Issues With Facebook ...[INACTIVE]

[JoshLyman]

hey been having a problem with FB and BT himself said i should post some logs in here to see if i was infected ...

MBAM said was clean since problem started.

Rooter.exe (v1.0.2) by Eric_71

.

SeDebugPrivilege granted successfully ...

.

Windows Vista . (6.0.6001) Service Pack 1

[32_bits] - x86 Family 6 Model 15 Stepping 13, GenuineIntel

.

[wscsvc] (Security Center) RUNNING (state:4)

[MpsSvc] RUNNING (state:4)

Windows Firewall -> Enabled

Windows Defender -> Enabled

User Account Control (UAC) -> Disabled !

.

Internet Explorer 7.0.6001.18000

Mozilla Firefox 3.5.1 (en-GB)

.

C:\ [Fixed-NTFS] .. ( Total:138 Go - Free:50 Go )

D:\ [Fixed-NTFS] .. ( Total:149 Go - Free:148 Go )

E:\ [Fixed-NTFS] .. ( Total:9 Go - Free:6 Go )

F:\ [CD_Rom]

.

Scan : 00:24.35

Path : C:\Users\Big Si\Downloads\Rooter.exe

User : Big Si ( Administrator -> YES )

.

----------------------\\ Processes

.

Locked [system Process] (0)

Locked System (4)

______ \SystemRoot\System32\smss.exe (464)

______ C:\Windows\system32\csrss.exe (532)

______ C:\Windows\system32\wininit.exe (576)

______ C:\Windows\system32\csrss.exe (588)

______ C:\Windows\system32\winlogon.exe (648)

______ C:\Windows\system32\services.exe (668)

______ C:\Windows\system32\lsass.exe (680)

______ C:\Windows\system32\lsm.exe (692)

______ C:\Windows\system32\svchost.exe (912)

______ C:\Windows\system32\svchost.exe (980)

______ ?? (1028)

______ C:\Windows\system32\svchost.exe (1148)

______ C:\Windows\System32\svchost.exe (1168)

______ C:\Windows\System32\svchost.exe (1228)

______ C:\Windows\System32\svchost.exe (1276)

______ C:\Windows\system32\svchost.exe (1320)

Locked audiodg.exe (1432)

______ C:\Windows\system32\svchost.exe (1532)

______ C:\Windows\system32\SLsvc.exe (1596)

______ C:\Windows\system32\svchost.exe (1652)

______ C:\Windows\System32\spoolsv.exe (2040)

______ C:\Windows\system32\svchost.exe (260)

______ C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe (1240)

______ C:\Windows\system32\svchost.exe (1868)

______ C:\PROGRA~1\AVG\AVG8\avgrsx.exe (920)

______ C:\Program Files\Spyware Doctor\pctsAuxs.exe (2224)

______ C:\Program Files\Spyware Doctor\pctsSvc.exe (2256)

______ C:\Windows\system32\svchost.exe (2308)

______ C:\Windows\System32\svchost.exe (2340)

______ C:\Windows\system32\SearchIndexer.exe (2392)

______ C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (2640)

______ C:\Windows\system32\taskeng.exe (3700)

______ C:\Windows\system32\Dwm.exe (3820)

______ C:\Windows\Explorer.EXE (3860)

______ C:\Windows\RtHDVCpl.exe (3144)

______ C:\Program Files\Common Files\Real\Update_OB\realsched.exe (3196)

______ C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (3204)

______ C:\Program Files\AVG\AVG8\avgtray.exe (3228)

______ C:\Windows\System32\hkcmd.exe (848)

______ C:\Windows\System32\igfxpers.exe (2416)

______ C:\Windows\system32\igfxsrvc.exe (1612)

______ ?? (3636)

______ C:\Program Files\Java\jre6\bin\jusched.exe (948)

______ C:\Program Files\Spyware Doctor\pctsTray.exe (1312)

______ C:\Users\Big Si\AppData\Local\Google\Update\GoogleUpdate.exe (4012)

______ C:\Program Files\Windows Media Player\wmpnscfg.exe (3724)

______ C:\Windows\system32\wbem\unsecapp.exe (1156)

______ C:\Windows\system32\wbem\wmiprvse.exe (1604)

______ C:\Program Files\Windows Media Player\wmpnetwk.exe (2676)

______ C:\Windows\System32\mobsync.exe (4072)

______ C:\Program Files\Mozilla Firefox\firefox.exe (2632)

______ C:\Windows\system32\wuauclt.exe (2604)

______ C:\Windows\system32\cmd.exe (3628)

______ C:\Windows\system32\svchost.exe (2488)

______ C:\Windows\system32\SearchProtocolHost.exe (2512)

______ C:\Windows\system32\SearchFilterHost.exe (2932)

______ C:\Users\Big Si\Downloads\Rooter.exe (1184)

.

----------------------\\ Device\Harddisk0\

.

\Device\Harddisk0 [sectors : 63 x 512 Bytes]

.

\Device\Harddisk0\Partition1 (Start_Offset:32256 | Length:49319424)

\Device\Harddisk0\Partition2 (Start_Offset:50331648 | Length:10737418240)

\Device\Harddisk0\Partition3 --[ MBR ]-- (Start_Offset:10787749888 | Length:149210267648)

.

----------------------\\ Scheduled Tasks

.

C:\Windows\Tasks\desktop.ini

C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-505280420-2691023175-4179455115-1000.job

C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-505280420-2691023175-4179455115-1000Core.job

C:\Windows\Tasks\Norton Security Scan for Big Si.job

C:\Windows\Tasks\SA.DAT

C:\Windows\Tasks\SCHEDLGU.TXT

C:\Windows\Tasks\User_Feed_Synchronization-{E2CE5761-1AA0-474D-B0F4-3BA691DE2C0E}.job

.

----------------------\\ Registry

.

.

----------------------\\ Files & Folders

.

----------------------\\ Scan completed at 00:25.11

.

C:\Rooter$\Rooter_1.txt - (25/07/2009 | 00:25.11)

ROOTREPEAL © AD, 2007-2009

==================================================

Scan Start Time: 2009/07/25 00:34

Program Version: Version 1.3.2.0

Windows Version: Windows Vista SP1

==================================================

SSDT

-------------------

#: 000 Function Name: NtAcceptConnectPort

Status: Not hooked

#: 001 Function Name: NtAccessCheck

Status: Not hooked

#: 002 Function Name: NtAccessCheckAndAuditAlarm

Status: Not hooked

#: 003 Function Name: NtAccessCheckByType

Status: Not hooked

#: 004 Function Name: NtAccessCheckByTypeAndAuditAlarm

Status: Not hooked

#: 005 Function Name: NtAccessCheckByTypeResultList

Status: Not hooked

#: 006 Function Name: NtAccessCheckByTypeResultListAndAuditAlarm

Status: Not hooked

#: 007 Function Name: NtAccessCheckByTypeResultListAndAuditAlarmByHandle

Status: Not hooked

#: 008 Function Name: NtAddAtom

Status: Not hooked

#: 009 Function Name: NtAddBootEntry

Status: Not hooked

#: 010 Function Name: NtAddDriverEntry

Status: Not hooked

#: 011 Function Name: NtAdjustGroupsToken

Status: Not hooked

#: 012 Function Name: NtAdjustPrivilegesToken

Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8bd82472

#: 013 Function Name: NtAlertResumeThread

Status: Not hooked

#: 014 Function Name: NtAlertThread

Status: Not hooked

#: 015 Function Name: NtAllocateLocallyUniqueId

Status: Not hooked

#: 016 Function Name: NtAllocateUserPhysicalPages

Status: Not hooked

#: 017 Function Name: NtAllocateUuids

Status: Not hooked

#: 018 Function Name: NtAllocateVirtualMemory

Status: Not hooked

#: 019 Function Name: NtAlpcAcceptConnectPort

Status: Not hooked

#: 020 Function Name: NtAlpcCancelMessage

Status: Not hooked

#: 021 Function Name: NtAlpcConnectPort

Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8bd83340

#: 022 Function Name: NtAlpcCreatePort

Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8bd828a6

#: 023 Function Name: NtAlpcCreatePortSection

Status: Not hooked

#: 024 Function Name: NtAlpcCreateResourceReserve

Status: Not hooked

#: 025 Function Name: NtAlpcCreateSectionView

Status: Not hooked

#: 026 Function Name: NtAlpcCreateSecurityContext

Status: Not hooked

#: 027 Function Name: NtAlpcDeletePortSection

Status: Not hooked

#: 028 Function Name: NtAlpcDeleteResourceReserve

Status: Not hooked

#: 029 Function Name: NtAlpcDeleteSectionView

Status: Not hooked

#: 030 Function Name: NtAlpcDeleteSecurityContext

Status: Not hooked

#: 031 Function Name: NtAlpcDisconnectPort

Status: Not hooked

#: 032 Function Name: NtAlpcImpersonateClientOfPort

Status: Not hooked

#: 033 Function Name: NtAlpcOpenSenderProcess

Status: Not hooked

#: 034 Function Name: NtAlpcOpenSenderThread

Status: Not hooked

#: 035 Function Name: NtAlpcQueryInformation

Status: Not hooked

#: 036 Function Name: NtAlpcQueryInformationMessage

Status: Not hooked

#: 037 Function Name: NtAlpcRevokeSecurityContext

Status: Not hooked

#: 038 Function Name: NtAlpcSendWaitReceivePort

Status: Not hooked

#: 039 Function Name: NtAlpcSetInformation

Status: Not hooked

#: 040 Function Name: NtApphelpCacheControl

Status: Not hooked

#: 041 Function Name: NtAreMappedFilesTheSame

Status: Not hooked

#: 042 Function Name: NtAssignProcessToJobObject

Status: Hooked by "C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys" at address 0x8c642cd6

#: 043 Function Name: NtCallbackReturn

Status: Not hooked

#: 044 Function Name: NtRequestDeviceWakeup

Status: Not hooked

#: 045 Function Name: NtCancelIoFile

Status: Not hooked

#: 046 Function Name: NtCancelTimer

Status: Not hooked

#: 047 Function Name: NtClearEvent

Status: Not hooked

#: 048 Function Name: NtClose

Status: Not hooked

#: 049 Function Name: NtCloseObjectAuditAlarm

Status: Not hooked

#: 050 Function Name: NtCompactKeys

Status: Not hooked

#: 051 Function Name: NtCompareTokens

Status: Not hooked

#: 052 Function Name: NtCompleteConnectPort

Status: Not hooked

#: 053 Function Name: NtCompressKey

Status: Not hooked

#: 054 Function Name: NtConnectPort

Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8bd817ea

#: 055 Function Name: NtContinue

Status: Not hooked

#: 056 Function Name: NtCreateDebugObject

Status: Not hooked

#: 057 Function Name: NtCreateDirectoryObject

Status: Not hooked

#: 058 Function Name: NtCreateEvent

Status: Not hooked

#: 059 Function Name: NtCreateEventPair

Status: Not hooked

#: 060 Function Name: NtCreateFile

Status: Hooked by "C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys" at address 0x8c64338c

