x804E2B0C hook handler located in [ntoskrnl.exe]

[1448]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification at address 0x01001268 hook handler located in [shimeng.dll]

[kahdah]

No worries thanks for the logs.

• Download TDSSKiller and save it to your Desktop.
  
• Extract its contents to your desktop.
  
• Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  
• If an infected file is detected, the default action will be Cure, click on Continue.
  
• If a suspicious file is detected, the default action will be Skip, click on Continue.
  
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  
• If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  
• If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
  

[dr.]

No worries thanks for the logs.

• Download TDSSKiller and save it to your Desktop.
  
• Extract its contents to your desktop.
  
• Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  
• If an infected file is detected, the default action will be Cure, click on Continue.
  
• If a suspicious file is detected, the default action will be Skip, click on Continue.
  
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  
• If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  
• If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
  

The scan found nothing, but I used Sophos Anti-Rootkit and it found 6 hidden threats and I removed them, so maybe its fixed? Where my logs clean?

[kahdah]

Yes from what I saw there was nothing malicious.

Do you know what sophos removed?

Are you getting redirected etc...?

[dr.]

Yes from what I saw there was nothing malicious.

Do you know what sophos removed?

Are you getting redirected etc...?

IE8 Loads now but its still slow, Firefox seems normal now, Opera is acting normal

No, those where weird too, I would try to go to a site like gamestop and it would send me to a site with links to sites that are not even working.

Downside, start up seems weird now taskbar looks fudged glitches but finally goes back to normal.

But I'll be fine with it as-long as I'm free of people see me over a server or something around that.

[kahdah]

Let's dig a bit deeper.

Download ComboFix from one of these locations:

Link 1

Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  
• Double click on ComboFix.exe & follow the prompts.
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

=======================================

[dr.]

Let's dig a bit deeper.

Download ComboFix from one of these locations:

Link 1

Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  
• Double click on ComboFix.exe & follow the prompts.
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

=======================================

Thanks man, the 1st link isn't in english?

[kahdah]

Ok must have changed.

Try the second one.

[dr.]

Ok must have changed.

Try the second one.

[dr.]

ComboFix 10-11-22.05 - Owner 11/23/2010 6:58.1.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2031.1510 [GMT -6:00]

Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe

AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

c:\documents and settings\Owner\Application Data\inst.exe

D:\Autorun.inf

----- BITS: Possible infected sites -----

hxxp://www.hhdsoftware.com

.

((((((((((((((((((((((((( Files Created from 2010-10-23 to 2010-11-23 )))))))))))))))))))))))))))))))

.

2010-11-23 11:57 . 2010-11-23 11:57 6656 ----a-w- c:\windows\system32\AEE4AEB8.exe

2010-11-23 10:42 . 2010-11-23 10:42 -------- d-----w- c:\program files\Sophos

2010-11-23 01:32 . 2010-11-23 01:32 -------- d-----w- c:\documents and settings\Administrator

2010-11-23 00:29 . 2010-11-23 00:29 47360 ----a-w- c:\documents and settings\Owner\Application Data\pcouffin.sys

2010-11-22 07:32 . 2010-11-22 07:32 4096 ----a-w- c:\windows\system32\drivers\nocashio.sys

2010-11-22 06:40 . 2010-11-22 06:40 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\HHD Software

2010-11-22 06:32 . 2009-02-25 00:42 116736 ----a-w- c:\windows\system32\drivers\mcdbus.sys

2010-11-22 06:32 . 2010-11-22 06:32 -------- d-----w- c:\program files\MagicDisc

2010-11-22 01:28 . 2010-11-22 01:28 -------- d--h--w- c:\windows\PIF

2010-11-21 11:24 . 2010-11-21 11:24 3584 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe

2010-11-21 11:23 . 2010-11-21 11:23 -------- d-----w- c:\program files\Windows Installer Clean Up

2010-11-21 11:23 . 2010-11-21 11:23 -------- d-----w- c:\program files\MSECACHE

2010-11-21 11:20 . 2010-04-29 21:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-11-21 11:19 . 2010-11-21 11:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-11-21 11:19 . 2010-04-29 21:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-11-21 08:37 . 2010-11-21 08:37 -------- d-----w- c:\program files\YouTube Downloader

2010-11-21 08:11 . 2010-11-21 09:05 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\WMTools Downloaded Files

2010-11-20 21:07 . 2010-11-20 21:07 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Identities

2010-11-18 21:58 . 2007-07-20 06:57 267112 ----a-w- c:\windows\system32\xactengine2_9.dll

2010-11-18 21:54 . 2010-11-18 21:54 -------- d-----w- c:\windows\Logs

2010-11-18 05:53 . 2010-11-18 05:53 -------- d-----w- c:\documents and settings\Owner\Application Data\Auslogics

2010-11-18 05:49 . 2010-11-18 05:49 -------- d-----w- c:\program files\Auslogics

2010-11-18 05:08 . 2010-11-18 05:08 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Mozilla

2010-11-18 03:07 . 2010-11-18 03:07 -------- d-----w- c:\program files\Common Files\DirectX

2010-11-18 02:01 . 2010-11-18 02:03 -------- d-----w- c:\documents and settings\Owner\Application Data\Registry Mechanic

2010-11-17 23:57 . 2010-11-18 00:01 2576 ----a-w- c:\windows\system32\ASOROSet.bin

