Cincheetah Posted September 30, 2010 Report Share Posted September 30, 2010 Hi -My issue started with Windows Antivirus 2010 installing itself. I removed the program. The other thing I noticed is whenver I use a search engineI'm getting redirected on anything I click on - I do get pop up windows out of nowhere and it won't let me post to your site- lastly, windows update can't connect. User mode, start windows normally, user Cin.For purposes of malware scanning - these logs were created in safe mode with networking/admin.Malwarebytes' Anti-Malware 1.46www.malwarebytes.orgDatabase version: 4717Windows 5.1.2600 Service Pack 3 (Safe Mode)Internet Explorer 7.0.5730.139/29/2010 6:23:14 PMmbam-log-2010-09-29 (18-23-14).txtScan type: Quick scanObjects scanned: 171280Time elapsed: 11 minute(s), 15 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected)################################Rooter.exe (v1.0.2) by Eric_71.SeDebugPrivilege granted successfully ....Windows XP . (5.1.2600) Service Pack 3[32_bits] - x86 Family 15 Model 4 Stepping 3, GenuineIntel.[wscsvc] STOPPED (state:1) : Security Center -> Disabled ![sharedAccess] RUNNING (state:4)Windows Firewall -> Enabled.Internet Explorer 7.0.5730.13.A:\ [Removable]C:\ [Fixed-NTFS] .. ( Total:228 Go - Free:113 Go )D:\ [CD_Rom]E:\ [CD_Rom]F:\ [Removable].Scan : 19:36.02Path : C:\Documents and Settings\Administrator\Desktop\Rooter.exeUser : Administrator ( Administrator -> YES ).----------------------\\ Processes.Locked [system Process] (0)______ System (4)______ \SystemRoot\System32\smss.exe (952)______ \??\C:\WINDOWS\system32\csrss.exe (1000)______ \??\C:\WINDOWS\system32\winlogon.exe (1024)______ C:\WINDOWS\system32\services.exe (1072)______ C:\WINDOWS\system32\lsass.exe (1084)______ C:\WINDOWS\system32\svchost.exe (1256)______ C:\WINDOWS\system32\svchost.exe (1328)______ C:\WINDOWS\system32\svchost.exe (1552)______ C:\WINDOWS\system32\svchost.exe (1624)______ C:\WINDOWS\Explorer.EXE (544)______ C:\WINDOWS\system32\ctfmon.exe (984)______ C:\Program Files\Internet Explorer\iexplore.exe (664)______ C:\Program Files\Internet Explorer\iexplore.exe (1660)______ C:\Documents and Settings\Administrator\Desktop\Rooter.exe (820).----------------------\\ Device\Harddisk0\.\Device\Harddisk0 [sectors : 63 x 512 Bytes].\Device\Harddisk0\Partition1 (Start_Offset:32256 | Length:57544704)\Device\Harddisk0\Partition2 --[ MBR ]-- (Start_Offset:57576960 | Length:244948838400)\Device\Harddisk0\Partition3 (Start_Offset:245006415360 | Length:4984519680).----------------------\\ Scheduled Tasks.C:\WINDOWS\Tasks\AppleSoftwareUpdate.jobC:\WINDOWS\Tasks\desktop.iniC:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-3178570343-2686982665-4255511254-1006.jobC:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-3178570343-2686982665-4255511254-1006.jobC:\WINDOWS\Tasks\SA.DATC:\WINDOWS\Tasks\User_Feed_Synchronization-{9126A126-9FBD-4754-B7F4-B9FC53C8E989}.job.----------------------\\ Registry..----------------------\\ Files & Folders.----------------------\\ Scan completed at 19:36.03.C:\Rooter$\Rooter_1.txt - (29/09/2010 | 19:36.03)###############################################################LockSearch by jpshortstuff (05.11.09.1)Log created at 19:37 on 29/09/2010 (Administrator)Scanning C:\C:\pagefile.sys--------------------------=E.O.F=-##############################################CKScanner - Additional Security Risks - These are not necessarily badc:\documents and settings\cin\my documents\cincheetah.com\crackmfc.htmlc:\documents and settings\cin\my documents\cincheetah.com\crackmfc.ramc:\documents and settings\cin\my documents\cincheetah.com\web\crackmfc.rmc:\documents and settings\cin\my documents\cincheetah.com\web1\crackmfc.rmc:\documents and settings\cin\my documents\line 6\tones\guitarport\preset\bass\graham cracker bass.gptc:\documents and settings\cin\my documents\my music\itunes\itunes music\melissa ferrick\valentine heartache\04 crack the mirror 1.m4ac:\documents and settings\cin\my documents\my music\itunes\itunes music\melissa ferrick\valentine heartache\04 crack the mirror.m4ac:\program files\jasc software inc\paint shop pro studio\bump maps\cracked desert.pspimagec:\program files\jasc software inc\paint shop pro studio\patterns\cracked paint.pspimagec:\program files\line6\guitarport\data\factory\preset\bass\graham cracker bass.gptscanner sequence 3.CG.11 ----- EOF ----- ##########################################################################Windows Validation CheckVersion: 1.8.8.3Log Created On: 1943_29-09-2010-----------------------Windows Information-----------------------Windows Version: Windows XP Service Pack 3 Windows Mode: Safe Mode with NetworkingWVCheck's Auto Update Check-----------------------Auto-Update Option: Download updates and install them automatically.-----------------------Last success time for Automatic Updates for 'Detect', 'Download' and 'Install' could not be found.WVCheck's Registry Check Check-----------------------Antiwpa: Not Found-----------------------Chew7Hale: Not Found-----------------------WVCheck's File Dump-----------------------WVCheck found no known bad files.WVCheck's Dir Dump-----------------------C:\Documents and Settings\All Users\Application Data\Windows Genuine AdvantageSize: 0 bytesMatched: *Genuine?Advantage*-----------------------C:\Old Data\Documents and Settings\All Users\Application Data\Microsoft\Windows Genuine AdvantageSize: 0 bytesMatched: *Genuine?Advantage*-----------------------WVCheck's Missing File Check-----------------------WVCheck found no missing Windows files.WVCheck's MBAM Quarantine Check-----------------------There were no bad files quarantined by MBAM.WVCheck's HOSTS File Check-----------------------WVCheck found no bad lines in the hosts file.WVCheck's MD5 CheckEXPERIMENTAL!!