#: 061 Function Name: NtCreateIoCompletion

Status: Not hooked

#: 062 Function Name: NtCreateJobObject

Status: Not hooked

#: 063 Function Name: NtCreateJobSet

Status: Not hooked

#: 064 Function Name: NtCreateKey

Status: Not hooked

#: 065 Function Name: NtCreateKeyTransacted

Status: Not hooked

#: 066 Function Name: NtCreateMailslotFile

Status: Not hooked

#: 067 Function Name: NtCreateMutant

Status: Not hooked

#: 068 Function Name: NtCreateNamedPipeFile

Status: Not hooked

#: 069 Function Name: NtCreatePrivateNamespace

Status: Not hooked

#: 070 Function Name: NtCreatePagingFile

Status: Not hooked

#: 071 Function Name: NtCreatePort

Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8bd81544

#: 072 Function Name: NtCreateProcess

Status: Not hooked

#: 073 Function Name: NtCreateProcessEx

Status: Not hooked

#: 074 Function Name: NtCreateProfile

Status: Not hooked

#: 075 Function Name: NtCreateSection

Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8bd81e84

#: 076 Function Name: NtCreateSemaphore

Status: Not hooked

#: 077 Function Name: NtCreateSymbolicLinkObject

Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8bd82658

#: 078 Function Name: NtCreateThread

Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8bd81112

#: 079 Function Name: NtCreateTimer

Status: Not hooked

#: 080 Function Name: NtCreateToken

Status: Not hooked

#: 081 Function Name: NtCreateTransaction

Status: Not hooked

#: 082 Function Name: NtOpenTransaction

Status: Not hooked

#: 083 Function Name: NtQueryInformationTransaction

Status: Not hooked

#: 084 Function Name: NtQueryInformationTransactionManager

Status: Not hooked

#: 085 Function Name: NtPrePrepareEnlistment

Status: Not hooked

#: 086 Function Name: NtPrepareEnlistment

Status: Not hooked

#: 087 Function Name: NtCommitEnlistment

Status: Not hooked

#: 088 Function Name: NtReadOnlyEnlistment

Status: Not hooked

#: 089 Function Name: NtRollbackComplete

Status: Not hooked

#: 090 Function Name: NtRollbackEnlistment

Status: Not hooked

#: 091 Function Name: NtCommitTransaction

Status: Not hooked

#: 092 Function Name: NtRollbackTransaction

Status: Not hooked

#: 093 Function Name: NtPrePrepareComplete

Status: Not hooked

#: 094 Function Name: NtPrepareComplete

Status: Not hooked

#: 095 Function Name: NtCommitComplete

Status: Not hooked

#: 096 Function Name: NtSinglePhaseReject

Status: Not hooked

#: 097 Function Name: NtSetInformationTransaction

Status: Not hooked

#: 098 Function Name: NtSetInformationTransactionManager

Status: Not hooked

#: 099 Function Name: NtSetInformationResourceManager

Status: Not hooked

#: 100 Function Name: NtCreateTransactionManager

Status: Not hooked

#: 101 Function Name: NtOpenTransactionManager

Status: Not hooked

#: 102 Function Name: NtRenameTransactionManager

Status: Not hooked

#: 103 Function Name: NtRollforwardTransactionManager

Status: Not hooked

#: 104 Function Name: NtRecoverEnlistment

Status: Not hooked

#: 105 Function Name: NtRecoverResourceManager

Status: Not hooked

#: 106 Function Name: NtRecoverTransactionManager

Status: Not hooked

#: 107 Function Name: NtCreateResourceManager

Status: Not hooked

#: 108 Function Name: NtOpenResourceManager

Status: Not hooked

#: 109 Function Name: NtGetNotificationResourceManager

Status: Not hooked

#: 110 Function Name: NtQueryInformationResourceManager

Status: Not hooked

#: 111 Function Name: NtCreateEnlistment

Status: Not hooked

#: 112 Function Name: NtOpenEnlistment

Status: Not hooked

#: 113 Function Name: NtSetInformationEnlistment

Status: Not hooked

#: 114 Function Name: NtQueryInformationEnlistment

Status: Not hooked

#: 115 Function Name: NtCreateWaitablePort

Status: Not hooked

#: 116 Function Name: NtDebugActiveProcess

Status: Not hooked

#: 117 Function Name: NtDebugContinue

Status: Not hooked

#: 118 Function Name: NtDelayExecution

Status: Not hooked

#: 119 Function Name: NtDeleteAtom

Status: Not hooked

#: 120 Function Name: NtDeleteBootEntry

Status: Not hooked

#: 121 Function Name: NtDeleteDriverEntry

Status: Not hooked

#: 122 Function Name: NtDeleteFile

Status: Hooked by "C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys" at address 0x8c643504

#: 123 Function Name: NtDeleteKey

Status: Hooked by "C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys" at address 0x8c646cb8

#: 124 Function Name: NtDeletePrivateNamespace

Status: Not hooked

#: 125 Function Name: NtDeleteObjectAuditAlarm

Status: Not hooked

#: 126 Function Name: NtDeleteValueKey

Status: Hooked by "C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys" at address 0x8c646cf6

#: 127 Function Name: NtDeviceIoControlFile

Status: Not hooked

#: 128 Function Name: NtDisplayString

Status: Not hooked

#: 129 Function Name: NtDuplicateObject

Status: Not hooked

#: 130 Function Name: NtDuplicateToken

Status: Not hooked

#: 131 Function Name: NtEnumerateBootEntries

Status: Not hooked

#: 132 Function Name: NtEnumerateDriverEntries

Status: Not hooked

#: 133 Function Name: NtEnumerateKey

Status: Not hooked

#: 134 Function Name: NtEnumerateSystemEnvironmentValuesEx

Status: Not hooked

#: 135 Function Name: NtEnumerateTransactionObject

Status: Not hooked

#: 136 Function Name: NtEnumerateValueKey

Status: Not hooked

#: 137 Function Name: NtExtendSection

Status: Not hooked

#: 138 Function Name: NtFilterToken

Status: Not hooked

#: 139 Function Name: NtFindAtom

Status: Not hooked

#: 140 Function Name: NtFlushBuffersFile

Status: Not hooked

#: 141 Function Name: NtFlushInstructionCache

Status: Not hooked

#: 142 Function Name: NtFlushKey

Status: Not hooked

#: 143 Function Name: NtFlushProcessWriteBuffers

Status: Not hooked

#: 144 Function Name: NtFlushVirtualMemory

Status: Not hooked

#: 145 Function Name: NtFlushWriteBuffer

Status: Not hooked

#: 146 Function Name: NtFreeUserPhysicalPages

Status: Not hooked

#: 147 Function Name: NtFreeVirtualMemory

Status: Not hooked

#: 148 Function Name: NtFreezeRegistry

Status: Not hooked

#: 149 Function Name: NtFreezeTransactions

Status: Not hooked

#: 150 Function Name: NtFsControlFile

Status: Not hooked

#: 151 Function Name: NtGetContextThread

Status: Not hooked

#: 152 Function Name: NtGetDevicePowerState

Status: Not hooked

#: 153 Function Name: NtGetNlsSectionPtr

Status: Not hooked

#: 154 Function Name: NtGetPlugPlayEvent

Status: Not hooked

#: 155 Function Name: NtGetWriteWatch

Status: Not hooked

#: 156 Function Name: NtImpersonateAnonymousToken

Status: Not hooked

#: 157 Function Name: NtImpersonateClientOfPort

Status: Not hooked

#: 158 Function Name: NtImpersonateThread

Status: Not hooked

#: 159 Function Name: NtInitializeNlsFiles

Status: Not hooked

#: 160 Function Name: NtInitializeRegistry

Status: Not hooked

#: 161 Function Name: NtInitiatePowerAction

Status: Not hooked

#: 162 Function Name: NtIsProcessInJob

Status: Not hooked

#: 163 Function Name: NtIsSystemResumeAutomatic

Status: Not hooked

#: 164 Function Name: NtListenPort

Status: Not hooked

#: 165 Function Name: NtLoadDriver

Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8bd82fc2

#: 166 Function Name: NtLoadKey

Status: Not hooked

#: 167 Function Name: NtLoadKey2

Status: Not hooked

#: 168 Function Name: NtLoadKeyEx

Status: Not hooked

#: 169 Function Name: NtLockFile

Status: Not hooked

#: 170 Function Name: NtLockProductActivationKeys

Status: Not hooked

#: 171 Function Name: NtLockRegistryKey

Status: Not hooked

#: 172 Function Name: NtLockVirtualMemory

Status: Not hooked

#: 173 Function Name: NtMakePermanentObject

Status: Not hooked

#: 174 Function Name: NtMakeTemporaryObject

Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8bd81a6e

#: 175 Function Name: NtMapUserPhysicalPages

Status: Not hooked

#: 176 Function Name: NtMapUserPhysicalPagesScatter

Status: Not hooked

#: 177 Function Name: NtMapViewOfSection

Status: Not hooked

#: 178 Function Name: NtModifyBootEntry

Status: Not hooked

#: 179 Function Name: NtModifyDriverEntry

Status: Not hooked

#: 180 Function Name: NtNotifyChangeDirectoryFile

Status: Not hooked

#: 181 Function Name: NtNotifyChangeKey

Status: Not hooked

#: 182 Function Name: NtNotifyChangeMultipleKeys

Status: Not hooked

#: 183 Function Name: NtOpenDirectoryObject

Status: Not hooked

#: 184 Function Name: NtOpenEvent

Status: Not hooked

#: 185 Function Name: NtOpenEventPair

Status: Not hooked

#: 186 Function Name: NtOpenFile

Status: Hooked by "C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys" at address 0x8c643450

#: 187 Function Name: NtOpenIoCompletion

Status: Not hooked

#: 188 Function Name: NtOpenJobObject

Status: Not hooked

#: 189 Function Name: NtOpenKey

Status: Not hooked

#: 190 Function Name: NtOpenKeyTransacted

Status: Not hooked

#: 191 Function Name: NtOpenMutant

Status: Not hooked

#: 192 Function Name: NtOpenPrivateNamespace

Status: Not hooked

#: 193 Function Name: NtOpenObjectAuditAlarm

Status: Not hooked

#: 194 Function Name: NtOpenProcess

Status: Hooked by "C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys" at address 0x8c642e0e

#: 195 Function Name: NtOpenProcessToken

Status: Not hooked

#: 196 Function Name: NtOpenProcessTokenEx

Status: Not hooked

#: 197 Function Name: NtOpenSection

Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8bd81cfe

#: 198 Function Name: NtOpenSemaphore

Status: Not hooked

#: 199 Function Name: NtOpenSession

Status: Not hooked

#: 200 Function Name: NtOpenSymbolicLinkObject

Status: Not hooked

#: 201 Function Name: NtOpenThread

Status: Hooked by "C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys" at address 0x8c642fbc

#: 202 Function Name: NtOpenThreadToken

Status: Not hooked

#: 203 Function Name: NtOpenThreadTokenEx

Status: Not hooked

#: 204 Function Name: NtOpenTimer

Status: Not hooked

#: 205 Function Name: NtPlugPlayControl

Status: Not hooked

#: 206 Function Name: NtPowerInformation

Status: Not hooked

#: 207 Function Name: NtPrivilegeCheck

Status: Not hooked

#: 208 Function Name: NtPrivilegeObjectAuditAlarm

Status: Not hooked

#: 209 Function Name: NtPrivilegedServiceAuditAlarm

Status: Not hooked

#: 210 Function Name: NtProtectVirtualMemory

Status: Not hooked

#: 211 Function Name: NtPulseEvent

Status: Not hooked

#: 212 Function Name: NtQueryAttributesFile

Status: Not hooked

#: 213 Function Name: NtQueryBootEntryOrder

Status: Not hooked

#: 214 Function Name: NtQueryBootOptions

Status: Not hooked

#: 215 Function Name: NtQueryDebugFilterState

Status: Not hooked

#: 216 Function Name: NtQueryDefaultLocale

Status: Not hooked

#: 217 Function Name: NtQueryDefaultUILanguage

Status: Not hooked

#: 218 Function Name: NtQueryDirectoryFile

Status: Not hooked

#: 219 Function Name: NtQueryDirectoryObject

Status: Not hooked

#: 220 Function Name: NtQueryDriverEntryOrder

Status: Not hooked

#: 221 Function Name: NtQueryEaFile

Status: Not hooked

#: 222 Function Name: NtQueryEvent

Status: Not hooked

#: 223 Function Name: NtQueryFullAttributesFile

Status: Not hooked

#: 224 Function Name: NtQueryInformationAtom

Status: Not hooked

#: 225 Function Name: NtQueryInformationFile

Status: Not hooked

#: 226 Function Name: NtQueryInformationJobObject

Status: Not hooked

#: 227 Function Name: NtQueryInformationPort

Status: Not hooked

#: 228 Function Name: NtQueryInformationProcess

Status: Not hooked

#: 229 Function Name: NtQueryInformationThread

Status: Not hooked

#: 230 Function Name: NtQueryInformationToken

Status: Not hooked

#: 231 Function Name: NtQueryInstallUILanguage

Status: Not hooked

#: 232 Function Name: NtQueryIntervalProfile

Status: Not hooked

#: 233 Function Name: NtQueryIoCompletion

Status: Not hooked

#: 234 Function Name: NtQueryKey

Status: Not hooked

#: 235 Function Name: NtQueryMultipleValueKey

Status: Not hooked

#: 236 Function Name: NtQueryMutant

Status: Not hooked

#: 237 Function Name: NtQueryObject

Status: Not hooked

#: 238 Function Name: NtQueryOpenSubKeys

Status: Not hooked

#: 239 Function Name: NtQueryOpenSubKeysEx

Status: Not hooked

#: 240 Function Name: NtQueryPerformanceCounter

Status: Not hooked

#: 241 Function Name: NtQueryQuotaInformationFile

Status: Not hooked

#: 242 Function Name: NtQuerySection

Status: Not hooked

#: 243 Function Name: NtQuerySecurityObject

Status: Not hooked

#: 244 Function Name: NtQuerySemaphore

Status: Not hooked

#: 245 Function Name: NtQuerySymbolicLinkObject

Status: Not hooked

#: 246 Function Name: NtQuerySystemEnvironmentValue

Status: Not hooked

#: 247 Function Name: NtQuerySystemEnvironmentValueEx

Status: Not hooked

#: 248 Function Name: NtQuerySystemInformation

Status: Not hooked

#: 249 Function Name: NtQuerySystemTime

Status: Not hooked

#: 250 Function Name: NtQueryTimer

Status: Not hooked

#: 251 Function Name: NtQueryTimerResolution

Status: Not hooked

#: 252 Function Name: NtQueryValueKey

Status: Hooked by "C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys" at address 0x8c646dfa