2010-11-17 23:57 . 2010-10-05 19:59 16184 ----a-w- c:\windows\system32\ROBoot.exe

2010-11-17 23:45 . 2010-11-21 10:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Systweak

2010-11-17 23:42 . 2010-11-21 10:31 -------- d-----w- c:\documents and settings\Owner\Application Data\Systweak

2010-11-17 21:09 . 2010-11-17 21:09 -------- d-----w- c:\program files\Microsoft Xbox 360 Accessories

2010-11-17 17:55 . 2010-11-17 17:55 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Threat Expert

2010-11-17 02:40 . 2010-11-17 02:40 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\WinZip

2010-11-17 02:39 . 2010-11-17 02:40 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip

2010-11-17 01:57 . 2010-11-17 01:57 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\DFX

2010-11-17 01:54 . 2010-11-17 01:55 -------- d-----w- c:\program files\DFX

2010-11-17 01:54 . 2010-11-17 01:54 -------- d-----w- c:\program files\Common Files\DFX

2010-11-17 01:52 . 2010-11-17 01:52 -------- d-----w- c:\documents and settings\All Users\Application Data\DFX

2010-11-16 17:41 . 2010-11-16 17:41 -------- d-sh--w- c:\documents and settings\Default User\IETldCache

2010-11-16 17:40 . 2010-11-16 17:40 -------- d-----w- c:\windows\system32\XPSViewer

2010-11-16 17:40 . 2010-11-16 17:40 -------- d-----w- c:\program files\MSBuild

2010-11-16 17:40 . 2010-11-16 17:40 -------- d-----w- c:\program files\Reference Assemblies

2010-11-16 17:39 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll

2010-11-16 17:39 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll

2010-11-16 17:39 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll

2010-11-16 17:39 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll

2010-11-16 17:39 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll

2010-11-16 17:39 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll

2010-11-16 17:39 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll

2010-11-16 17:39 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe

2010-11-16 17:39 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe

2010-11-16 17:39 . 2010-11-16 17:39 -------- d-----w- C:\c2abe63ea84c83266ac191

2010-11-16 16:32 . 2010-11-16 16:32 -------- d-----w- C:\0ac34ef71f547cdfb08e67

2010-11-16 16:32 . 2010-11-16 16:40 -------- d-----w- C:\56e44aa85a13a069f62108561b886a

2010-11-16 07:18 . 2010-07-22 01:27 43952 ----a-r- c:\windows\system32\drivers\SymIM.sys

2010-11-16 07:12 . 2010-11-16 07:12 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

2010-11-16 07:06 . 2010-11-23 13:12 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2010-11-16 05:56 . 2010-11-16 05:56 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes

2010-11-16 05:56 . 2010-11-16 05:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-11-16 05:19 . 2010-11-16 05:19 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Readon_Technology

2010-11-16 04:54 . 2010-11-16 04:54 -------- d-----w- c:\program files\Microsoft.NET

2010-11-16 04:28 . 2010-11-16 04:28 -------- d-----w- c:\windows\Sun

2010-11-15 23:37 . 2008-03-21 21:57 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll

2010-11-15 23:29 . 2010-11-15 23:29 -------- dc----w- c:\windows\system32\DRVSTORE

2010-11-15 23:29 . 2009-09-10 02:24 62424 ----a-w- c:\windows\system32\drivers\xusb21.sys

2010-11-15 23:29 . 2009-08-14 06:40 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll

2010-11-15 23:29 . 2007-04-05 00:53 81768 ----a-w- c:\windows\system32\xinput1_3.dll

2010-11-15 03:32 . 2010-11-15 03:32 -------- d-----w- c:\documents and settings\Owner\Application Data\Uniblue

2010-11-15 03:32 . 2010-11-18 05:36 -------- d-----w- c:\program files\Uniblue

2010-11-15 03:23 . 2010-11-15 03:23 -------- d-----w- c:\program files\PS3 Media Server

2010-11-15 01:18 . 2010-11-15 01:18 -------- d-----w- c:\program files\FreeTime

2010-11-13 08:15 . 2010-11-13 08:15 29184 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}\Icon21AE04E8.exe

2010-11-13 08:15 . 2010-11-13 08:15 -------- d-----w- c:\program files\mkv2vob

2010-11-13 07:04 . 2010-11-13 07:04 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Yahoo

2010-11-13 07:02 . 2010-11-16 05:35 -------- d-----w- c:\documents and settings\Owner\Application Data\Yahoo!

2010-11-13 07:01 . 2010-11-13 07:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!

2010-11-13 06:56 . 2010-11-16 07:41 -------- d-----w- c:\program files\Yahoo!