-----------------------user32.dll - b26b135ff1b9f60c9388b4a7d16f600b-------- End of File, program close at 1946_29-09-2010 --------######################################################GMER 1.0.15.15281 - http://www.gmer.netRootkit scan 2010-09-30 05:41:54Windows 5.1.2600 Service Pack 3Running: gmer.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\fwloqkob.sys---- User code sections - GMER 1.0.15 ----.text C:\WINDOWS\Explorer.EXE[544] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00D3000A .text C:\WINDOWS\Explorer.EXE[544] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00D4000A .text C:\WINDOWS\Explorer.EXE[544] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00D2000C .text C:\WINDOWS\system32\svchost.exe[1552] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00FF000A .text C:\WINDOWS\system32\svchost.exe[1552] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0111000A .text C:\WINDOWS\system32\svchost.exe[1552] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00FE000C .text C:\WINDOWS\system32\svchost.exe[1552] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 00D3000A .text C:\WINDOWS\system32\svchost.exe[1552] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 0112000A ---- Registry - GMER 1.0.15 ----Reg HKLM\SOFTWARE\Classes\CLSID\{0588C38B-B085-80CE-5708-161854F73ED1}\InprocServer32@ C:\Program Files\Windows Media Components\Encoder\wmex.dllReg HKLM\SOFTWARE\Classes\CLSID\{0588C38B-B085-80CE-5708-161854F73ED1}\InprocServer32@ThreadingModel ApartmentReg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\InprocServer32@ C:\WINDOWS\system32\sysmon.ocxReg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\InprocServer32@ThreadingModel ApartmentReg HKLM\SOFTWARE\Classes\CLSID\{77F8D6E9-F0A7-8D50-B905-CAC75B2E221B}\Implemented Categories\{0DE86A54-2BAA-11CF-A229-00AA003D7352} Reg HKLM\SOFTWARE\Classes\CLSID\{77F8D6E9-F0A7-8D50-B905-CAC75B2E221B}\Implemented Categories\{0DE86A57-2BAA-11CF-A229-00AA003D7352} Reg HKLM\SOFTWARE\Classes\CLSID\{77F8D6E9-F0A7-8D50-B905-CAC75B2E221B}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4} Reg HKLM\SOFTWARE\Classes\CLSID\{77F8D6E9-F0A7-8D50-B905-CAC75B2E221B}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4} Reg HKLM\SOFTWARE\Classes\CLSID\{77F8D6E9-F0A7-8D50-B905-CAC75B2E221B}\InprocServer32@ C:\WINDOWS\system32\msvidctl.dllReg HKLM\SOFTWARE\Classes\CLSID\{77F8D6E9-F0A7-8D50-B905-CAC75B2E221B}\InprocServer32@ThreadingModel BothReg HKLM\SOFTWARE\Classes\CLSID\{77F8D6E9-F0A7-8D50-B905-CAC75B2E221B}\ProgID@ BDATuner.ChannelTuneRequest.1Reg HKLM\SOFTWARE\Classes\CLSID\{77F8D6E9-F0A7-8D50-B905-CAC75B2E221B}\TypeLib@ {9B085638-018E-11D3-9D8E-00C04F72D980}Reg HKLM\SOFTWARE\Classes\CLSID\{77F8D6E9-F0A7-8D50-B905-CAC75B2E221B}\VersionIndependentProgID@ BDATuner.ChannelTuneRequest---- EOF - GMER 1.0.15 ----############################################################OTL logfile created on: 9/30/2010 5:59:14 AM - Run 1OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\Administrator\DesktopWindows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 7.0.5730.13)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 91.00% Memory free7.00 Gb Paging File | 7.00 Gb Available in Paging File | 98.00% Paging File freePaging file location(s): C:\pagefile.sys 5373 7373 [binary data]%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 228.13 Gb Total Space | 113.08 Gb Free Space | 49.57% Space Free | Partition Type: NTFSD: Drive not present or media not loadedE: Drive not present or media not loadedF: Drive not present or media not loadedG: Drive not present or media not loadedH: Drive not present or media not loadedI: Drive not present or media not loadedComputer Name: CINCHEETAHCurrent User Name: AdministratorLogged in as Administrator.Current Boot Mode: SafeMode with NetworkingScan Mode: Current userCompany Name Whitelist: OffSkip Microsoft Files: OffFile Age = 30 DaysOutput = Minimal========== Processes (SafeList) ==========PRC - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)========== Modules (SafeList) ==========MOD - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)========== Win32 Services (SafeList) ==========SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)SRV - (ioloSystemService) -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe ()SRV - (ioloFileInfoList) -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe ()SRV - (IS360service) -- C:\Program Files\IObit\IObit Security 360\is360srv.exe (IObit)SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)SRV - (vseqrts) -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe (Authentium, Inc)SRV - (vsedsps) -- C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe (Authentium, Inc)SRV - (vseamps) -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe (Authentium, Inc)SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)SRV - (dlbu_device) -- C:\WINDOWS\System32\dlbucoms.exe ( )SRV - (CCALib8) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)SRV - (IAANTMon) Intel® -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (America Online, Inc.)