#: 253 Function Name: NtQueryVirtualMemory

Status: Not hooked

#: 254 Function Name: NtQueryVolumeInformationFile

Status: Not hooked

#: 255 Function Name: NtQueueApcThread

Status: Not hooked

#: 256 Function Name: NtRaiseException

Status: Not hooked

#: 257 Function Name: NtRaiseHardError

Status: Not hooked

#: 258 Function Name: NtReadFile

Status: Not hooked

#: 259 Function Name: NtReadFileScatter

Status: Not hooked

#: 260 Function Name: NtReadRequestData

Status: Not hooked

#: 261 Function Name: NtReadVirtualMemory

Status: Not hooked

#: 262 Function Name: NtRegisterThreadTerminatePort

Status: Not hooked

#: 263 Function Name: NtReleaseMutant

Status: Not hooked

#: 264 Function Name: NtReleaseSemaphore

Status: Not hooked

#: 265 Function Name: NtRemoveIoCompletion

Status: Not hooked

#: 266 Function Name: NtRemoveProcessDebug

Status: Not hooked

#: 267 Function Name: NtRenameKey

Status: Not hooked

#: 268 Function Name: NtReplaceKey

Status: Hooked by "C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys" at address 0x8c646d7e

#: 269 Function Name: NtReplacePartitionUnit

Status: Not hooked

#: 270 Function Name: NtReplyPort

Status: Not hooked

#: 271 Function Name: NtReplyWaitReceivePort

Status: Not hooked

#: 272 Function Name: NtReplyWaitReceivePortEx

Status: Not hooked

#: 273 Function Name: NtReplyWaitReplyPort

Status: Not hooked

#: 274 Function Name: NtRequestDeviceWakeup

Status: Not hooked

#: 275 Function Name: NtRequestPort

Status: Not hooked

#: 276 Function Name: NtRequestWaitReplyPort

Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8bd81662

#: 277 Function Name: NtRequestWakeupLatency

Status: Not hooked

#: 278 Function Name: NtResetEvent

Status: Not hooked

#: 279 Function Name: NtResetWriteWatch

Status: Not hooked

#: 280 Function Name: NtRestoreKey

Status: Hooked by "C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys" at address 0x8c646dbc

#: 281 Function Name: NtResumeProcess

Status: Not hooked

#: 282 Function Name: NtResumeThread

Status: Not hooked

#: 283 Function Name: NtSaveKey

Status: Not hooked

#: 284 Function Name: NtSaveKeyEx

Status: Not hooked

#: 285 Function Name: NtSaveMergedKeys

Status: Not hooked

#: 286 Function Name: NtSecureConnectPort

Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8bd82d5e

#: 287 Function Name: NtSetBootEntryOrder

Status: Not hooked

#: 288 Function Name: NtSetBootOptions

Status: Not hooked

#: 289 Function Name: NtSetContextThread

Status: Not hooked

#: 290 Function Name: NtSetDebugFilterState

Status: Not hooked

#: 291 Function Name: NtSetDefaultHardErrorPort

Status: Not hooked

#: 292 Function Name: NtSetDefaultLocale

Status: Not hooked

#: 293 Function Name: NtSetDefaultUILanguage

Status: Not hooked

#: 294 Function Name: NtSetDriverEntryOrder

Status: Not hooked

#: 295 Function Name: NtSetEaFile

Status: Not hooked

#: 296 Function Name: NtSetEvent

Status: Not hooked

#: 297 Function Name: NtSetEventBoostPriority

Status: Not hooked

#: 298 Function Name: NtSetHighEventPair

Status: Not hooked

#: 299 Function Name: NtSetHighWaitLowEventPair

Status: Not hooked

#: 300 Function Name: NtSetInformationDebugObject

Status: Not hooked

#: 301 Function Name: NtSetInformationFile

Status: Hooked by "C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys" at address 0x8c643572

#: 302 Function Name: NtSetInformationJobObject

Status: Not hooked

#: 303 Function Name: NtSetInformationKey

Status: Not hooked

#: 304 Function Name: NtSetInformationObject

Status: Not hooked

#: 305 Function Name: NtSetInformationProcess

Status: Not hooked

#: 306 Function Name: NtSetInformationThread

Status: Not hooked

#: 307 Function Name: NtSetInformationToken

Status: Not hooked

#: 308 Function Name: NtSetIntervalProfile

Status: Not hooked

#: 309 Function Name: NtSetIoCompletion

Status: Not hooked

#: 310 Function Name: NtSetLdtEntries

Status: Not hooked

#: 311 Function Name: NtSetLowEventPair

Status: Not hooked

#: 312 Function Name: NtSetLowWaitHighEventPair

Status: Not hooked

#: 313 Function Name: NtSetQuotaInformationFile

Status: Not hooked

#: 314 Function Name: NtSetSecurityObject

Status: Not hooked

#: 315 Function Name: NtSetSystemEnvironmentValue

Status: Not hooked

#: 316 Function Name: NtSetSystemEnvironmentValueEx

Status: Not hooked

#: 317 Function Name: NtSetSystemInformation

Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8bd83170

#: 318 Function Name: NtSetSystemPowerState

Status: Not hooked

#: 319 Function Name: NtSetSystemTime

Status: Not hooked

#: 320 Function Name: NtSetThreadExecutionState

Status: Not hooked

#: 321 Function Name: NtSetTimer

Status: Not hooked

#: 322 Function Name: NtSetTimerResolution

Status: Not hooked

#: 323 Function Name: NtSetUuidSeed

Status: Not hooked

#: 324 Function Name: NtSetValueKey

Status: Hooked by "C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys" at address 0x8c646c4c

#: 325 Function Name: NtSetVolumeInformationFile

Status: Not hooked

#: 326 Function Name: NtShutdownSystem

Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8bd81a08

#: 327 Function Name: NtSignalAndWaitForSingleObject

Status: Not hooked

#: 328 Function Name: NtStartProfile

Status: Not hooked

#: 329 Function Name: NtStopProfile

Status: Not hooked

#: 330 Function Name: NtSuspendProcess

Status: Not hooked

#: 331 Function Name: NtSuspendThread

Status: Not hooked

#: 332 Function Name: NtSystemDebugControl

Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8bd81bf2

#: 333 Function Name: NtTerminateJobObject

Status: Not hooked

#: 334 Function Name: NtTerminateProcess

Status: Hooked by "C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys" at address 0x8c642b5a