2010-11-13 02:19 . 2010-11-13 02:19 -------- d-----w- c:\documents and settings\All Users\Application Data\vsosdk

2010-11-12 23:46 . 2010-11-23 00:29 -------- d-----w- c:\documents and settings\Owner\Application Data\Vso

2010-11-12 23:45 . 2010-11-23 00:29 -------- d-----w- c:\program files\VSO

2010-11-12 22:49 . 2010-11-12 22:49 -------- d-----w- c:\documents and settings\Owner\Application Data\OpenOffice.org

2010-11-12 22:37 . 2010-11-12 22:37 -------- d-----w- c:\program files\JRE

2010-11-12 22:37 . 2010-11-12 22:37 -------- d-----w- c:\program files\OpenOffice.org 3

2010-11-12 18:02 . 2010-11-12 18:02 -------- d-----w- c:\documents and settings\Owner\Application Data\Tific

2010-11-12 18:01 . 2010-11-12 18:01 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Symantec

2010-11-12 17:47 . 2010-11-12 17:47 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL

2010-11-12 17:47 . 2010-11-12 17:47 126512 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2010-11-12 17:46 . 2010-11-12 17:46 -------- d-----w- c:\windows\system32\drivers\NIS

2010-11-12 17:46 . 2010-11-12 17:46 -------- d-----w- c:\program files\Norton Internet Security

2010-11-12 17:46 . 2010-11-12 17:46 -------- d-----w- c:\program files\Windows Sidebar

2010-11-12 17:46 . 2010-11-12 17:46 -------- d-----w- c:\program files\NortonInstaller

2010-11-12 17:35 . 2010-11-12 17:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton

2010-11-12 17:24 . 2010-11-23 06:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2010-11-12 17:24 . 2010-11-12 17:44 -------- d-----w- c:\program files\Spybot - Search & Destroy

2010-11-12 17:03 . 2010-11-12 17:03 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Adobe

2010-11-12 17:01 . 2010-11-12 17:01 -------- d-----w- c:\documents and settings\All Users\Application Data\TrueCrypt

2010-11-12 16:52 . 2010-11-12 17:09 -------- d-----w- c:\documents and settings\Owner\Application Data\TrueCrypt

2010-11-12 16:51 . 2010-11-12 16:51 231248 ----a-w- c:\windows\system32\drivers\truecrypt.sys

2010-11-12 16:51 . 2010-11-12 16:51 -------- d-----w- c:\program files\TrueCrypt

2010-11-12 06:51 . 2010-11-21 10:37 -------- d-----w- c:\documents and settings\Owner\Application Data\Media Player Classic

2010-11-12 06:16 . 2010-11-12 07:39 156672 ----a-w- c:\windows\system32\rmc_fixasf.exe

2010-11-12 06:16 . 2010-11-12 07:39 237568 ----a-w- c:\windows\system32\rmc_rtspdl.dll

2010-11-12 06:12 . 2010-11-12 06:12 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\mdnslib

2010-11-12 06:12 . 2010-11-12 18:20 -------- d-----w- c:\program files\Applian Director

2010-11-12 06:12 . 2010-11-12 06:12 -------- d-----w- c:\windows\Applian Director

2010-11-12 06:12 . 2010-11-12 06:28 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\FLVService

2010-11-12 06:12 . 2010-11-12 06:12 -------- d-----w- c:\windows\Replay Media Catcher

2010-11-12 05:41 . 2010-03-15 09:31 165376 ----a-w- c:\windows\system32\unrar.dll

2010-11-12 05:41 . 2006-10-18 18:05 232448 ----a-w- c:\windows\system32\mp3fhg.acm

2010-11-12 05:41 . 2010-06-08 16:10 790528 ----a-w- c:\windows\system32\xvidcore.dll

2010-11-12 05:41 . 2010-01-17 15:18 151552 ----a-w- c:\windows\system32\ac3acm.acm

2010-11-12 05:41 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll

2010-11-12 05:41 . 2010-10-18 08:00 108032 ----a-w- c:\windows\system32\ff_vfw.dll

2010-11-12 05:41 . 2010-06-08 16:10 134144 ----a-w- c:\windows\system32\xvidvfw.dll

2010-11-12 05:41 . 2010-11-12 05:42 -------- d-----w- c:\program files\K-Lite Codec Pack

2010-11-12 05:38 . 2010-11-12 05:38 -------- d-----w- c:\program files\Hoo Technologies

2010-11-12 04:11 . 2010-11-21 10:28 -------- d-----w- c:\program files\Tweak-XP

2010-11-12 04:10 . 2010-11-21 10:28 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

2010-11-12 03:26 . 2006-10-08 01:31 221184 ----a-w- c:\windows\system32\rspencr330.ocx

2010-11-12 03:26 . 2006-02-13 10:22 933888 ----a-w- c:\windows\system32\SmartTabs29.ocx

2010-11-12 03:21 . 2010-11-23 00:41 -------- d-----w- c:\program files\Lock My PC 4

2010-11-12 01:43 . 2010-11-12 01:43 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Symantec

2010-10-27 10:00 . 2010-10-27 10:00 -------- d-----w- c:\program files\MSXML 4.0

2010-10-26 17:26 . 2010-10-26 17:26 -------- d-----w- c:\documents and settings\Owner\Application Data\ImgBurn

2010-10-26 17:25 . 2010-10-26 17:25 -------- d-----w- c:\program files\ImgBurn

2010-10-26 17:20 . 2010-10-26 17:20 -------- d-----w- c:\documents and settings\All Users\Application Data\LightScribe

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-10-02 13:28 . 2010-10-02 13:28 44384 ----a-w- c:\windows\system32\drivers\tifsfilt.sys

2010-10-02 13:28 . 2010-10-02 13:28 441760 ----a-w- c:\windows\system32\drivers\timntr.sys

2010-10-02 13:27 . 2010-10-02 13:27 129248 ----a-w- c:\windows\system32\drivers\snapman.sys

2010-10-02 13:27 . 2010-10-02 13:27 368544 ----a-w- c:\windows\system32\drivers\tdrpman.sys