========== Driver Services (SafeList) ==========DRV - (MRENDIS5) -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS File not foundDRV - (MREMPR5) -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS File not foundDRV - (DSproct) -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys File not foundDRV - (BVRPMPR5) -- D:\INSTAL~E\Core\BVRPMPR5.SYS File not foundDRV - (FileDisk) -- C:\WINDOWS\System32\drivers\filedisk.sys (iolo technologies, LLC (based on original work by Bo Brantén))DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))DRV - (AMP) -- C:\WINDOWS\system32\drivers\amp.sys (Authentium, Inc)DRV - (AMPSE) -- C:\WINDOWS\system32\drivers\ampse.sys (Authentium, Inc)DRV - (McPvDrv) -- C:\WINDOWS\System32\drivers\McPvDrv.sys (McAfee)DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)DRV - (CVPNDRVA) -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)DRV - (P17) -- C:\WINDOWS\system32\drivers\P17.sys (Creative Technology Ltd.)DRV - (DNE) -- C:\WINDOWS\system32\drivers\dne2000.sys (Deterministic Networks, Inc.)DRV - (CVirtA) -- C:\WINDOWS\system32\drivers\CVirtA.sys (Cisco Systems, Inc.)DRV - (dvd43llh) -- C:\WINDOWS\system32\drivers\dvd43llh.sys (RIF)DRV - (APLMp50) -- C:\WINDOWS\system32\drivers\APLMp50.sys (Printing Communications Assoc., Inc. (PCAUSA))DRV - (winusb) -- C:\WINDOWS\system32\drivers\winusb.sys (Microsoft Corporation)DRV - (GPWADrv) Service for L6 GuitarPort Driver (WDM) -- C:\WINDOWS\system32\drivers\GPWADrv.sys (Line 6)DRV - (iastor) -- C:\WINDOWS\system32\drivers\iastor.sys (Intel Corporation)DRV - (USBModem) -- C:\WINDOWS\system32\drivers\lgusbmodem.sys (LG Electronics Inc.)DRV - (tfsnudfa) -- C:\WINDOWS\system32\dla\tfsnudfa.sys (Sonic Solutions)DRV - (tfsnudf) -- C:\WINDOWS\system32\dla\tfsnudf.sys (Sonic Solutions)DRV - (tfsnifs) -- C:\WINDOWS\system32\dla\tfsnifs.sys (Sonic Solutions)DRV - (tfsncofs) -- C:\WINDOWS\system32\dla\tfsncofs.sys (Sonic Solutions)DRV - (tfsnboio) -- C:\WINDOWS\system32\dla\tfsnboio.sys (Sonic Solutions)DRV - (tfsnopio) -- C:\WINDOWS\system32\dla\tfsnopio.sys (Sonic Solutions)DRV - (tfsnpool) -- C:\WINDOWS\system32\dla\tfsnpool.sys (Sonic Solutions)DRV - (tfsndrct) -- C:\WINDOWS\system32\dla\tfsndrct.sys (Sonic Solutions)DRV - (tfsndres) -- C:\WINDOWS\system32\dla\tfsndres.sys (Sonic Solutions)DRV - (UsbDiag) -- C:\WINDOWS\system32\drivers\lgusbdiag.sys (LG Electronics Inc.)DRV - (usbbus) -- C:\WINDOWS\system32\drivers\lgusbbus.sys (LG Electronics Inc.)DRV - (sscdbhk5) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys (Sonic Solutions)DRV - (ssrtln) -- C:\WINDOWS\system32\drivers\ssrtln.sys (Sonic Solutions)DRV - (drvmcdb) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions)DRV - (drvnddm) -- C:\WINDOWS\system32\drivers\drvnddm.sys (Sonic Solutions)DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Zone Labs LLC)DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)DRV - (PfModNT) -- C:\WINDOWS\system32\drivers\Pfmodnt.sys (Creative Technology Ltd.)DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)DRV - (ADSEXPB) -- C:\WINDOWS\system32\drivers\adsexpb.sys (Cirrus Logic Inc.)DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\system32\drivers\wanatw4.sys (America Online, Inc.)DRV - (omci) -- C:\WINDOWS\system32\drivers\omci.sys (Dell Computer Corporation)DRV - (L6DP) -- C:\WINDOWS\system32\drivers\l6dp.sys (Line 6)DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)DRV - (MODEMCSA) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation)DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)DRV - (Aspi32) -- C:\WINDOWS\System32\drivers\aspi32.sys (Adaptec)========== Standard Registry (SafeList) ==================== Internet Explorer ==========IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ieIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywayIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.comIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! SearchIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/mywayIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/09/30 05:51:59 | 000,000,000 | ---D | M]FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/05/30 12:13:45 | 000,000,000 | ---D | M]FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/18 17:20:02 | 000,000,000 | ---D | M]FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/18 09:16:34 | 000,000,000 | ---D | M][2010/08/12 17:18:49 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions[2010/08/02 05:08:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll[2007/12/19 08:57:38 | 000,310,272 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll[2010/09/18 17:06:48 | 000,002,024 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\McSiteAdvisor.xmlO1 HOSTS File: ([2010/09/29 19:32:54 | 000,420,575 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hostsO1 - Hosts: 127.0.0.1 localhostO1 - Hosts: 127.0.0.1 www.007guard.comO1 - Hosts: 127.0.0.1 007guard.comO1 - Hosts: 127.0.0.1 008i.comO1 - Hosts: 127.0.0.1 www.008k.comO1 - Hosts: 127.0.0.1 008k.comO1 - Hosts: 127.0.0.1 www.00hq.comO1 - Hosts: 127.0.0.1 00hq.comO1 - Hosts: 127.0.0.1 010402.comO1 - Hosts: 127.0.0.1 www.032439.comO1 - Hosts: 127.0.0.1 032439.comO1 - Hosts: 127.0.0.1 www.0scan.comO1 - Hosts: 127.0.0.1 0scan.comO1 - Hosts: 127.0.0.1 1000gratisproben.comO1 - Hosts: 127.0.0.1 www.1000gratisproben.comO1 - Hosts: 127.0.0.1 1001namen.comO1 - Hosts: 127.0.0.1 www.1001namen.comO1 - Hosts: 127.0.0.1 100888290cs.comO1 - Hosts: 127.0.0.1 www.100888290cs.comO1 - Hosts: 127.0.0.1 www.100sexlinks.comO1 - Hosts: 127.0.0.1 100sexlinks.comO1 - Hosts: 127.0.0.1 10sek.comO1 - Hosts: 127.0.0.1 www.10sek.comO1 - Hosts: 127.0.0.1 www.1-2005-search.comO1 - Hosts: 127.0.0.1 1-2005-search.comO1 - Hosts: 14506 more lines...O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll (Yahoo! Inc.)O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - No CLSID value found.O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)O2 - BHO: (Freecorder 3 Toolbar) - {c5d332f5-f6c8-4845-bd6c-937838ba907f} - C:\Program Files\Freecorder_3\tbFre1.dll (Conduit Ltd.)O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\YTSingleInstance.dll (Yahoo! Inc)O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)O3 - HKLM\..