#: 335 Function Name: NtTerminateThread

Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8bd812dc

#: 336 Function Name: NtTestAlert

Status: Not hooked

#: 337 Function Name: NtThawRegistry

Status: Not hooked

#: 338 Function Name: NtThawTransactions

Status: Not hooked

#: 339 Function Name: NtTraceEvent

Status: Not hooked

#: 340 Function Name: NtTraceControl

Status: Not hooked

#: 341 Function Name: NtTranslateFilePath

Status: Not hooked

#: 342 Function Name: NtUnloadDriver

Status: Not hooked

#: 343 Function Name: NtUnloadKey

Status: Not hooked

#: 344 Function Name: NtUnloadKey2

Status: Not hooked

#: 345 Function Name: NtUnloadKeyEx

Status: Not hooked

#: 346 Function Name: NtUnlockFile

Status: Not hooked

#: 347 Function Name: NtUnlockVirtualMemory

Status: Not hooked

#: 348 Function Name: NtUnmapViewOfSection

Status: Not hooked

#: 349 Function Name: NtVdmControl

Status: Not hooked

#: 350 Function Name: NtWaitForDebugEvent

Status: Not hooked

#: 351 Function Name: NtWaitForMultipleObjects

Status: Not hooked

#: 352 Function Name: NtWaitForSingleObject

Status: Not hooked

#: 353 Function Name: NtWaitHighEventPair

Status: Not hooked

#: 354 Function Name: NtWaitLowEventPair

Status: Not hooked

#: 355 Function Name: NtWriteFile

Status: Not hooked

#: 356 Function Name: NtWriteFileGather

Status: Not hooked

#: 357 Function Name: NtWriteRequestData

Status: Not hooked

#: 358 Function Name: NtWriteVirtualMemory

Status: Not hooked

#: 359 Function Name: NtYieldExecution

Status: Not hooked

#: 360 Function Name: NtCreateKeyedEvent

Status: Not hooked

#: 361 Function Name: NtOpenKeyedEvent

Status: Not hooked

#: 362 Function Name: NtReleaseKeyedEvent

Status: Not hooked

#: 363 Function Name: NtWaitForKeyedEvent

Status: Not hooked

#: 364 Function Name: NtQueryPortInformationProcess

Status: Not hooked

#: 365 Function Name: NtGetCurrentProcessorNumber

Status: Not hooked

#: 366 Function Name: NtWaitForMultipleObjects32

Status: Not hooked

#: 367 Function Name: NtGetNextProcess

Status: Not hooked

#: 368 Function Name: NtGetNextThread

Status: Not hooked

#: 369 Function Name: NtCancelIoFileEx

Status: Not hooked

#: 370 Function Name: NtCancelSynchronousIoFile

Status: Not hooked

#: 371 Function Name: NtRemoveIoCompletionEx

Status: Not hooked

#: 372 Function Name: NtRegisterProtocolAddressInformation

Status: Not hooked

#: 373 Function Name: NtPropagationComplete

Status: Not hooked

#: 374 Function Name: NtPropagationFailed

Status: Not hooked

#: 375 Function Name: NtCreateWorkerFactory

Status: Not hooked

#: 376 Function Name: NtReleaseWorkerFactoryWorker

Status: Not hooked

#: 377 Function Name: NtWaitForWorkViaWorkerFactory

Status: Not hooked

#: 378 Function Name: NtSetInformationWorkerFactory

Status: Not hooked

#: 379 Function Name: NtQueryInformationWorkerFactory

Status: Not hooked

#: 380 Function Name: NtWorkerFactoryWorkerReady

Status: Not hooked

#: 381 Function Name: NtShutdownWorkerFactory

Status: Not hooked

#: 382 Function Name: NtCreateThreadEx

Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x8bd829b2

#: 383 Function Name: NtCreateUserProcess

Status: Not hooked

#: 384 Function Name: NtQueryLicenseValue

Status: Not hooked

#: 385 Function Name: NtMapCMFModule

Status: Not hooked

#: 386 Function Name: NtIsUILanguageComitted

Status: Not hooked

#: 387 Function Name: NtFlushInstallUILanguage

Status: Not hooked

#: 388 Function Name: NtGetMUIRegistryInfo

Status: Not hooked

#: 389 Function Name: NtAcquireCMFViewOwnership

Status: Not hooked

#: 390 Function Name: NtReleaseCMFViewOwnership

Status: Not hooked

ROOTREPEAL © AD, 2007-2009

==================================================

Scan Start Time: 2009/07/25 00:34

Program Version: Version 1.3.2.0

Windows Version: Windows Vista SP1

==================================================

Drivers

-------------------

Name: acpi.sys

Image Path: C:\Windows\system32\drivers\acpi.sys

Address: 0x80694000 Size: 286720 File Visible: - Signed: -

Status: -

Name: ACPI_HAL

Image Path: \Driver\ACPI_HAL

Address: 0x82812000 Size: 3903488 File Visible: - Signed: -

Status: -

Name: afd.sys

Image Path: C:\Windows\system32\drivers\afd.sys

Address: 0x8C318000 Size: 294912 File Visible: - Signed: -

Status: -

Name: atapi.sys

Image Path: C:\Windows\system32\drivers\atapi.sys

Address: 0x807A6000 Size: 32768 File Visible: - Signed: -

Status: -

Name: ataport.SYS

Image Path: C:\Windows\system32\drivers\ataport.SYS

Address: 0x807AE000 Size: 122880 File Visible: - Signed: -

Status: -

Name: ATMFD.DLL

Image Path: C:\Windows\System32\ATMFD.DLL

Address: 0x81900000 Size: 311296 File Visible: - Signed: -

Status: -

Name: avgldx86.sys

Image Path: C:\Windows\System32\Drivers\avgldx86.sys

Address: 0x8C6E5000 Size: 329088 File Visible: - Signed: -

Status: -

Name: avgmfx86.sys

Image Path: C:\Windows\System32\Drivers\avgmfx86.sys

Address: 0x8C6DF000 Size: 21120 File Visible: - Signed: -

Status: -

Name: Beep.SYS

Image Path: C:\Windows\System32\Drivers\Beep.SYS

Address: 0x8BFF7000 Size: 28672 File Visible: - Signed: -

Status: -

Name: BOOTVID.dll

Image Path: C:\Windows\system32\BOOTVID.dll

Address: 0x80481000 Size: 32768 File Visible: - Signed: -

Status: -

Name: bowser.sys

Image Path: C:\Windows\system32\DRIVERS\bowser.sys

Address: 0xA899C000 Size: 102400 File Visible: - Signed: -

Status: -

Name: cdd.dll

Image Path: C:\Windows\System32\cdd.dll

Address: 0x818F0000 Size: 57344 File Visible: - Signed: -

Status: -

Name: cdfs.sys

Image Path: C:\Windows\system32\DRIVERS\cdfs.sys

Address: 0x8C736000 Size: 90112 File Visible: - Signed: -

Status: -

Name: cdrom.sys

Image Path: C:\Windows\system32\DRIVERS\cdrom.sys

Address: 0x8353B000 Size: 98304 File Visible: - Signed: -

Status: -

Name: CI.dll

Image Path: C:\Windows\system32\CI.dll

Address: 0x804CA000 Size: 917504 File Visible: - Signed: -

Status: -

Name: CLASSPNP.SYS

Image Path: C:\Windows\system32\drivers\CLASSPNP.SYS

Address: 0x8379E000 Size: 135168 File Visible: - Signed: -

Status: -

Name: CLFS.SYS

Image Path: C:\Windows\system32\CLFS.SYS

Address: 0x80489000 Size: 266240 File Visible: - Signed: -

Status: -

Name: cmdguard.sys

Image Path: C:\Windows\System32\DRIVERS\cmdguard.sys

Address: 0x8BD7E000 Size: 126976 File Visible: - Signed: -

Status: -

Name: cmdhlp.sys

Image Path: C:\Windows\System32\DRIVERS\cmdhlp.sys

Address: 0x8C2FA000 Size: 40960 File Visible: - Signed: -

Status: -

Name: crashdmp.sys

Image Path: C:\Windows\System32\Drivers\crashdmp.sys

Address: 0x8C74C000 Size: 53248 File Visible: - Signed: -

Status: -

Name: crcdisk.sys

Image Path: C:\Windows\system32\drivers\crcdisk.sys

Address: 0x837BF000 Size: 36864 File Visible: - Signed: -

Status: -

Name: csc.sys

Image Path: C:\Windows\system32\drivers\csc.sys

Address: 0x8C66E000 Size: 368640 File Visible: - Signed: -

Status: -

Name: dfsc.sys

Image Path: C:\Windows\System32\Drivers\dfsc.sys

Address: 0x8C6C8000 Size: 94208 File Visible: - Signed: -

Status: -

Name: disk.sys

Image Path: C:\Windows\system32\drivers\disk.sys

Address: 0x8378D000 Size: 69632 File Visible: - Signed: -

Status: -

Name: drmk.sys

Image Path: C:\Windows\system32\drivers\drmk.sys

Address: 0x8BD59000 Size: 151552 File Visible: - Signed: -

Status: -

Name: dump_atapi.sys

Image Path: C:\Windows\System32\Drivers\dump_atapi.sys

Address: 0x8C764000 Size: 32768 File Visible: No Signed: -

Status: -

Name: dump_dumpata.sys

Image Path: C:\Windows\System32\Drivers\dump_dumpata.sys

Address: 0x8C759000 Size: 45056 File Visible: No Signed: -

Status: -

Name: Dxapi.sys

Image Path: C:\Windows\System32\drivers\Dxapi.sys

Address: 0x8C76C000 Size: 40960 File Visible: - Signed: -

Status: -

Name: dxgkrnl.sys

Image Path: C:\Windows\System32\drivers\dxgkrnl.sys

Address: 0x8BACA000 Size: 651264 File Visible: - Signed: -

Status: -

Name: e1e6032.sys

Image Path: C:\Windows\system32\DRIVERS\e1e6032.sys

Address: 0x8BB76000 Size: 241664 File Visible: - Signed: -

Status: -

Name: ecache.sys

Image Path: C:\Windows\System32\drivers\ecache.sys

Address: 0x83766000 Size: 159744 File Visible: - Signed: -

Status: -

Name: fastfat.SYS

Image Path: C:\Windows\System32\Drivers\fastfat.SYS

Address: 0xA972C000 Size: 163840 File Visible: - Signed: -

Status: -

Name: fdc.sys

Image Path: C:\Windows\system32\DRIVERS\fdc.sys

Address: 0x83530000 Size: 45056 File Visible: - Signed: -

Status: -

Name: fileinfo.sys

Image Path: C:\Windows\system32\drivers\fileinfo.sys

Address: 0x805AA000 Size: 65536 File Visible: - Signed: -

Status: -

Name: fltmgr.sys

Image Path: C:\Windows\system32\drivers\fltmgr.sys

Address: 0x807CC000 Size: 204800 File Visible: - Signed: -

Status: -

Name: Fs_Rec.SYS

Image Path: C:\Windows\System32\Drivers\Fs_Rec.SYS

Address: 0x8BFE7000 Size: 36864 File Visible: - Signed: -

Status: -

Name: fwpkclnt.sys

Image Path: C:\Windows\System32\drivers\fwpkclnt.sys

Address: 0x834F4000 Size: 110592 File Visible: - Signed: -

Status: -

Name: hal.dll

Image Path: C:\Windows\system32\hal.dll

Address: 0x82BCB000 Size: 208896 File Visible: - Signed: -

Status: -

Name: HDAudBus.sys

Image Path: C:\Windows\system32\DRIVERS\HDAudBus.sys

Address: 0x8351E000 Size: 73728 File Visible: - Signed: -

Status: -

Name: HIDCLASS.SYS

Image Path: C:\Windows\system32\DRIVERS\HIDCLASS.SYS

Address: 0x8C2A7000 Size: 65536 File Visible: - Signed: -

Status: -

Name: HIDPARSE.SYS

Image Path: C:\Windows\system32\DRIVERS\HIDPARSE.SYS

Address: 0x8BD9D000 Size: 28672 File Visible: - Signed: -

Status: -

Name: hidusb.sys

Image Path: C:\Windows\system32\DRIVERS\hidusb.sys

Address: 0x8C29E000 Size: 36864 File Visible: - Signed: -

Status: -

Name: HTTP.sys

Image Path: C:\Windows\system32\drivers\HTTP.sys

Address: 0xA8914000 Size: 438272 File Visible: - Signed: -

Status: -

Name: igdkmd32.sys

Image Path: C:\Windows\system32\DRIVERS\igdkmd32.sys

Address: 0x8B40F000 Size: 7057408 File Visible: - Signed: -

Status: -

Name: ikfilesec.sys

Image Path: C:\Windows\system32\drivers\ikfilesec.sys

Address: 0x805BA000 Size: 57344 File Visible: - Signed: -

Status: -

Name: inspect.sys

Image Path: C:\Windows\system32\DRIVERS\inspect.sys

Address: 0x8C376000 Size: 77824 File Visible: - Signed: -

Status: -

Name: intelide.sys

Image Path: C:\Windows\system32\DRIVERS\intelide.sys

Address: 0x8077A000 Size: 28672 File Visible: - Signed: -

Status: -

Name: intelppm.sys

Image Path: C:\Windows\system32\DRIVERS\intelppm.sys

Address: 0x8350F000 Size: 61440 File Visible: - Signed: -

Status: -

Name: kbdclass.sys

Image Path: C:\Windows\system32\DRIVERS\kbdclass.sys

Address: 0x8BCBB000 Size: 45056 File Visible: - Signed: -

Status: -

Name: kbdhid.sys

Image Path: C:\Windows\system32\DRIVERS\kbdhid.sys

Address: 0x8C2B7000 Size: 36864 File Visible: - Signed: -

Status: -

Name: kdcom.dll

Image Path: C:\Windows\system32\kdcom.dll

Address: 0x80408000 Size: 32768 File Visible: - Signed: -

Status: -

Name: ks.sys

Image Path: C:\Windows\system32\DRIVERS\ks.sys

Address: 0x8BCD3000 Size: 172032 File Visible: - Signed: -

Status: -

Name: ksecdd.sys

Image Path: C:\Windows\System32\Drivers\ksecdd.sys

Address: 0x82E0F000 Size: 462848 File Visible: - Signed: -

Status: -

Name: lltdio.sys

Image Path: C:\Windows\system32\DRIVERS\lltdio.sys

Address: 0xA88BD000 Size: 65536 File Visible: - Signed: -

Status: -

Name: luafv.sys

Image Path: C:\Windows\system32\drivers\luafv.sys

Address: 0x8C785000 Size: 110592 File Visible: - Signed: -

Status: -

Name: mcupdate_GenuineIntel.dll

Image Path: C:\Windows\system32\mcupdate_GenuineIntel.dll

Address: 0x80410000 Size: 393216 File Visible: - Signed: -

Status: -

Name: monitor.sys

Image Path: C:\Windows\system32\DRIVERS\monitor.sys