2010-10-02 11:56 . 2010-10-02 02:49 67630 ----a-w- c:\documents and settings\All Users\Application Data\bdinstall.bin

2010-09-18 19:23 . 2010-10-01 15:45 974848 ----a-w- c:\windows\system32\mfc42u.dll

2010-09-18 06:53 . 2010-10-01 15:44 974848 ----a-w- c:\windows\system32\mfc42.dll

2010-09-18 06:53 . 2010-10-01 15:44 953856 ----a-w- c:\windows\system32\mfc40u.dll

2010-09-18 06:53 . 2010-10-01 15:44 954368 ----a-w- c:\windows\system32\mfc40.dll

2010-09-10 05:58 . 2010-10-01 15:48 916480 ----a-w- c:\windows\system32\wininet.dll

2010-09-10 05:58 . 2010-10-01 15:44 43520 ----a-w- c:\windows\system32\licmgr10.dll

2010-09-10 05:58 . 2010-10-01 15:44 1469440 ------w- c:\windows\system32\inetcpl.cpl

2010-09-06 02:52 . 2010-09-06 02:52 73728 ----a-w- c:\windows\system\vdremote.dll

2010-09-06 02:51 . 2010-09-06 02:51 65536 ----a-w- c:\windows\system\vdsvrlnk.dll

2010-09-01 11:51 . 2010-10-01 15:42 285824 ----a-w- c:\windows\system32\atmfd.dll

2010-08-31 13:42 . 2010-10-01 15:48 1852800 ----a-w- c:\windows\system32\win32k.sys

2010-08-27 08:02 . 2010-10-01 15:47 119808 ----a-w- c:\windows\system32\t2embed.dll

2010-08-27 05:57 . 2010-10-01 15:47 99840 ----a-w- c:\windows\system32\srvsvc.dll

2010-08-26 13:39 . 2010-10-01 15:47 357248 ----a-w- c:\windows\system32\drivers\srv.sys

2010-08-26 12:52 . 2010-10-02 12:47 5120 ----a-w- c:\windows\system32\xpsp4res.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NVIEW"="nview.dll" [2003-05-03 835654]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-06 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]

"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-04-07 114688]

"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-12 61440]

"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]

"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-05-03 4640768]

"nwiz"="nwiz.exe" [2003-05-03 323584]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"S3TRAY2"="S3tray2.exe" [2003-02-25 69632]

"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 718688]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"ALUAlert"="c:\program files\Symantec\LiveUpdate\ALUNotify.exe" [2002-08-07 54936]

c:\documents and settings\Owner\Start Menu\Programs\Startup\

MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2010-11-22 576000]

c:\documents and settings\Default User\Start Menu\Programs\Startup\

mod_sm.lnk - c:\hp\bin\cloaker.exe [1999-11-7 27136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveTrack"= 0 (0x0)

"NoFileAssociate"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0sasnative32

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk

backup=c:\windows\pss\Quicken Scheduled Updates.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Opera\\opera.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\WINDOWS\\system32\\mmc.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1201000.025\SymDS.sys [11/12/2010 11:47 AM 339504]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1201000.025\SymEFA.sys [11/12/2010 11:47 AM 666672]

R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20101104.001\BHDrvx86.sys [11/3/2010 6:07 PM 691248]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1201000.025\Ironx86.sys [11/12/2010 11:47 AM 134704]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [11/21/2010 5:20 AM 304464]

R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe [11/12/2010 11:46 AM 126904]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [11/15/2010 8:16 PM 102448]

R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20101122.004\IDSXpx86.sys [11/22/2010 8:22 PM 341880]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11/21/2010 5:19 AM 20952]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 3:16 PM 130384]

S3 AEE4AEB8;AEE4AEB8;c:\windows\system32\AEE4AEB8.exe [11/23/2010 5:57 AM 6656]

S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\4E6.tmp --> c:\windows\system32\4E6.tmp [?]

S3 rkhdrv40;Rootkit Unhooker Driver; [x]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 3:16 PM 753504]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2007-08-24 00:34 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

Contents of the 'Scheduled Tasks' folder

2010-11-23 c:\windows\Tasks\Auslogics BoostSpeed Integrator Start On Windows Logon.job

- c:\program files\Auslogics\Auslogics BoostSpeed\boostspeed.exe [2010-11-18 18:27]

2010-11-23 c:\windows\Tasks\Symantec NetDetect.job

- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2003-07-26 23:04]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.ask.com?o=14597&l=dis

uDefault_Search_URL = hxxp://srch-qus9.hpwis.com/

mSearch Bar = hxxp://srch-qus9.hpwis.com/

uInternet Settings,ProxyOverride = localhost

DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\fzr1aavl.default\

FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn\components\coFFPlgn.dll

FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\components\IPSFFPl.dll

FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

.

------- File Associations -------

.

JSEFile=NOTEPAD.EXE %1

.

- - - - ORPHANS REMOVED - - - -

Notify-fsp_lmwl - (no file)

MSConfigStartUp-MSMSGS - c:\program files\Messenger\msmsgs.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-11-23 07:11

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIS]

"ImagePath"="\"c:\program files\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\18.1.0.37\diMaster.dll\" /prefetch:1"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]

"ImagePath"="\??\c:\windows\system32\4E6.tmp"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3992)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Common Files\Acronis\Schedule2\schedul2.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\program files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe

c:\windows\system32\wdfmgr.exe

c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe

c:\program files\Common Files\Symantec Shared\Security Center\SymWSC.exe

c:\windows\system32\S3tray2.exe

.