\Toolbar: (Freecorder 3 Toolbar) - {c5d332f5-f6c8-4845-bd6c-937838ba907f} - C:\Program Files\Freecorder_3\tbFre1.dll (Conduit Ltd.)O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll (Yahoo! Inc.)O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)O4 - HKLM..\Run: [Dell Photo AIO Printer 942] C:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe ()O4 - HKLM..\Run: [DellMCM] C:\Program Files\Dell Photo AIO Printer 942\memcard.exe ()O4 - HKLM..\Run: [DLBUCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBUtime.DLL ()O4 - HKLM..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)O4 - HKLM..\Run: [iObit Security 360] C:\Program Files\IObit\IObit Security 360\IS360tray.exe (IObit)O4 - HKLM..\Run: [P17Helper] C:\WINDOWS\System32\P17.dll ()O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)O4 - HKLM..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe (Alcatel-Lucent)O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Monitor.lnk = C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe (SanDisk)O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk = C:\WINDOWS\Installer\{14FCFE7C-AB86-428A-9D2E-BFB6F5A7AA6E}\Icon3E5562ED7.ico ()O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\iavlsp.dll (iolo technologies, LLC)O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\iavlsp.dll (iolo technologies, LLC)O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\System32\iavlsp.dll (iolo technologies, LLC)O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemyfios.verizon.net/sdcCommon/download/FIOS/Verizon%20FiOS%20Installer.cab (Reg Error: Key error.)O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Reg Error: Key error.)O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} http://www.linkedin.com/cab/LinkedInContactFinderControl.cab (Reg Error: Key error.)O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,99/mcinsctl.cab (Reg Error: Key error.)O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1146389966755 (MUWebControl Class)O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab (Reg Error: Key error.)O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.)O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.243.0.12O18 - Protocol\Handler\bw+0 {99073e4f-f326-49c0-8a21-641556f5b9ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)O18 - Protocol\Handler\bw+0s {99073e4f-f326-49c0-8a21-641556f5b9ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)O18 - Protocol\Handler\bw-0 {99073e4f-f326-49c0-8a21-641556f5b9ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)O18 - Protocol\Handler\bw00 {99073e4f-f326-49c0-8a21-641556f5b9ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)O18 - Protocol\Handler\bw00s {99073e4f-f326-49c0-8a21-641556f5b9ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)O18 - Protocol\Handler\bw-0s {99073e4f-f326-49c0-8a21-641556f5b9ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)O18 - Protocol\Handler\bw10 {99073e4f-f326-49c0-8a21-641556f5b9ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)O18 - Protocol\Handler\bw10s {99073e4f-f326-49c0-8a21-641556f5b9ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)O18 - Protocol\Handler\bw20 {99073e4f-f326-49c0-8a21-641556f5b9ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)O18 - Protocol\Handler\bw20s {99073e4f-f326-49c0-8a21-641556f5b9ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)O18 - Protocol\Handler\bw30 {99073e4f-f326-49c0-8a21-641556f5b9ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)O18 - Protocol\Handler\bw30s {99073e4f-f326-49c0-8a21-641556f5b9ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)O18 - Protocol\Handler\bw40 {99073e4f-f326-49c0-8a21-641556f5b9ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)O18 - Protocol\Handler\bw40s {99073e4f-f326-49c0-8a21-641556f5b9ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)O18 - Protocol\Handler\bw50 {99073e4f-f326-49c0-8a21-641556f5b9ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)O18 - Protocol\Handler\bw50s {99073e4f-f326-49c0-8a21-641556f5b9ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)O18 - Protocol\Handler\bw60 {99073e4f-f326-49c0-8a21-641556f5b9ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)O18 - Protocol\Handler\bw60s {99073e4f-f326-49c0-8a21-641556f5b9ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)O18 - Protocol\Handler\bw70 {99073e4f-f326-49c0-8a21-641556f5b9ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)O18 - Protocol\Handler\bw70s {99073e4f-f326-49c0-8a21-641556f5b9ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)O18 - Protocol\Handler\bw80 {99073e4f-f326-49c0-8a21-641556f5b9ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)O18 - Protocol\Handler\bw80s {99073e4f-f326-49c0-8a21-641556f5b9ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)O18 - Protocol\Handler\bw90 {99073e4f-f326-49c0-8a21-641556f5b9ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)O18 - Protocol\Handler\bw90s {99073e4f-f326-49c0-8a21-641556f5b9ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)O18 - Protocol\Handler\bwa0 {99073e4f-f326-49c0-8a21-641556f5b9ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)O18 - Protocol\Handler\bwa0s {99073e4f-f326-49c0-8a21-641556f5b9ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)O18 - Protocol\Handler\bwb0 {99073e4f-f326-49c0-8a21-641556f5b9ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)O18 - Protocol\Handler\bwb0s {99073e4f-f326-49c0-8a21-641556f5b9ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)O18 - Protocol\Handler\bwc0 {99073e4f-f326-49c0-8a21-641556f5b9ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)O18 - Protocol\Handler\bwc0s {99073e4f-f326-49c0-8a21-641556f5b9ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)O18 - Protocol\Handler\bwd0 {99073e4f-f326-49c0-8a21-641556f5b9ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)O18 - Protocol\Handler\bwd0s {99073e4f-f326-49c0-8a21-641556f5b9ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)O18 - Protocol\Handler\bwe0 {99073e4f-f326-49c0-8a21-641556f5b9ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)O18 - Protocol\Handler\bwe0s {99073e4f-f326-49c0-8a21-641556f5b9ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)O18 - Protocol\Handler\bwf0 {99073e4f-f326-49c0-8a21-641556f5b9ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)O18 - Protocol\Handler\bwf0s {99073e4f-f326-49c0-8a21-641556f5b9ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech)O18 - Protocol\Handler\bwg0 {99073e4f-f326-49c0-8a21-641556f5b9ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)O18 - Protocol\Handler\bwg0s {99073e4f-f326-49c0-8a21-641556f5b9ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)O18 - Protocol\Handler\bwh0 {99073e4f-f326-49c0-8a21-641556f5b9ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)O18 - Protocol\Handler\bwh0s {99073e4f-f326-49c0-8a21-641556f5b9ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)O18 - Protocol\Handler\bwi0 {99073e4f-f326-49c0-8a21-641556f5b9ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)O18 - Protocol\Handler\bwi0s {99073e4f-f326-49c0-8a21-641556f5b9ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)O18 - Protocol\Handler\bwj0 {99073e4f-f326-49c0-8a21-641556f5b9ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)O18 - Protocol\Handler\bwj0s {99073e4f-f326-49c0-8a21-641556f5b9ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)O18 - Protocol\Handler\bwk0 {99073e4f-f326-49c0-8a21-641556f5b9ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)O18 - Protocol\Handler\bwk0s {99073e4f-f326-49c0-8a21-641556f5b9ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)O18 - Protocol\Handler\bwl0 {99073e4f-f326-49c0-8a21-641556f5b9ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)O18 - Protocol\Handler\bwl0s {99073e4f-f326-49c0-8a21-641556f5b9ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)O18 - Protocol\Handler\bwm0 {99073e4f-f326-49c0-8a21-641556f5b9ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)O18 - Protocol\Handler\bwm0s {99073e4f-f326-49c0-8a21-641556f5b9ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)O18 - Protocol\Handler\bwn0 {99073e4f-f326-49c0-8a21-641556f5b9ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)O18 - Protocol\Handler\bwn0s {99073e4f-f326-49c0-8a21-641556f5b9ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)O18 - Protocol\Handler\bwo0 {99073e4f-f326-49c0-8a21-641556f5b9ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)O18 - Protocol\Handler\bwo0s {99073e4f-f326-49c0-8a21-641556f5b9ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)O18 - Protocol\Handler\bwp0 {99073e4f-f326-49c0-8a21-641556f5b9ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)O18 - Protocol\Handler\bwp0s {99073e4f-f326-49c0-8a21-641556f5b9ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)O18 - Protocol\Handler\bwq0 {99073e4f-f326-49c0-8a21-641556f5b9ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)O18 - Protocol\Handler\bwq0s {99073e4f-f326-49c0-8a21-641556f5b9ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)O18 - Protocol\Handler\bwr0 {99073e4f-f326-49c0-8a21-641556f5b9ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)O18 - Protocol\Handler\bwr0s {99073e4f-f326-49c0-8a21-641556f5b9ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)O18 - Protocol\Handler\bws0 {99073e4f-f326-49c0-8a21-641556f5b9ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)O18 - Protocol\Handler\bws0s {99073e4f-f326-49c0-8a21-641556f5b9ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)O18 - Protocol\Handler\bwt0 {99073e4f-f326-49c0-8a21-641556f5b9ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)O18 - Protocol\Handler\bwt0s {99073e4f-f326-49c0-8a21-641556f5b9ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)O18 - Protocol\Handler\bwu0 {99073e4f-f326-49c0-8a21-641556f5b9ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)O18 - Protocol\Handler\bwu0s {99073e4f-f326-49c0-8a21-641556f5b9ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)O18 - Protocol\Handler\bwv0 {99073e4f-f326-49c0-8a21-641556f5b9ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)O18 - Protocol\Handler\bwv0s {99073e4f-f326-49c0-8a21-641556f5b9ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)O18 - Protocol\Handler\bww0 {99073e4f-f326-49c0-8a21-641556f5b9ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)O18 - Protocol\Handler\bww0s {99073e4f-f326-49c0-8a21-641556f5b9ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)O18 - Protocol\Handler\bwx0 {99073e4f-f326-49c0-8a21-641556f5b9ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)O18 - Protocol\Handler\bwx0s {99073e4f-f326-49c0-8a21-641556f5b9ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)O18 - Protocol\Handler\bwy0 {99073e4f-f326-49c0-8a21-641556f5b9ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)O18 - Protocol\Handler\bwy0s {99073e4f-f326-49c0-8a21-641556f5b9ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)O18 - Protocol\Handler\bwz0 {99073e4f-f326-49c0-8a21-641556f5b9ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)O18 - Protocol\Handler\bwz0s {99073e4f-f326-49c0-8a21-641556f5b9ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)O18 - Protocol\Handler\offline-8876480 {99073E4F-F326-49C0-8A21-641556F5B9AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmpO24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmpO32 - HKLM CDRom: AutoRun - 1O32 - AutoRun File - [2004/08/19 17:07:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]O35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37 - HKLM\...com [@ = comfile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %*NetSvcs: 6to4 - File not foundNetSvcs: Ias - File not foundNetSvcs: Iprip - File not foundNetSvcs: Irmon - File not foundNetSvcs: NWCWorkstation - File not foundNetSvcs: Nwsapagent - File not foundNetSvcs: WmdmPmSp - File not foundDrivers32: msacm.ac3acm - C:\WINDOWS\System32\AC3ACM.acm (fccHandler)Drivers32: msacm.alf2cd - C:\WINDOWS\System32\alf2cd.acm (NCT Company)Drivers32: msacm.iac2 - C:\Program Files\Replay AV 8\iac25_32.ax (Intel Corporation)Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)Drivers32: msacm.scg726 - C:\WINDOWS\System32\Scg726.acm (SHARP Corporation)Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)Drivers32: msacm.voxacm160 - C:\WINDOWS\System32\vct3216.acm (Voxware, Inc.)Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)Drivers32: vidc.DIVX - C:\WINDOWS\System32\divx.dll (DivXNetworks, Inc.)Drivers32: vidc.dvsd - C:\WINDOWS\System32\mcdvd_32.dll (MainConcept)Drivers32: vidc.ffds - C:\WINDOWS\System32\ff_vfw.dll ()Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)Drivers32: vidc.mp42 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)Drivers32: vidc.mp43 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)Drivers32: vidc.mpg4 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)Drivers32: wave2 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)CREATERESTOREPOINTError starting restore point: The function was called in safe mode.Error closing restore point: The sequence number is invalid.========== Files/Folders - Created Within 30 Days ==========[2010/09/29 19:36:03 | 000,000,000 | ---D | C] -- C:\Rooter$[2010/09/29 18:44:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT[2010/09/29 18:42:59 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT[2010/09/29 18:18:35 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe[2010/09/29 18:16:03 | 000,173,119 | ---- | C] (Eric_71) -- C:\Documents and Settings\Administrator\Desktop\Rooter.exe[2010/09/29 18:14:59 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\TFC.exe[2010/09/29 18:14:21 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Administrator\Desktop\erunt-setup.exe[2010/09/29 18:07:03 | 009,458,552 | ---- | C] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Administrator\Desktop\SUPERAntiSpyware.exe[2010/09/29 18:06:22 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\Administrator\Desktop\ATF-Cleaner.exe[2010/09/29 17:47:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Macromedia[2010/09/29 17:33:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Adobe[2010/09/29 17:31:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes[2010/09/29 16:58:18 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC[2010/09/29 16:57:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\iolo[2010/09/28 20:01:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\IObit[2010/09/28 20:01:41 | 000,000,000 | ---D | C] -- C:\Program Files\IObit[2010/09/28 19:31:44 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro[2010/09/28 19:30:13 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ztvcabinet.dll[2010/09/28 19:30:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software[2010/09/28 18:26:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\vmm32[2010/09/28 18:26:49 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner[2010/09/27 17:30:23 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy[2010/09/27 17:30:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy[2010/09/22 18:06:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Motive[2010/09/18 18:19:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\iolo[2010/09/18 18:16:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Authentium[2010/09/18 18:16:35 | 000,118,784 | ---- | C] (iolo technologies, LLC) -- C:\WINDOWS\System32\iavlsp.dll[2010/09/18 18:16:18 | 000,094,384 | ---- | C] (iolo technologies, LLC) -- C:\WINDOWS\System32\IncContxMenu.dll[2010/09/18 18:16:15 | 000,009,341 | ---- | C] (iolo technologies, LLC (based on original work by Bo Brantén)) -- C:\WINDOWS\System32\drivers\filedisk.sys[2010/09/18 18:16:12 | 000,000,000 | ---D | C] -- C:\Program Files\iolo[2010/09/18 18:13:03 | 000,000,000 | ---D | C] -- C:\iolo[2010/09/18 18:02:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun[2010/09/18 17:50:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\iolo[2010/09/18 13:56:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\AdobeUM[2010/09/18 13:55:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe[2010/09/18 08:51:42 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes[2010/09/18 08:51:06 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes(2)[2010/09/18 08:15:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell[2010/09/16 18:47:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia[2010/09/16 18:47:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe[2010/09/16 18:47:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Yahoo![2010/09/08 11:17:46 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx[2010/09/08 11:17:46 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts[2007/08/18 09:14:23 | 000,411,248 | ---- | C] (Applian Technologies Inc.) -- C:\Program Files\FLV PlayerRCSetup.exe[2007/01/30 09:47:52 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbupmui.dll[2007/01/30 09:46:00 | 001,224,704 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbuserv.dll[2007/01/30 09:38:18 | 000,421,888 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbucomm.dll[2007/01/30 09:36:30 | 000,585,728 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbulmpm.dll[2007/01/30 09:36:30 | 000,585,728 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbulmpm(3).dll[2007/01/30 09:36:30 | 000,585,728 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbulmpm(2).dll[2007/01/30 09:35:00 | 000,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbuiesc.dll[2007/01/30 09:32:06 | 000,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbupplc.dll[2007/01/30 09:31:08 | 000,684,032 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbucomc.dll[2007/01/30 09:30:30 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbuprox.dll[2007/01/30 09:22:32 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbuinpa.dll[2007/01/30 09:21:46 | 000,995,328 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbuusb1.dll[2007/01/30 09:17:02 | 000,696,320 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbuhbn3.dll[2005/09/08 07:30:10 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll[2002/09/27 10:40:58 | 000,069,632 | ---- | C] (Smith Micro Software, Inc.) -- C:\Program Files\Start.exe[8 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]========== Files - Modified Within 30 Days ==========[2010/09/30 05:55:59 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl[2010/09/30 05:55:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat[2010/09/30 05:54:38 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT[2010/09/30 05:47:13 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{9126A126-9FBD-4754-B7F4-B9FC53C8E989}.job[2010/09/30 05:45:43 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk[2010/09/30 05:44:53 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3178570343-2686982665-4255511254-1006.job[2010/09/30 04:35:17 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat[2010/09/29 19:50:15 | 005,505,024 | -H-- | M] () -- C:\Documents and Settings\Administrator\ntuser.dat[2010/09/29 19:49:55 | 000,000,811 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\WinZip.lnk[2010/09/29 19:48:38 | 000,001,221 | ---- | M] () -- C:\WINDOWS\win.ini[2010/09/29 19:32:54 | 000,420,575 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts[2010/09/29 18:50:04 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini[2010/09/29 18:42:59 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\NTREGOPT.lnk[2010/09/29 18:42:59 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\ERUNT.lnk[2010/09/29 18:18:36 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe[2010/09/29 18:18:07 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\gmer.zip[2010/09/29 18:17:30 | 003,514,115 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\WVCheck.exe[2010/09/29 18:16:57 | 000,443,392 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\CKScanner.exe[2010/09/29 18:16:27 | 000,032,653 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\LockSearch.exe[2010/09/29 18:16:03 | 000,173,119 | ---- | M] (Eric_71) -- C:\Documents and Settings\Administrator\Desktop\Rooter.exe[2010/09/29 18:15:00 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\TFC.exe[2010/09/29 18:14:22 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Administrator\Desktop\erunt-setup.exe[2010/09/29 18:07:13 | 009,458,552 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Administrator\Desktop\SUPERAntiSpyware.exe[2010/09/29 18:06:22 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\Administrator\Desktop\ATF-Cleaner.exe[2010/09/28 20:07:08 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job[2010/09/28 20:01:51 | 000,000,743 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\IObit Security 360.lnk[2010/09/27 18:35:54 | 000,419,407 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100929-193254.backup[2010/09/23 18:34:42 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini[2010/09/23 18:34:42 | 000,000,209 | RHS- | M] () -- C:\boot.ini[2010/09/22 