Address: 0x8C776000 Size: 61440 File Visible: - Signed: -

Status: -

Name: mouclass.sys

Image Path: C:\Windows\system32\DRIVERS\mouclass.sys

Address: 0x8BCC6000 Size: 45056 File Visible: - Signed: -

Status: -

Name: mouhid.sys

Image Path: C:\Windows\system32\DRIVERS\mouhid.sys

Address: 0x8C2C0000 Size: 32768 File Visible: - Signed: -

Status: -

Name: mountmgr.sys

Image Path: C:\Windows\System32\drivers\mountmgr.sys

Address: 0x80796000 Size: 65536 File Visible: - Signed: -

Status: -

Name: mpsdrv.sys

Image Path: C:\Windows\System32\drivers\mpsdrv.sys

Address: 0xA89B5000 Size: 86016 File Visible: - Signed: -

Status: -

Name: mrxdav.sys

Image Path: C:\Windows\system32\drivers\mrxdav.sys

Address: 0xA89CA000 Size: 131072 File Visible: - Signed: -

Status: -

Name: mrxsmb.sys

Image Path: C:\Windows\system32\DRIVERS\mrxsmb.sys

Address: 0x8C7A8000 Size: 126976 File Visible: - Signed: -

Status: -

Name: mrxsmb10.sys

Image Path: C:\Windows\system32\DRIVERS\mrxsmb10.sys

Address: 0x8C7C7000 Size: 233472 File Visible: - Signed: -

Status: -

Name: mrxsmb20.sys

Image Path: C:\Windows\system32\DRIVERS\mrxsmb20.sys

Address: 0x8C3D1000 Size: 98304 File Visible: - Signed: -

Status: -

Name: Msfs.SYS

Image Path: C:\Windows\System32\Drivers\Msfs.SYS

Address: 0x8BDD9000 Size: 45056 File Visible: - Signed: -

Status: -

Name: msisadrv.sys

Image Path: C:\Windows\system32\drivers\msisadrv.sys

Address: 0x806E3000 Size: 32768 File Visible: - Signed: -

Status: -

Name: msiscsi.sys

Image Path: C:\Windows\system32\DRIVERS\msiscsi.sys

Address: 0x83553000 Size: 188416 File Visible: - Signed: -

Status: -

Name: msrpc.sys

Image Path: C:\Windows\system32\drivers\msrpc.sys

Address: 0x82F8B000 Size: 176128 File Visible: - Signed: -

Status: -

Name: mssmbios.sys

Image Path: C:\Windows\system32\DRIVERS\mssmbios.sys

Address: 0x8BCFD000 Size: 40960 File Visible: - Signed: -

Status: -

Name: mup.sys

Image Path: C:\Windows\System32\Drivers\mup.sys

Address: 0x83757000 Size: 61440 File Visible: - Signed: -

Status: -

Name: ndis.sys

Image Path: C:\Windows\system32\drivers\ndis.sys

Address: 0x82E80000 Size: 1093632 File Visible: - Signed: -

Status: -

Name: ndistapi.sys

Image Path: C:\Windows\system32\DRIVERS\ndistapi.sys

Address: 0x835E4000 Size: 45056 File Visible: - Signed: -

Status: -

Name: ndisuio.sys

Image Path: C:\Windows\system32\DRIVERS\ndisuio.sys

Address: 0xA88F7000 Size: 40960 File Visible: - Signed: -

Status: -

Name: ndiswan.sys

Image Path: C:\Windows\system32\DRIVERS\ndiswan.sys

Address: 0x805C8000 Size: 143360 File Visible: - Signed: -

Status: -

Name: NDProxy.SYS

Image Path: C:\Windows\System32\Drivers\NDProxy.SYS

Address: 0x8BD48000 Size: 69632 File Visible: - Signed: -

Status: -

Name: netbios.sys

Image Path: C:\Windows\system32\DRIVERS\netbios.sys

Address: 0x8C389000 Size: 57344 File Visible: - Signed: -

Status: -

Name: netbt.sys

Image Path: C:\Windows\System32\DRIVERS\netbt.sys

Address: 0x8C2C8000 Size: 204800 File Visible: - Signed: -

Status: -

Name: NETIO.SYS

Image Path: C:\Windows\system32\drivers\NETIO.SYS

Address: 0x82FB6000 Size: 237568 File Visible: - Signed: -

Status: -

Name: netr73.sys

Image Path: C:\Windows\system32\DRIVERS\netr73.sys

Address: 0x8C223000 Size: 495616 File Visible: - Signed: -

Status: -

Name: Npfs.SYS

Image Path: C:\Windows\System32\Drivers\Npfs.SYS

Address: 0x8BDE4000 Size: 57344 File Visible: - Signed: -

Status: -

Name: nsiproxy.sys

Image Path: C:\Windows\system32\drivers\nsiproxy.sys

Address: 0x8C664000 Size: 40960 File Visible: - Signed: -

Status: -

Name: Ntfs.sys

Image Path: C:\Windows\System32\Drivers\Ntfs.sys

Address: 0x83607000 Size: 1110016 File Visible: - Signed: -

Status: -

Name: ntkrnlpa.exe

Image Path: C:\Windows\system32\ntkrnlpa.exe

Address: 0x82812000 Size: 3903488 File Visible: - Signed: -

Status: -

Name: Null.SYS

Image Path: C:\Windows\System32\Drivers\Null.SYS

Address: 0x8BFF0000 Size: 28672 File Visible: - Signed: -

Status: -

Name: nwifi.sys

Image Path: C:\Windows\system32\DRIVERS\nwifi.sys

Address: 0xA88CD000 Size: 172032 File Visible: - Signed: -

Status: -

Name: pacer.sys

Image Path: C:\Windows\system32\DRIVERS\pacer.sys

Address: 0x8C360000 Size: 90112 File Visible: - Signed: -

Status: -

Name: partmgr.sys

Image Path: C:\Windows\System32\drivers\partmgr.sys

Address: 0x80712000 Size: 61440 File Visible: - Signed: -

Status: -

Name: pci.sys

Image Path: C:\Windows\system32\drivers\pci.sys

Address: 0x806EB000 Size: 159744 File Visible: - Signed: -

Status: -

Name: pciide.sys

Image Path: C:\Windows\system32\drivers\pciide.sys

Address: 0x8078F000 Size: 28672 File Visible: - Signed: -

Status: -

Name: PCIIDEX.SYS

Image Path: C:\Windows\system32\DRIVERS\PCIIDEX.SYS

Address: 0x80781000 Size: 57344 File Visible: - Signed: -

Status: -

Name: peauth.sys

Image Path: C:\Windows\system32\drivers\peauth.sys

Address: 0xA964E000 Size: 909312 File Visible: - Signed: -

Status: -

Name: PnpManager

Image Path: \Driver\PnpManager

Address: 0x82812000 Size: 3903488 File Visible: - Signed: -

Status: -

Name: portcls.sys

Image Path: C:\Windows\system32\drivers\portcls.sys

Address: 0x8BFBA000 Size: 184320 File Visible: - Signed: -

Status: -

Name: PSHED.dll

Image Path: C:\Windows\system32\PSHED.dll

Address: 0x80470000 Size: 69632 File Visible: - Signed: -

Status: -

Name: PxHelp20.sys

Image Path: C:\Windows\System32\Drivers\PxHelp20.sys

Address: 0x80600000 Size: 35648 File Visible: - Signed: -

Status: -

Name: RapportKELL.sys

Image Path: C:\Program Files\Trusteer\Rapport\bin\RapportKELL.sys

Address: 0x8C657000 Size: 51456 File Visible: - Signed: -

Status: -

Name: RapportPG.sys

Image Path: C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys

Address: 0x8C642000 Size: 83840 File Visible: - Signed: -

Status: -

Name: rasacd.sys

Image Path: C:\Windows\System32\DRIVERS\rasacd.sys

Address: 0x8BDF2000 Size: 36864 File Visible: - Signed: -

Status: -

Name: rasl2tp.sys

Image Path: C:\Windows\system32\DRIVERS\rasl2tp.sys

Address: 0x835CD000 Size: 94208 File Visible: - Signed: -

Status: -

Name: raspppoe.sys

Image Path: C:\Windows\system32\DRIVERS\raspppoe.sys

Address: 0x835EF000 Size: 61440 File Visible: - Signed: -

Status: -

Name: raspptp.sys

Image Path: C:\Windows\system32\DRIVERS\raspptp.sys

Address: 0x805EB000 Size: 81920 File Visible: - Signed: -

Status: -

Name: rassstp.sys

Image Path: C:\Windows\system32\DRIVERS\rassstp.sys

Address: 0x8BC0D000 Size: 86016 File Visible: - Signed: -

Status: -

Name: RAW

Image Path: \FileSystem\RAW

Address: 0x82812000 Size: 3903488 File Visible: - Signed: -

Status: -

Name: rdbss.sys

Image Path: C:\Windows\system32\DRIVERS\rdbss.sys

Address: 0x8C606000 Size: 245760 File Visible: - Signed: -

Status: -

Name: RDPCDD.sys

Image Path: C:\Windows\System32\DRIVERS\RDPCDD.sys

Address: 0x8BE00000 Size: 32768 File Visible: - Signed: -

Status: -

Name: rdpdr.sys

Image Path: C:\Windows\system32\DRIVERS\rdpdr.sys

Address: 0x8BC22000 Size: 561152 File Visible: - Signed: -

Status: -

Name: rdpencdd.sys

Image Path: C:\Windows\system32\drivers\rdpencdd.sys

Address: 0x8BDD1000 Size: 32768 File Visible: - Signed: -

Status: -

Name: rootrepeal.sys

Image Path: C:\Windows\system32\drivers\rootrepeal.sys

Address: 0xA9776000 Size: 49152 File Visible: No Signed: -

Status: -

Name: rspndr.sys

Image Path: C:\Windows\system32\DRIVERS\rspndr.sys

Address: 0xA8901000 Size: 77824 File Visible: - Signed: -

Status: -

Name: RTKVHDA.sys

Image Path: C:\Windows\system32\drivers\RTKVHDA.sys

Address: 0x8BE0A000 Size: 1767872 File Visible: - Signed: -

Status: -

Name: SASDIFSV.SYS

Image Path: C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS

Address: 0x8C3CB000 Size: 24576 File Visible: - Signed: -

Status: -

Name: SASKUTIL.sys

Image Path: C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys

Address: 0x8C3AA000 Size: 135168 File Visible: - Signed: -

Status: -

Name: secdrv.SYS

Image Path: C:\Windows\System32\Drivers\secdrv.SYS

Address: 0xA9754000 Size: 40960 File Visible: - Signed: -

Status: -

Name: smb.sys

Image Path: C:\Windows\system32\DRIVERS\smb.sys

Address: 0x8C304000 Size: 81920 File Visible: - Signed: -

Status: -

Name: spldr.sys

Image Path: C:\Windows\System32\Drivers\spldr.sys

Address: 0x8374F000 Size: 32768 File Visible: - Signed: -

Status: -

Name: spsys.sys

Image Path: C:\Windows\system32\drivers\spsys.sys

Address: 0xA880E000 Size: 716800 File Visible: - Signed: -

Status: -

Name: srv.sys

Image Path: C:\Windows\System32\DRIVERS\srv.sys

Address: 0xA9602000 Size: 311296 File Visible: - Signed: -

Status: -

Name: srv2.sys

Image Path: C:\Windows\System32\DRIVERS\srv2.sys

Address: 0x837C8000 Size: 159744 File Visible: - Signed: -

Status: -

Name: srvnet.sys

Image Path: C:\Windows\System32\DRIVERS\srvnet.sys

Address: 0xA897F000 Size: 118784 File Visible: - Signed: -

Status: -

Name: storport.sys

Image Path: C:\Windows\system32\DRIVERS\storport.sys

Address: 0x83581000 Size: 266240 File Visible: - Signed: -

Status: -

Name: swenum.sys

Image Path: C:\Windows\system32\DRIVERS\swenum.sys

Address: 0x8BCD1000 Size: 4992 File Visible: - Signed: -

Status: -

Name: tcpip.sys

Image Path: C:\Windows\System32\drivers\tcpip.sys

Address: 0x8340D000 Size: 946176 File Visible: - Signed: -

Status: -

Name: tcpipreg.sys

Image Path: C:\Windows\System32\drivers\tcpipreg.sys

Address: 0xA975E000 Size: 49152 File Visible: - Signed: -

Status: -

Name: TDI.SYS

Image Path: C:\Windows\system32\DRIVERS\TDI.SYS

Address: 0x835C2000 Size: 45056 File Visible: - Signed: -

Status: -

Name: tdx.sys

Image Path: C:\Windows\system32\DRIVERS\tdx.sys

Address: 0x8C20D000 Size: 90112 File Visible: - Signed: -

Status: -

Name: termdd.sys

Image Path: C:\Windows\system32\DRIVERS\termdd.sys

Address: 0x8BCAB000 Size: 65536 File Visible: - Signed: -

Status: -

Name: TSDDD.dll

Image Path: C:\Windows\System32\TSDDD.dll

Address: 0x818D0000 Size: 36864 File Visible: - Signed: -

Status: -

Name: tunmp.sys

Image Path: C:\Windows\system32\DRIVERS\tunmp.sys

Address: 0x837F3000 Size: 36864 File Visible: - Signed: -

Status: -

Name: umbus.sys

Image Path: C:\Windows\system32\DRIVERS\umbus.sys

Address: 0x8BD07000 Size: 53248 File Visible: - Signed: -

Status: -

Name: USBD.SYS

Image Path: C:\Windows\system32\DRIVERS\USBD.SYS

Address: 0x8C29C000 Size: 8192 File Visible: - Signed: -

Status: -

Name: usbehci.sys

Image Path: C:\Windows\system32\DRIVERS\usbehci.sys

Address: 0x8B400000 Size: 61440 File Visible: - Signed: -

Status: -

Name: usbhub.sys

Image Path: C:\Windows\system32\DRIVERS\usbhub.sys

Address: 0x8BD14000 Size: 212992 File Visible: - Signed: -

Status: -

Name: USBPORT.SYS

Image Path: C:\Windows\system32\DRIVERS\USBPORT.SYS

Address: 0x8BBBC000 Size: 253952 File Visible: - Signed: -

Status: -

Name: usbuhci.sys

Image Path: C:\Windows\system32\DRIVERS\usbuhci.sys

Address: 0x8BBB1000 Size: 45056 File Visible: - Signed: -

Status: -

Name: vga.sys

Image Path: C:\Windows\System32\drivers\vga.sys

Address: 0x8BDA4000 Size: 49152 File Visible: - Signed: -

Status: -

Name: VIDEOPRT.SYS

Image Path: C:\Windows\System32\drivers\VIDEOPRT.SYS

Address: 0x8BDB0000 Size: 135168 File Visible: - Signed: -

Status: -

Name: volmgr.sys

Image Path: C:\Windows\system32\drivers\volmgr.sys

Address: 0x80721000 Size: 61440 File Visible: - Signed: -

Status: -

Name: volmgrx.sys

Image Path: C:\Windows\System32\drivers\volmgrx.sys

Address: 0x80730000 Size: 303104 File Visible: - Signed: -

Status: -

Name: volsnap.sys

Image Path: C:\Windows\system32\drivers\volsnap.sys

Address: 0x83716000 Size: 233472 File Visible: - Signed: -

Status: -

Name: wanarp.sys

Image Path: C:\Windows\system32\DRIVERS\wanarp.sys