**************************************************************************

.

Completion time: 2010-11-23 07:17:12 - machine was rebooted

ComboFix-quarantined-files.txt 2010-11-23 13:17

Pre-Run: 52,460,675,072 bytes free

Post-Run: 52,438,798,336 bytes free

- - End Of File - - 7411EC96F8F0D0D14AF10A6823C5C751

[kahdah]

1. Open notepad and copy/paste the text in the codebox below into it:

http://forums.malwarebytes.org/index.php?showtopic=68353

Collect::
c:\windows\system32\AEE4AEB8.exe



Driver::
rkhdrv40
AEE4AEB8

2. Save the above as CFScript.txt

3. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

4. During this run Combofix will collect and automatically upload some sample files.

You will see it say Combofix needs to upload some samples.

If it fails to do that do the requested steps at the bottom of this post to manually upload the samples.

5. After reboot, (in case it asks to reboot), please post the following report/log into your next reply:

• Combofix.txt
  

===========

Note::

If Combofix fails to upload anything please do the following:

Go to Start > My Computer > C:\

Then Navigate to C:\Qoobox\Quarantine\[4]-Submit_Date_Time.zip

Click Here to upload the submit.zip please.

[dr.]

Upload failed

ComboFix 10-11-22.05 - Owner 11/23/2010 7:39.2.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2031.1503 [GMT -6:00]

Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt

AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

file zipped: c:\windows\system32\AEE4AEB8.exe

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\system32\AEE4AEB8.exe

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_RKHDRV40

-------\Service_AEE4AEB8

-------\Service_rkhdrv40

((((((((((((((((((((((((( Files Created from 2010-10-23 to 2010-11-23 )))))))))))))))))))))))))))))))

.

2010-11-23 10:42 . 2010-11-23 10:42 -------- d-----w- c:\program files\Sophos

2010-11-23 01:32 . 2010-11-23 01:32 -------- d-----w- c:\documents and settings\Administrator

2010-11-23 00:29 . 2010-11-23 00:29 47360 ----a-w- c:\documents and settings\Owner\Application Data\pcouffin.sys

2010-11-22 07:32 . 2010-11-22 07:32 4096 ----a-w- c:\windows\system32\drivers\nocashio.sys

2010-11-22 06:40 . 2010-11-22 06:40 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\HHD Software

2010-11-22 06:32 . 2009-02-25 00:42 116736 ----a-w- c:\windows\system32\drivers\mcdbus.sys

2010-11-22 06:32 . 2010-11-22 06:32 -------- d-----w- c:\program files\MagicDisc

2010-11-22 01:28 . 2010-11-22 01:28 -------- d--h--w- c:\windows\PIF

2010-11-21 11:24 . 2010-11-21 11:24 3584 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe

2010-11-21 11:23 . 2010-11-21 11:23 -------- d-----w- c:\program files\Windows Installer Clean Up

2010-11-21 11:23 . 2010-11-21 11:23 -------- d-----w- c:\program files\MSECACHE

2010-11-21 11:20 . 2010-04-29 21:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-11-21 11:19 . 2010-11-21 11:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-11-21 11:19 . 2010-04-29 21:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-11-21 08:37 . 2010-11-21 08:37 -------- d-----w- c:\program files\YouTube Downloader

2010-11-21 08:11 . 2010-11-21 09:05 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\WMTools Downloaded Files

2010-11-20 21:07 . 2010-11-20 21:07 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Identities

2010-11-18 21:58 . 2007-07-20 06:57 267112 ----a-w- c:\windows\system32\xactengine2_9.dll

2010-11-18 21:54 . 2010-11-18 21:54 -------- d-----w- c:\windows\Logs

2010-11-18 05:53 . 2010-11-18 05:53 -------- d-----w- c:\documents and settings\Owner\Application Data\Auslogics

2010-11-18 05:49 . 2010-11-18 05:49 -------- d-----w- c:\program files\Auslogics

2010-11-18 05:08 . 2010-11-18 05:08 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Mozilla

2010-11-18 03:07 . 2010-11-18 03:07 -------- d-----w- c:\program files\Common Files\DirectX

2010-11-18 02:01 . 2010-11-18 02:03 -------- d-----w- c:\documents and settings\Owner\Application Data\Registry Mechanic

2010-11-17 23:57 . 2010-11-18 00:01 2576 ----a-w- c:\windows\system32\ASOROSet.bin

2010-11-17 23:57 . 2010-10-05 19:59 16184 ----a-w- c:\windows\system32\ROBoot.exe

2010-11-17 23:45 . 2010-11-21 10:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Systweak

2010-11-17 23:42 . 2010-11-21 10:31 -------- d-----w- c:\documents and settings\Owner\Application Data\Systweak

2010-11-17 21:09 . 2010-11-17 21:09 -------- d-----w- c:\program files\Microsoft Xbox 360 Accessories

2010-11-17 17:55 . 2010-11-17 17:55 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Threat Expert

2010-11-17 02:40 . 2010-11-17 02:40 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\WinZip

2010-11-17 02:39 . 2010-11-17 02:40 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip

2010-11-17 01:57 . 2010-11-17 01:57 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\DFX

2010-11-17 01:54 . 2010-11-17 01:55 -------- d-----w- c:\program files\DFX

2010-11-17 01:54 . 2010-11-17 01:54 -------- d-----w- c:\program files\Common Files\DFX

2010-11-17 01:52 . 2010-11-17 01:52 -------- d-----w- c:\documents and settings\All Users\Application Data\DFX

2010-11-16 17:41 . 2010-11-16 17:41 -------- d-sh--w- c:\documents and settings\Default User\IETldCache

2010-11-16 17:40 . 2010-11-16 17:40 -------- d-----w- c:\windows\system32\XPSViewer

2010-11-16 17:40 . 2010-11-16 17:40 -------- d-----w- c:\program files\MSBuild

2010-11-16 17:40 . 2010-11-16 17:40 -------- d-----w- c:\program files\Reference Assemblies

2010-11-16 17:39 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll

2010-11-16 17:39 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll

2010-11-16 17:39 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll

2010-11-16 17:39 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll

2010-11-16 17:39 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll

2010-11-16 17:39 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll

2010-11-16 17:39 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll

2010-11-16 17:39 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe

2010-11-16 17:39 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe

2010-11-16 17:39 . 2010-11-16 17:39 -------- d-----w- C:\c2abe63ea84c83266ac191

2010-11-16 16:32 . 2010-11-16 16:32 -------- d-----w- C:\0ac34ef71f547cdfb08e67

2010-11-16 16:32 . 2010-11-16 16:40 -------- d-----w- C:\56e44aa85a13a069f62108561b886a

2010-11-16 07:18 . 2010-07-22 01:27 43952 ----a-r- c:\windows\system32\drivers\SymIM.sys

2010-11-16 07:12 . 2010-11-16 07:12 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

2010-11-16 07:06 . 2010-11-23 14:03 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2010-11-16 05:56 . 2010-11-16 05:56 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes

2010-11-16 05:56 . 2010-11-16 05:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-11-16 05:19 . 2010-11-16 05:19 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Readon_Technology

2010-11-16 04:54 . 2010-11-16 04:54 -------- d-----w- c:\program files\Microsoft.NET

2010-11-16 04:28 . 2010-11-16 04:28 -------- d-----w- c:\windows\Sun

2010-11-15 23:37 . 2008-03-21 21:57 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll

2010-11-15 23:29 . 2010-11-15 23:29 -------- dc----w- c:\windows\system32\DRVSTORE

2010-11-15 23:29 . 2009-09-10 02:24 62424 ----a-w- c:\windows\system32\drivers\xusb21.sys

2010-11-15 23:29 . 2009-08-14 06:40 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll

2010-11-15 23:29 . 2007-04-05 00:53 81768 ----a-w- c:\windows\system32\xinput1_3.dll

2010-11-15 03:32 . 2010-11-15 03:32 -------- d-----w- c:\documents and settings\Owner\Application Data\Uniblue

2010-11-15 03:32 . 2010-11-18 05:36 -------- d-----w- c:\program files\Uniblue

2010-11-15 03:23 . 2010-11-15 03:23 -------- d-----w- c:\program files\PS3 Media Server

2010-11-15 01:18 . 2010-11-15 01:18 -------- d-----w- c:\program files\FreeTime

2010-11-13 08:15 . 2010-11-13 08:15 29184 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}\Icon21AE04E8.exe

2010-11-13 08:15 . 2010-11-13 08:15 -------- d-----w- c:\program files\mkv2vob

2010-11-13 07:04 . 2010-11-13 07:04 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Yahoo

2010-11-13 07:02 . 2010-11-16 05:35 -------- d-----w- c:\documents and settings\Owner\Application Data\Yahoo!

2010-11-13 07:01 . 2010-11-13 07:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!

2010-11-13 06:56 . 2010-11-16 07:41 -------- d-----w- c:\program files\Yahoo!

2010-11-13 02:19 . 2010-11-13 02:19 -------- d-----w- c:\documents and settings\All Users\Application Data\vsosdk

2010-11-12 23:46 . 2010-11-23 00:29 -------- d-----w- c:\documents and settings\Owner\Application Data\Vso

2010-11-12 23:45 . 2010-11-23 00:29 -------- d-----w- c:\program files\VSO

2010-11-12 22:49 . 2010-11-12 22:49 -------- d-----w- c:\documents and settings\Owner\Application Data\OpenOffice.org

2010-11-12 22:37 . 2010-11-12 22:37 -------- d-----w- c:\program files\JRE

2010-11-12 22:37 . 2010-11-12 22:37 -------- d-----w- c:\program files\OpenOffice.org 3

2010-11-12 18:02 . 2010-11-12 18:02 -------- d-----w- c:\documents and settings\Owner\Application Data\Tific

2010-11-12 18:01 . 2010-11-12 18:01 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Symantec

2010-11-12 17:47 . 2010-11-12 17:47 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL

2010-11-12 17:47 . 2010-11-12 17:47 126512 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2010-11-12 17:46 . 2010-11-12 17:46 -------- d-----w- c:\windows\system32\drivers\NIS

2010-11-12 17:46 . 2010-11-12 17:46 -------- d-----w- c:\program files\Norton Internet Security

2010-11-12 17:46 . 2010-11-12 17:46 -------- d-----w- c:\program files\Windows Sidebar