Address: 0x8C397000 Size: 77824 File Visible: - Signed: -

Status: -

Name: watchdog.sys

Image Path: C:\Windows\System32\drivers\watchdog.sys

Address: 0x8BB69000 Size: 53248 File Visible: - Signed: -

Status: -

Name: Wdf01000.sys

Image Path: C:\Windows\system32\drivers\Wdf01000.sys

Address: 0x8060B000 Size: 507904 File Visible: - Signed: -

Status: -

Name: WDFLDR.SYS

Image Path: C:\Windows\system32\drivers\WDFLDR.SYS

Address: 0x80687000 Size: 53248 File Visible: - Signed: -

Status: -

Name: Win32k

Image Path: \Driver\Win32k

Address: 0x816B0000 Size: 2105344 File Visible: - Signed: -

Status: -

Name: win32k.sys

Image Path: C:\Windows\System32\win32k.sys

Address: 0x816B0000 Size: 2105344 File Visible: - Signed: -

Status: -

Name: WMILIB.SYS

Image Path: C:\Windows\system32\drivers\WMILIB.SYS

Address: 0x806DA000 Size: 36864 File Visible: - Signed: -

Status: -

Name: WMIxWDM

Image Path: \Driver\WMIxWDM

Address: 0x82812000 Size: 3903488 File Visible: - Signed: -

Status: -

OOTREPEAL © AD, 2007-2009

==================================================

Scan Start Time: 2009/07/25 00:35

Program Version: Version 1.3.2.0

Windows Version: Windows Vista SP1

==================================================

Hidden Services

-------------------

ROOTREPEAL © AD, 2007-2009

==================================================

Scan Start Time: 2009/07/25 00:35

Program Version: Version 1.3.2.0

Windows Version: Windows Vista SP1

==================================================

Processes

-------------------

Path: System

PID: 4 Status: Locked to the Windows API!

Path: C:\Windows\System32\svchost.exe

PID: 260 Status: -

Path: C:\Windows\System32\smss.exe

PID: 464 Status: -

Path: C:\Windows\System32\csrss.exe

PID: 532 Status: -

Path: C:\Windows\System32\wininit.exe

PID: 576 Status: -

Path: C:\Windows\System32\csrss.exe

PID: 588 Status: -

Path: C:\Windows\System32\winlogon.exe

PID: 648 Status: -

Path: C:\Windows\System32\services.exe

PID: 668 Status: -

Path: C:\Windows\System32\lsass.exe

PID: 680 Status: -

Path: C:\Windows\System32\lsm.exe

PID: 692 Status: -

Path: C:\Windows\System32\hkcmd.exe

PID: 848 Status: -

Path: C:\Windows\System32\svchost.exe

PID: 912 Status: -

Path: C:\Program Files\AVG\AVG8\avgrsx.exe

PID: 920 Status: -

Path: C:\Program Files\Java\jre6\bin\jusched.exe

PID: 948 Status: -

Path: C:\Windows\System32\svchost.exe

PID: 980 Status: -

Path: C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

PID: 1028 Status: -

Path: C:\Windows\System32\svchost.exe

PID: 1148 Status: -

Path: C:\Windows\System32\wbem\unsecapp.exe

PID: 1156 Status: -

Path: C:\Windows\System32\svchost.exe

PID: 1168 Status: -

Path: C:\Windows\System32\svchost.exe

PID: 1228 Status: -

Path: C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

PID: 1240 Status: -

Path: C:\Windows\System32\svchost.exe

PID: 1276 Status: -

Path: C:\Program Files\Spyware Doctor\pctsTray.exe

PID: 1312 Status: -

Path: C:\Windows\System32\svchost.exe

PID: 1320 Status: -

Path: C:\Windows\System32\audiodg.exe

PID: 1432 Status: Locked to the Windows API!

Path: C:\Windows\System32\svchost.exe

PID: 1532 Status: -

Path: C:\Windows\System32\SLsvc.exe

PID: 1596 Status: -

Path: C:\Windows\System32\wbem\WmiPrvSE.exe

PID: 1604 Status: -

Path: C:\Windows\System32\igfxsrvc.exe

PID: 1612 Status: -

Path: C:\Windows\System32\svchost.exe

PID: 1652 Status: -

Path: C:\Windows\System32\svchost.exe

PID: 1868 Status: -

Path: C:\Windows\System32\spoolsv.exe

PID: 2040 Status: -

Path: C:\Program Files\Spyware Doctor\pctsAuxs.exe

PID: 2224 Status: -

Path: C:\Program Files\Spyware Doctor\pctsSvc.exe

PID: 2256 Status: -

Path: C:\Windows\System32\svchost.exe

PID: 2308 Status: -

Path: C:\Windows\System32\svchost.exe

PID: 2340 Status: -

Path: C:\Windows\System32\SearchIndexer.exe

PID: 2392 Status: -

Path: C:\Windows\System32\igfxpers.exe

PID: 2416 Status: -

Path: C:\Windows\System32\svchost.exe

PID: 2488 Status: -

Path: C:\Windows\System32\wuauclt.exe

PID: 2604 Status: -

Path: C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

PID: 2640 Status: -

Path: C:\Program Files\Windows Media Player\wmpnetwk.exe

PID: 2676 Status: -

Path: C:\Program Files\Mozilla Firefox\firefox.exe

PID: 2936 Status: -

Path: C:\Windows\RtHDVCpl.exe

PID: 3144 Status: -

Path: C:\Program Files\Common Files\Real\Update_OB\realsched.exe

PID: 3196 Status: -

Path: C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

PID: 3204 Status: -

Path: C:\Program Files\AVG\AVG8\avgtray.exe

PID: 3228 Status: -

Path: C:\Program Files\COMODO\COMODO Internet Security\cfp.exe

PID: 3636 Status: -

Path: C:\Windows\System32\taskeng.exe

PID: 3700 Status: -

Path: C:\Program Files\Windows Media Player\wmpnscfg.exe

PID: 3724 Status: -

Path: C:\Windows\System32\dwm.exe

PID: 3820 Status: -

Path: C:\Windows\explorer.exe

PID: 3860 Status: -

Path: C:\Users\Big Si\AppData\Local\Google\Update\GoogleUpdate.exe

PID: 4012 Status: -

Path: C:\Users\Big Si\Desktop\RootRepeal.exe

PID: 4024 Status: -

Path: C:\Windows\System32\mobsync.exe

PID: 4072 Status: -

Path: C:\Windows\System32\SearchProtocolHost.exe

PID: 4636 Status: -

Path: C:\Windows\System32\SearchFilterHost.exe

PID: 4664 Status: -

OTL log

OTL logfile created on: 25/07/2009 12:36:20 AM - Run 1

OTL by OldTimer - Version 3.0.10.3 Folder = C:\Users\Big Si\Downloads

Windows Vista Business Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6001.18000)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1012.45 Mb Total Physical Memory | 273.96 Mb Available Physical Memory | 27.06% Memory free

2.24 Gb Paging File | 0.94 Gb Available in Paging File | 42.17% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 138.96 Gb Total Space | 50.62 Gb Free Space | 36.43% Space Free | Partition Type: NTFS

Drive D: | 149.01 Gb Total Space | 148.91 Gb Free Space | 99.93% Space Free | Partition Type: NTFS

Drive E: | 10.00 Gb Total Space | 6.56 Gb Free Space | 65.62% Space Free | Partition Type: NTFS

Drive F: | 659.16 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: PCSBSSDT5

Current User Name: Big Si

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe ()

PRC - C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)

PRC - C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)

PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)

PRC - C:\Windows\Explorer.EXE (Microsoft Corporation)

PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

PRC - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)

PRC - C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Windows\System32\hkcmd.exe (Intel Corporation)

PRC - C:\Windows\System32\igfxpers.exe (Intel Corporation)

PRC - C:\Windows\System32\igfxsrvc.exe (Intel Corporation)

PRC - C:\Program Files\COMODO\COMODO Internet Security\cfp.exe ()

PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

PRC - C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)

PRC - C:\Users\Big Si\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)

PRC - C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)

PRC - C:\Windows\System32\wbem\unsecapp.exe (Microsoft Corporation)

PRC - C:\Windows\System32\wbem\wmiprvse.exe (Microsoft Corporation)

PRC - C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

PRC - C:\Windows\System32\mobsync.exe (Microsoft Corporation)

PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Users\Big Si\Downloads\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (avg8wd [Auto | Running]) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

SRV - (cmdAgent [Auto | Running]) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe ()

SRV - (Eventlog [Auto | Running]) -- C:\Windows\System32\wevtsvc.dll (Microsoft Corporation)

SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)

SRV - (GoogleDesktopManager [On_Demand | Stopped]) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)

SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)

SRV - (idsvc [unknown | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)

SRV - (KService [Auto | Stopped]) -- C:\Program Files\Kontiki\KService.exe (Kontiki Inc.)

SRV - (Microsoft Office Groove Audit Service [On_Demand | Stopped]) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)

SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)

SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)

SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)

SRV - (RoxMediaDB9 [On_Demand | Stopped]) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe (Sonic Solutions)

SRV - (RoxWatch9 [Auto | Stopped]) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe (Sonic Solutions)

SRV - (SBSDWSCService [Auto | Running]) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)

SRV - (sdAuxService [Auto | Running]) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)

SRV - (sdCoreService [Auto | Running]) -- C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)

SRV - (stllssvr [On_Demand | Stopped]) -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (MicroVision Development, Inc.)

SRV - (usnjsvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation)

SRV - (WinDefend [Auto | Running]) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)

SRV - (WLSetupSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)

SRV - (WMPNetworkSvc [Auto | Running]) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (adp94xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)

DRV - (adpahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)

DRV - (adpu160m [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)

DRV - (adpu320 [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)

DRV - (aic78xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)

DRV - (aliide [Disabled | Stopped]) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)

DRV - (arc [Disabled | Stopped]) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)

DRV - (arcsas [Disabled | Stopped]) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)

DRV - (AvgLdx86 [system | Running]) -- C:\Windows\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (AvgMfx86 [system | Running]) -- C:\Windows\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (BrFiltLo [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)

DRV - (BrFiltUp [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)

DRV - (Brserid [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)

DRV - (BrSerWdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)

DRV - (BrUsbMdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)

DRV - (BrUsbSer [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)

DRV - (cmdGuard [system | Running]) -- C:\Windows\System32\DRIVERS\cmdguard.sys (COMODO)

DRV - (cmdHlp [system | Running]) -- C:\Windows\System32\DRIVERS\cmdhlp.sys (COMODO)

DRV - (cmdide [Disabled | Stopped]) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)

DRV - (e1express [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\e1e6032.sys (Intel Corporation)

DRV - (E1G60 [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\E1G60I32.sys (Intel Corporation)

DRV - (elxstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)

DRV - (HpCISSs [Disabled | Stopped]) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)

DRV - (iaStor [Disabled | Stopped]) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation)

DRV - (iaStorV [Disabled | Stopped]) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)

DRV - (igfx [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\igdkmd32.sys (Intel Corporation)

DRV - (iirsp [Disabled | Stopped]) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)

DRV - (IKFileSec [boot | Running]) -- C:\Windows\system32\drivers\ikfilesec.sys (PCTools Research Pty Ltd.)