2010-11-12 17:46 . 2010-11-12 17:46 -------- d-----w- c:\program files\NortonInstaller

2010-11-12 17:35 . 2010-11-12 17:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton

2010-11-12 17:24 . 2010-11-23 06:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2010-11-12 17:24 . 2010-11-12 17:44 -------- d-----w- c:\program files\Spybot - Search & Destroy

2010-11-12 17:03 . 2010-11-12 17:03 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Adobe

2010-11-12 17:01 . 2010-11-12 17:01 -------- d-----w- c:\documents and settings\All Users\Application Data\TrueCrypt

2010-11-12 16:52 . 2010-11-12 17:09 -------- d-----w- c:\documents and settings\Owner\Application Data\TrueCrypt

2010-11-12 16:51 . 2010-11-12 16:51 231248 ----a-w- c:\windows\system32\drivers\truecrypt.sys

2010-11-12 16:51 . 2010-11-12 16:51 -------- d-----w- c:\program files\TrueCrypt

2010-11-12 06:51 . 2010-11-21 10:37 -------- d-----w- c:\documents and settings\Owner\Application Data\Media Player Classic

2010-11-12 06:16 . 2010-11-12 07:39 156672 ----a-w- c:\windows\system32\rmc_fixasf.exe

2010-11-12 06:16 . 2010-11-12 07:39 237568 ----a-w- c:\windows\system32\rmc_rtspdl.dll

2010-11-12 06:12 . 2010-11-12 06:12 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\mdnslib

2010-11-12 06:12 . 2010-11-12 18:20 -------- d-----w- c:\program files\Applian Director

2010-11-12 06:12 . 2010-11-12 06:12 -------- d-----w- c:\windows\Applian Director

2010-11-12 06:12 . 2010-11-12 06:28 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\FLVService

2010-11-12 06:12 . 2010-11-12 06:12 -------- d-----w- c:\windows\Replay Media Catcher

2010-11-12 05:41 . 2010-03-15 09:31 165376 ----a-w- c:\windows\system32\unrar.dll

2010-11-12 05:41 . 2006-10-18 18:05 232448 ----a-w- c:\windows\system32\mp3fhg.acm

2010-11-12 05:41 . 2010-06-08 16:10 790528 ----a-w- c:\windows\system32\xvidcore.dll

2010-11-12 05:41 . 2010-01-17 15:18 151552 ----a-w- c:\windows\system32\ac3acm.acm

2010-11-12 05:41 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll

2010-11-12 05:41 . 2010-10-18 08:00 108032 ----a-w- c:\windows\system32\ff_vfw.dll

2010-11-12 05:41 . 2010-06-08 16:10 134144 ----a-w- c:\windows\system32\xvidvfw.dll

2010-11-12 05:41 . 2010-11-12 05:42 -------- d-----w- c:\program files\K-Lite Codec Pack

2010-11-12 05:38 . 2010-11-12 05:38 -------- d-----w- c:\program files\Hoo Technologies

2010-11-12 04:11 . 2010-11-21 10:28 -------- d-----w- c:\program files\Tweak-XP

2010-11-12 04:10 . 2010-11-21 10:28 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

2010-11-12 03:26 . 2006-10-08 01:31 221184 ----a-w- c:\windows\system32\rspencr330.ocx

2010-11-12 03:26 . 2006-02-13 10:22 933888 ----a-w- c:\windows\system32\SmartTabs29.ocx

2010-11-12 03:21 . 2010-11-23 00:41 -------- d-----w- c:\program files\Lock My PC 4

2010-11-12 01:43 . 2010-11-12 01:43 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Symantec

2010-10-27 10:00 . 2010-10-27 10:00 -------- d-----w- c:\program files\MSXML 4.0

2010-10-26 17:26 . 2010-10-26 17:26 -------- d-----w- c:\documents and settings\Owner\Application Data\ImgBurn

2010-10-26 17:25 . 2010-10-26 17:25 -------- d-----w- c:\program files\ImgBurn

2010-10-26 17:20 . 2010-10-26 17:20 -------- d-----w- c:\documents and settings\All Users\Application Data\LightScribe

2010-10-26 17:18 . 2010-10-26 17:18 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Ahead

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-10-02 13:28 . 2010-10-02 13:28 44384 ----a-w- c:\windows\system32\drivers\tifsfilt.sys

2010-10-02 13:28 . 2010-10-02 13:28 441760 ----a-w- c:\windows\system32\drivers\timntr.sys

2010-10-02 13:27 . 2010-10-02 13:27 129248 ----a-w- c:\windows\system32\drivers\snapman.sys

2010-10-02 13:27 . 2010-10-02 13:27 368544 ----a-w- c:\windows\system32\drivers\tdrpman.sys

2010-10-02 11:56 . 2010-10-02 02:49 67630 ----a-w- c:\documents and settings\All Users\Application Data\bdinstall.bin

2010-09-18 19:23 . 2010-10-01 15:45 974848 ----a-w- c:\windows\system32\mfc42u.dll

2010-09-18 06:53 . 2010-10-01 15:44 974848 ----a-w- c:\windows\system32\mfc42.dll

2010-09-18 06:53 . 2010-10-01 15:44 953856 ----a-w- c:\windows\system32\mfc40u.dll

2010-09-18 06:53 . 2010-10-01 15:44 954368 ----a-w- c:\windows\system32\mfc40.dll

2010-09-10 05:58 . 2010-10-01 15:48 916480 ----a-w- c:\windows\system32\wininet.dll

2010-09-10 05:58 . 2010-10-01 15:44 43520 ----a-w- c:\windows\system32\licmgr10.dll

2010-09-10 05:58 . 2010-10-01 15:44 1469440 ------w- c:\windows\system32\inetcpl.cpl

2010-09-06 02:52 . 2010-09-06 02:52 73728 ----a-w- c:\windows\system\vdremote.dll

2010-09-06 02:51 . 2010-09-06 02:51 65536 ----a-w- c:\windows\system\vdsvrlnk.dll

2010-09-01 11:51 . 2010-10-01 15:42 285824 ----a-w- c:\windows\system32\atmfd.dll

2010-08-31 13:42 . 2010-10-01 15:48 1852800 ----a-w- c:\windows\system32\win32k.sys

2010-08-27 08:02 . 2010-10-01 15:47 119808 ----a-w- c:\windows\system32\t2embed.dll

2010-08-27 05:57 . 2010-10-01 15:47 99840 ----a-w- c:\windows\system32\srvsvc.dll

2010-08-26 13:39 . 2010-10-01 15:47 357248 ----a-w- c:\windows\system32\drivers\srv.sys

2010-08-26 12:52 . 2010-10-02 12:47 5120 ----a-w- c:\windows\system32\xpsp4res.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NVIEW"="nview.dll" [2003-05-03 835654]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-06 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]

"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-04-07 114688]

"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-12 61440]

"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]

"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-05-03 4640768]

"nwiz"="nwiz.exe" [2003-05-03 323584]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"S3TRAY2"="S3tray2.exe" [2003-02-25 69632]

"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 718688]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"ALUAlert"="c:\program files\Symantec\LiveUpdate\ALUNotify.exe" [2002-08-07 54936]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\

mod_sm.lnk - c:\hp\bin\cloaker.exe [1999-11-7 27136]

c:\documents and settings\Default User\Start Menu\Programs\Startup\

mod_sm.lnk - c:\hp\bin\cloaker.exe [1999-11-7 27136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveTrack"= 0 (0x0)

"NoFileAssociate"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0sasnative32

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk

backup=c:\windows\pss\Quicken Scheduled Updates.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Opera\\opera.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\WINDOWS\\system32\\mmc.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1201000.025\SymDS.sys [11/12/2010 11:47 AM 339504]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1201000.025\SymEFA.sys [11/12/2010 11:47 AM 666672]

R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20101104.001\BHDrvx86.sys [11/3/2010 6:07 PM 691248]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1201000.025\Ironx86.sys [11/12/2010 11:47 AM 134704]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [11/15/2010 8:16 PM 102448]

R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20101122.004\IDSXpx86.sys [11/22/2010 8:22 PM 341880]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11/21/2010 5:19 AM 20952]

S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\4E6.tmp --> c:\windows\system32\4E6.tmp [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2007-08-24 00:34 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

Contents of the 'Scheduled Tasks' folder

2010-11-23 c:\windows\Tasks\Auslogics BoostSpeed Integrator Start On Windows Logon.job

- c:\program files\Auslogics\Auslogics BoostSpeed\boostspeed.exe [2010-11-18 18:27]

2010-11-23 c:\windows\Tasks\Symantec NetDetect.job

- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2003-07-26 23:04]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.ask.com?o=14597&l=dis

uDefault_Search_URL = hxxp://srch-qus9.hpwis.com/

mSearch Bar = hxxp://srch-qus9.hpwis.com/

uInternet Settings,ProxyOverride = localhost

DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\fzr1aavl.default\

FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn\components\coFFPlgn.dll

FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\components\IPSFFPl.dll

FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-11-23 08:03

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIS]

"ImagePath"="\"c:\program files\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\18.1.0.37\diMaster.dll\" /prefetch:1"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]

"ImagePath"="\??\c:\windows\system32\4E6.tmp"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3132)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Common Files\Acronis\Schedule2\schedul2.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe

c:\program files\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe

c:\program files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe

c:\windows\system32\wdfmgr.exe

c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe

c:\program files\Common Files\Symantec Shared\Security Center\SymWSC.exe

c:\program files\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe

c:\windows\system32\S3tray2.exe

.

**************************************************************************

.

Completion time: 2010-11-23 08:08:27 - machine was rebooted

ComboFix-quarantined-files.txt 2010-11-23 14:08

ComboFix2.txt 2010-11-23 13:17

Pre-Run: 52,435,427,328 bytes free

Post-Run: 52,425,891,840 bytes free

- - End Of File - - 1A8005C1E40D3145A0F4747B53A5E451

[dr.]

http://www.bleepingcomputer.com/pf.php

Your file was successfully submitted. Please let the user helping you know that you have submitted the file.

[dr.]

I having trouble restarting my computer, I have to unplug the power cord for it to boot up.

[dr.]

Did I do something wrong?

[kahdah]

So shutting the system down it hangs?

[dr.]

Yes, and I removed comboFIX thinking maybe it was still doing something, but nevertheless it takes 2 trys to get the computer to start

[kahdah]

Ok that simply means something is ignoring the shutdown/kill signal.

Do you get any end now prompts?

Please redownload Combofix and do the following.

Goto start then run then type in Combofix /uninstall then hit ok.

This will properly uninstall Combofix.

Then reboot and see if the problem persists.