DRV - (IKSysFlt [On_Demand | Stopped]) -- C:\Windows\System32\drivers\iksysflt.sys (PCTools Research Pty Ltd.)

DRV - (IKSysSec [On_Demand | Stopped]) -- C:\Windows\System32\drivers\iksyssec.sys (PCTools Research Pty Ltd.)

DRV - (Inspect [system | Running]) -- C:\Windows\System32\DRIVERS\inspect.sys (COMODO)

DRV - (IntcAzAudAddService [On_Demand | Running]) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)

DRV - (iteatapi [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)

DRV - (iteraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)

DRV - (LSI_FC [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)

DRV - (LSI_SAS [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)

DRV - (LSI_SCSI [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)

DRV - (megasas [Disabled | Stopped]) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)

DRV - (Mraid35x [Disabled | Stopped]) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)

DRV - (netr73 [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\netr73.sys (Ralink Technology, Corp.)

DRV - (nfrd960 [Disabled | Stopped]) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)

DRV - (ntrigdigi [Disabled | Stopped]) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)

DRV - (nvraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)

DRV - (nvstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)

DRV - (PxHelp20 [boot | Running]) -- C:\Windows\System32\Drivers\PxHelp20.sys (Sonic Solutions)

DRV - (ql2300 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)

DRV - (ql40xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)

DRV - (R300 [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\atikmdag.sys (ATI Technologies Inc.)

DRV - (RapportKELL [system | Running]) -- C:\Program Files\Trusteer\Rapport\bin\RapportKELL.sys (Trusteer Ltd.)

DRV - (RapportPG [system | Running]) -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (Trusteer Ltd.)

DRV - (SASDIFSV [system | Running]) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (SASENUM [On_Demand | Stopped]) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (SASKUTIL [system | Running]) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (secdrv [Auto | Running]) -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)

DRV - (SiSRaid2 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)

DRV - (SiSRaid4 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)

DRV - (Symc8xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)

DRV - (Sym_hi [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)

DRV - (Sym_u3 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)

DRV - (uliahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)

DRV - (UlSata [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)

DRV - (ulsata2 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)

DRV - (usbbus [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\lgusbbus.sys (LG Electronics Inc.)

DRV - (UsbDiag [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\lgusbdiag.sys (LG Electronics Inc.)

DRV - (USBModem [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\lgusbmodem.sys (LG Electronics Inc.)

DRV - (viaide [Disabled | Stopped]) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)

DRV - (vsdatant [On_Demand | Stopped]) -- C:\Windows\System32\drivers\vsdatant.sys (Check Point Software Technologies LTD)

DRV - (vsmraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.kent.ac.uk/student/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.1

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/06/17 08:21:41 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/24 03:30:07 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/07/19 11:14:09 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/07/24 00:24:05 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.6\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009/03/01 14:48:39 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.6\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2009/07/24 00:24:05 | 00,000,000 | ---D | M]

[2008/11/04 01:00:28 | 00,000,000 | ---D | M] -- C:\Users\Big Si\AppData\Roaming\mozilla\Extensions

[2008/11/04 01:00:28 | 00,000,000 | ---D | M] -- C:\Users\Big Si\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2009/07/24 08:01:49 | 00,000,000 | ---D | M] -- C:\Users\Big Si\AppData\Roaming\mozilla\Firefox\Profiles\4p5b4vyi.default\extensions

[2009/07/08 07:45:33 | 00,000,000 | ---D | M] -- C:\Users\Big Si\AppData\Roaming\mozilla\Firefox\Profiles\4p5b4vyi.default\extensions\{1a0c9ebe-ddf9-4b76-b8a3-675c77874d37}

[2009/06/30 22:50:26 | 00,000,000 | ---D | M] -- C:\Users\Big Si\AppData\Roaming\mozilla\Firefox\Profiles\4p5b4vyi.default\extensions\{1ABADB6E-DC4B-11DA-9F70-791A9CD9513E}

[2008/07/30 02:58:15 | 00,000,000 | ---D | M] -- C:\Users\Big Si\AppData\Roaming\mozilla\Firefox\Profiles\4p5b4vyi.default\extensions\{4AB21F99-91C5-4a9d-813E-425841874FB1}

[2008/07/30 02:54:38 | 00,000,000 | ---D | M] -- C:\Users\Big Si\AppData\Roaming\mozilla\Firefox\Profiles\4p5b4vyi.default\extensions\{526fd696-27a0-11dc-8314-0800200c9a66}

[2008/11/04 01:10:33 | 00,000,000 | ---D | M] -- C:\Users\Big Si\AppData\Roaming\mozilla\Firefox\Profiles\4p5b4vyi.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}

[2008/05/14 23:49:04 | 00,000,000 | ---D | M] -- C:\Users\Big Si\AppData\Roaming\mozilla\Firefox\Profiles\4p5b4vyi.default\extensions\{c36177c0-224a-11da-8cd6-0800200c9a66}

[2009/07/02 08:01:18 | 00,000,000 | ---D | M] -- C:\Users\Big Si\AppData\Roaming\mozilla\Firefox\Profiles\4p5b4vyi.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}

[2009/06/30 22:51:58 | 00,000,000 | ---D | M] -- C:\Users\Big Si\AppData\Roaming\mozilla\Firefox\Profiles\4p5b4vyi.default\extensions\[email protected]

[2009/06/03 15:49:45 | 00,000,000 | ---D | M] -- C:\Users\Big Si\AppData\Roaming\mozilla\Firefox\Profiles\4p5b4vyi.default\extensions\firefox@facebook(27).com

[2009/07/02 08:01:19 | 00,000,000 | ---D | M] -- C:\Users\Big Si\AppData\Roaming\mozilla\Firefox\Profiles\4p5b4vyi.default\extensions\[email protected]

[2009/07/08 07:45:18 | 00,000,000 | ---D | M] -- C:\Users\Big Si\AppData\Roaming\mozilla\Firefox\Profiles\4p5b4vyi.default\extensions\[email protected]

[2009/07/08 07:45:18 | 00,000,000 | ---D | M] -- C:\Users\Big Si\AppData\Roaming\mozilla\Firefox\Profiles\4p5b4vyi.default\extensions\[email protected]

[2009/03/11 19:34:35 | 00,000,000 | ---D | M] -- C:\Users\Big Si\AppData\Roaming\mozilla\Firefox\Profiles\4p5b4vyi.default\extensions\[email protected]

[2009/06/30 23:04:43 | 00,000,000 | ---D | M] -- C:\Users\Big Si\AppData\Roaming\mozilla\Firefox\Profiles\4p5b4vyi.default\extensions\[email protected]

[2009/06/25 22:14:08 | 00,007,976 | ---- | M] () -- C:\Users\Big Si\AppData\Roaming\Mozilla\FireFox\Profiles\4p5b4vyi.default\searchplugins\oneriot-social-web-search.xml

[2009/07/24 08:01:50 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions

[2009/07/19 11:14:09 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2008/12/16 20:28:19 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

[2009/03/28 00:52:25 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

[2009/07/19 11:13:51 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll

[2009/07/19 11:13:51 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll

[2007/04/10 18:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll

[2008/02/27 17:57:38 | 00,106,496 | ---- | M] (British Broadcasting Corporation) -- C:\Program Files\mozilla firefox\plugins\npBBCPlugin.dll

[2009/03/09 06:19:09 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll

[2007/09/28 18:53:46 | 00,717,312 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll

[2007/09/28 18:54:22 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll

[2009/07/19 11:13:56 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll

[2006/10/26 21:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL

[2007/05/10 22:52:34 | 00,095,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll

[2008/01/14 15:43:30 | 00,144,720 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll

[2009/03/01 14:48:37 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll

[2009/03/01 14:48:37 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll

[2009/03/01 14:48:37 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll

[2009/03/01 14:48:37 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll

[2009/03/01 14:48:37 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll

[2009/03/01 14:48:37 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll

[2009/03/01 14:48:37 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll

[2008/01/14 15:44:04 | 00,024,576 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprjplug.dll

[2008/01/14 15:42:59 | 00,081,920 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll

[2009/06/24 13:14:16 | 00,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml

[2009/06/24 13:14:16 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml

[2009/06/24 13:14:16 | 00,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml

[2009/06/24 13:14:16 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml

[2009/06/24 13:14:16 | 00,000,769 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml

[2009/06/24 13:14:16 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml

[2009/06/24 13:14:16 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml

[2009/06/24 13:14:16 | 00,000,831 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: (318388 bytes) - C:\Windows\System32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O1 - Hosts: 127.0.0.1 www.007guard.com

O1 - Hosts: 127.0.0.1 007guard.com

O1 - Hosts: 127.0.0.1 008i.com

O1 - Hosts: 127.0.0.1 www.008k.com

O1 - Hosts: 127.0.0.1 008k.com

O1 - Hosts: 127.0.0.1 www.00hq.com

O1 - Hosts: 127.0.0.1 00hq.com

O1 - Hosts: 127.0.0.1 010402.com

O1 - Hosts: 127.0.0.1 www.032439.com

O1 - Hosts: 127.0.0.1 032439.com

O1 - Hosts: 127.0.0.1 www.100888290cs.com

O1 - Hosts: 127.0.0.1 100888290cs.com

O1 - Hosts: 127.0.0.1 www.100sexlinks.com

O1 - Hosts: 127.0.0.1 100sexlinks.com

O1 - Hosts: 127.0.0.1 www.10sek.com

O1 - Hosts: 127.0.0.1 10sek.com

O1 - Hosts: 127.0.0.1 www.123topsearch.com

O1 - Hosts: 127.0.0.1 123topsearch.com

O1 - Hosts: 127.0.0.1 www.132.com

O1 - Hosts: 127.0.0.1 132.com

O1 - Hosts: 127.0.0.1 www.136136.net

O1 - Hosts: 127.0.0.1 136136.net

O1 - Hosts: 127.0.0.1 www.163ns.com

O1 - Hosts: 10922 more lines...

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.

O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll (Google Inc.)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O3 - HKLM\..\Toolbar: (Veoh Browser Plug-in) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (Veoh Networks Inc)

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe ()

O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )

O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)

O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)

O4 - HKLM..\Run: [igfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)

O4 - HKLM..\Run: [iSTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)

O4 - HKLM..\Run: [iSUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)

O4 - HKLM..\Run: [pdfFactory Pro Dispatcher v3] C:\Windows\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe (FinePrint Software, LLC)

O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)

O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

O4 - HKCU..\Run: [] File not found

O4 - HKCU..\Run: [Google Update] C:\Users\Big Si\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)

O4 - HKCU..\Run: [MsnMsgr] C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe (Microsoft Corporation)

O4 - HKCU..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)

O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskmgr = 0

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O13 - gopher Prefix: missing

O15 - HKLM\..Trusted Domains: 56 domain(s) and sub-domain(s) not assigned to a zone.

O15 - HKCU\..Trusted Domains: kent.ac.uk ([webct] https in Trusted sites)

O15 - HKCU\..Trusted Domains: 65 domain(s) and sub-domain(s) not assigned to a zone.

O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (MessengerStatsClient Class)

O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0)

O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)

O18 - Protocol\Filter: - application/x-internet-signup - C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll ()

O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)

O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)

O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 22:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2004/05/06 04:02:21 | 00,000,145 | R--- | M] () - F:\autorun.inf -- [ CDFS ]

O33 - MountPoints2\{2df57193-99f6-11dc-b156-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{2df57193-99f6-11dc-b156-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Setup\rsrc\Autorun.exe -- [2000/01/17 17:28:36 | 00,028,672 | R--- | M] (Dipl.-Ing. Stefan Krueger <[email protected]>)

O33 - MountPoints2\{2df57193-99f6-11dc-b156-806e6f6e6963}\Shell\dinstall\command - "" = F:\Directx\dxsetup.exe -- [2004/07/09 12:08:36 | 00,472,576 | R--- | M] (Microsoft Corporation)

O34 - HKLM BootExecute: (autocheck) - File not found

O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)

O34 - HKLM BootExecute: (*) - File not found

O34 - HKLM BootExecute: (lsdelete) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/07/25 00:31:41 | 00,000,014 | ---- | C] () -- C:\Users\Big Si\Desktop\settings.dat

[2009/07/25 00:25:11 | 00,000,000 | ---D | C] -- C:\Rooter$

[2009/07/24 21:46:07 | 00,001,709 | ---- | C] () -- C:\Users\Public\Desktop\Vampire - The Masquerade Bloodlines.lnk

[2009/07/24 21:45:59 | 00,000,292 | ---- | C] () -- C:\Windows\vtmb.ini

[2009/07/24 03:19:58 | 00,097,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll

[2009/07/24 03:19:57 | 00,105,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll

[2009/07/24 03:19:56 | 00,622,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe

[2009/07/24 03:19:56 | 00,043,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll

[2009/07/24 03:19:56 | 00,037,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl

[2009/07/24 03:19:56 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll

[2009/07/24 03:19:51 | 00,781,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll

[2009/07/24 03:19:47 | 00,326,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe

[2009/07/24 03:03:50 | 00,096,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dfshim.dll

[2009/07/24 03:03:44 | 00,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscoree.dll

[2009/07/24 03:03:42 | 00,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll

[2009/07/24 03:03:12 | 00,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll

[2009/07/24 03:02:59 | 00,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll

[2009/07/22 21:09:01 | 00,004,487 | ---- | C] () -- C:\Users\Big Si\Desktop\cobb.jpg

[2009/07/16 19:23:32 | 00,294,912 | ---- | C] () -- C:\Users\Big Si\Documents\Database1.accdb

[2009/07/15 00:35:50 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll

[2009/07/15 00:35:49 | 00,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll

[2009/07/15 00:35:49 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll

[2009/07/15 00:35:46 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dciman32.dll

[2009/07/14 00:21:56 | 00,015,707 | ---- | C] () -- C:\Users\Big Si\Documents\I have vast experience in delivering an excellent standard of customer service.docx

[2009/07/12 22:38:38 | 00,033,280 | ---- | C] () -- C:\Users\Big Si\Documents\surgery casework.doc

[2009/07/12 21:39:46 | 00,469,504 | ---- | C] ( ) -- C:\Users\Big Si\Desktop\RootRepeal.exe

[2009/07/08 01:43:16 | 00,010,614 | ---- | C] () -- C:\Users\Big Si\Documents\right here we go.docx

[2009/07/01 04:13:55 | 00,000,858 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-505280420-2691023175-4179455115-1000Core.job

[2009/06/30 22:57:40 | 00,001,475 | ---- | C] () -- C:\Users\Big Si\Desktop\Launch Cooliris.lnk

[2009/06/30 22:57:37 | 00,000,000 | ---D | C] -- C:\Users\Big Si\AppData\Local\Cooliris

[2009/06/28 21:29:06 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Office Outlook Connector

[2009/03/08 22:03:33 | 00,748,160 | ---- | C] () -- C:\Windows\System32\Co2c40en.dll

[2009/03/08 22:03:33 | 00,054,272 | ---- | C] () -- C:\Windows\System32\P2irdao.dll

[2009/03/08 22:03:33 | 00,050,176 | ---- | C] () -- C:\Windows\System32\P2ctdao.dll

[2009/03/08 22:03:33 | 00,018,944 | ---- | C] ( ) -- C:\Windows\System32\Implode.dll

[2009/02/23 23:32:36 | 00,155,384 | ---- | C] () -- C:\Windows\System32\guard32.dll

[2008/04/25 06:11:04 | 00,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll

[2008/04/25 06:11:04 | 00,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest

[2008/04/22 19:47:19 | 00,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini

[2008/02/11 19:55:18 | 00,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll

[2008/01/02 17:57:36 | 00,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll

[2008/01/02 17:47:22 | 01,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll

[2008/01/02 17:47:22 | 01,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll

[2007/11/24 03:57:17 | 01,238,832 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll

[2007/11/24 03:57:17 | 00,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1322.dll

[2007/11/24 03:57:17 | 00,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll

[2007/10/18 10:12:20 | 00,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1350.dll

[2007/10/04 19:33:10 | 00,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest

[2007/10/04 19:33:10 | 00,000,416 | ---- | C] () -- C:\Windows\System32\dpl100.dll.manifest

[2007/09/28 18:56:22 | 03,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll

[2007/09/28 18:53:06 | 00,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll

[2006/11/07 20:25:58 | 00,000,000 | ---- | C] () -- C:\Windows\System32\px.ini

[2006/11/02 11:25:44 | 00,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll

[2006/11/02 11:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\win.ini

[2006/11/02 11:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini

[2006/11/02 08:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006/09/17 00:36:50 | 00,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll

[2006/09/17 00:36:50 | 00,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll

[2005/09/23 13:52:14 | 00,207,872 | ---- | C] () -- C:\Windows\System32\OneWay.dll

[2002/06/02 16:05:40 | 00,038,912 | ---- | C] () -- C:\Windows\System32\1Way.dll

========== Files - Modified Within 30 Days ==========

[2009/07/25 00:33:16 | 00,000,014 | ---- | M] () -- C:\Users\Big Si\Desktop\settings.dat

[2009/07/25 00:30:30 | 00,469,504 | ---- | M] ( ) -- C:\Users\Big Si\Desktop\RootRepeal.exe

[2009/07/25 00:07:09 | 00,000,394 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{E2CE5761-1AA0-474D-B0F4-3BA691DE2C0E}.job

[2009/07/24 23:52:59 | 00,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2009/07/24 23:52:59 | 00,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2009/07/24 23:52:59 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2009/07/24 23:52:50 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2009/07/24 23:52:48 | 10,623,91808 | -HS- | M] () -- C:\hiberfil.sys

[2009/07/24 23:44:29 | 00,000,858 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-505280420-2691023175-4179455115-1000.job

[2009/07/24 21:46:07 | 00,001,709 | ---- | M] () -- C:\Users\Public\Desktop\Vampire - The Masquerade Bloodlines.lnk

[2009/07/24 21:45:59 | 00,000,292 | ---- | M] () -- C:\Windows\vtmb.ini

[2009/07/24 13:54:14 | 02,667,969 | -H-- | M] () -- C:\Users\Big Si\AppData\Local\IconCache.db

[2009/07/24 07:55:21 | 00,118,712 | ---- | M] () -- C:\Users\Big Si\AppData\Local\GDIPFONTCACHEV1.DAT

[2009/07/24 03:55:05 | 00,424,488 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2009/07/24 03:34:31 | 00,000,219 | ---- | M] () -- C:\Windows\win.ini

[2009/07/23 22:23:30 | 39,197,810 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm

[2009/07/23 22:23:30 | 00,040,937 | ---- | M] () -- C:\Windows\System32\drivers\Avg\microavi.avg

[2009/07/23 19:28:29 | 00,001,672 | ---- | M] () -- C:\Users\Big Si\Desktop\CCleaner.lnk

[2009/07/22 21:30:11 | 00,000,547 | ---- | M] () -- C:\Users\Big Si\Documents\My Sharing Folders.lnk

[2009/07/22 21:09:59 | 00,004,487 | ---- | M] () -- C:\Users\Big Si\Desktop\cobb.jpg

[2009/07/22 18:00:01 | 00,000,410 | ---- | M] () -- C:\Windows\tasks\Norton Security Scan for Big Si.job

[2009/07/19 23:08:28 | 00,318,388 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts

[2009/07/19 08:49:53 | 00,335,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys

[2009/07/17 01:16:49 | 00,002,090 | ---- | M] () -- C:\Users\Big Si\Desktop\Google Chrome.lnk

[2009/07/16 19:26:03 | 00,294,912 | ---- | M] () -- C:\Users\Big Si\Documents\Database1.accdb

[2009/07/16 00:36:20 | 00,033,280 | ---- | M] () -- C:\Users\Big Si\Documents\surgery casework.doc

[2009/07/14 00:22:53 | 00,015,707 | ---- | M] () -- C:\Users\Big Si\Documents\I have vast experience in delivering an excellent standard of customer service.docx

[2009/07/13 13:36:34 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2009/07/13 13:36:12 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2009/07/08 01:43:25 | 00,010,614 | ---- | M] () -- C:\Users\Big Si\Documents\right here we go.docx

[2009/07/07 16:10:56 | 24,539,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mrt.exe

[2009/07/06 19:44:39 | 00,317,482 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20090719-230827.backup

[2009/07/01 04:13:55 | 00,000,858 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-505280420-2691023175-4179455115-1000Core.job

[2009/06/30 22:57:40 | 00,001,475 | ---- | M] () -- C:\Users\Big Si\Desktop\Launch Cooliris.lnk

[2009/06/30 22:46:32 | 00,001,726 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2009/06/30 08:19:23 | 00,463,779 | ---- | M] () -- C:\Windows\System32\drivers\Avg\miniavi.avg

========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\Big Si\Desktop\Mark Thomas - MTCP - s01e03 - Mark Stands As An MP.avi:TOC.WMV

@Alternate Data Stream - 64 bytes -> C:\Users\Big Si\Desktop\ftp-bccathouse.avi:TOC.WMV

@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:DFC5A2B2

@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:C31F31E6

@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:1CA73D29

< End of report >

right , i think that everything i was asked?

so any issues?

[Rorschach112]

hi

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  

  :OTL
  PRC - C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
  PRC - C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
  PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
  PRC - C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
  O33 - MountPoints2\{2df57193-99f6-11dc-b156-806e6f6e6963}\Shell - "" = AutoRun
  O33 - MountPoints2\{2df57193-99f6-11dc-b156-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Setup\rsrc\Autorun.exe -- [2000/01/17 17:28:36 | 00,028,672 | R--- | M] (Dipl.-Ing. Stefan Krueger <[email protected]>)
  O33 - MountPoints2\{2df57193-99f6-11dc-b156-806e6f6e6963}\Shell\dinstall\command - "" = F:\Directx\dxsetup.exe -- [2004/07/09 12:08:36 | 00,472,576 | R--- | M] (Microsoft Corporation)
  
  :Services
  
  :Reg
  
  :Files
  
  :Commands
  [purity]
  [emptytemp]
  [Reboot]

  
  

• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot the PC when it is done
  

Download Security Check from here or here.

• Save it to your Desktop.
  
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  

[JoshLyman]

hi

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  

  :OTL
  PRC - C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
  PRC - C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
  PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
  PRC - C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
  O33 - MountPoints2\{2df57193-99f6-11dc-b156-806e6f6e6963}\Shell - "" = AutoRun
  O33 - MountPoints2\{2df57193-99f6-11dc-b156-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Setup\rsrc\Autorun.exe -- [2000/01/17 17:28:36 | 00,028,672 | R--- | M] (Dipl.-Ing. Stefan Krueger <[email protected]>)
  O33 - MountPoints2\{2df57193-99f6-11dc-b156-806e6f6e6963}\Shell\dinstall\command - "" = F:\Directx\dxsetup.exe -- [2004/07/09 12:08:36 | 00,472,576 | R--- | M] (Microsoft Corporation)
  
  :Services
  
  :Reg
  
  :Files
  
  :Commands
  [purity]
  [emptytemp]
  [Reboot]

  
  

• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot the PC when it is done
  

Download Security Check from here or here.

• Save it to your Desktop.
  
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  

after the fix it wont let me run security check as it is not a valid win32 program

same thing when i tried to re-install my comodo firewall

[Rorschach112]

I think your problem is down to too many security programs running

I would remove Comodo, Spyware Doctor, and Spybot

See how it runs after that

[JoshLyman]

disabled everything, just tried to run it again

still wont work along with various install programs i downloaded like avg 8.5

also avg 8 wont display its console (test centre and whatnot)

[Rorschach112]

did you disable or uninstall them ?

your issue isn't malware related thats for sure

[Rorschach112]

Inactive topic...

If you still need help on this problem, contact me or one of the Moderators to re-open this up.

Topic closed.