18:04:28 | 000,001,880 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Vz In-Home Agent.lnk[2010/09/21 09:08:23 | 000,524,634 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI[2010/09/21 09:08:23 | 000,445,370 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat[2010/09/21 09:08:23 | 000,072,576 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat[2010/09/19 12:14:01 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3178570343-2686982665-4255511254-1006.job[2010/09/18 18:25:15 | 000,000,406 | ---- | M] () -- C:\WINDOWS\System32\ioloBootDefrag.cfg[2010/09/18 18:13:46 | 000,074,703 | ---- | M] () -- C:\WINDOWS\System32\mfc45.dll[2010/09/18 18:00:15 | 000,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk[2010/09/18 09:12:50 | 000,001,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk[2010/09/08 11:17:46 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx[2010/09/08 11:17:46 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts[8 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]========== Files Created - No Company Name ==========[2010/09/29 19:49:55 | 000,000,811 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\WinZip.lnk[2010/09/29 18:42:59 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\NTREGOPT.lnk[2010/09/29 18:42:59 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\ERUNT.lnk[2010/09/29 18:18:04 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\gmer.zip[2010/09/29 18:17:28 | 003,514,115 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\WVCheck.exe[2010/09/29 18:16:55 | 000,443,392 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\CKScanner.exe[2010/09/29 18:16:27 | 000,032,653 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\LockSearch.exe[2010/09/28 20:01:51 | 000,000,743 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\IObit Security 360.lnk[2010/09/28 19:30:13 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll[2010/09/28 19:30:13 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar3.dll[2010/09/28 19:30:13 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll[2010/09/28 19:30:13 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll[2010/09/22 18:04:28 | 000,001,880 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Vz In-Home Agent.lnk[2010/09/18 18:25:15 | 000,000,406 | ---- | C] () -- C:\WINDOWS\System32\ioloBootDefrag.cfg[2010/09/18 18:16:18 | 002,319,536 | ---- | C] () -- C:\WINDOWS\System32\Incinerator.dll[2010/09/18 18:16:13 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\iolobtdfg.exe[2010/09/18 18:16:13 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\smrgdf.exe[2010/09/18 18:13:46 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll[2010/09/18 09:12:50 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk[2010/09/07 07:08:25 | 000,109,696 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat[2010/06/16 07:04:50 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT[2008/08/27 17:11:42 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\rmc_rtspdl.dll[2008/05/01 19:54:04 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\dlbucoin.dll[2008/05/01 19:54:04 | 000,131,072 | R--- | C] () -- C:\WINDOWS\System32\dlbusnls.dll[2007/11/23 17:18:17 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Screen Saver[2007/11/23 17:18:17 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLds.DAT[2007/09/16 11:15:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\netscape.INI[2007/08/18 09:18:09 | 002,293,712 | ---- | C] () -- C:\Program Files\FLV PlayerFCSetup.exe[2007/08/18 09:16:03 | 001,936,528 | ---- | C] () -- C:\WINDOWS\System32\ltmm15.dll[2007/08/18 09:15:36 | 003,655,608 | ---- | C] () -- C:\Program Files\FLV PlayerRCATSetup.exe[2007/07/16 12:58:10 | 000,197,408 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll[2007/07/16 12:58:00 | 000,193,312 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll[2007/03/09 03:12:32 | 000,027,648 | -HS- | C] () -- C:\WINDOWS\System32\AVSredirect.dll[2007/03/06 05:14:48 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll[2007/03/06 05:14:48 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest[2007/02/19 02:32:34 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlbuinsr.dll[2007/02/19 02:32:30 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlbucur.dll[2007/02/19 02:32:08 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\dlbujswr.dll[2007/02/19 02:29:24 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlbuinsb.dll[2007/02/19 02:29:20 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlbucub.dll[2007/02/19 02:29:14 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlbucu.dll[2007/02/19 02:29:10 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\dlbuins.dll[2007/02/19 02:28:10 | 000,434,176 | ---- | C] () -- C:\WINDOWS\System32\dlbuutil.dll[2007/01/22 02:19:00 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\dlbucfg.dll[2006/08/05 08:45:23 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\msvcsv60.dll[2006/05/30 14:50:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\muveeapp.INI[2006/05/05 18:49:45 | 000,002,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache[2006/01/15 12:54:34 | 000,005,482 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini[2005/11/27 13:31:47 | 000,000,205 | ---- | C] () -- C:\WINDOWS\RtlRack.ini[2005/09/14 11:24:44 | 000,000,716 | ---- | C] () -- C:\WINDOWS\dellstat.ini[2005/09/08 08:06:47 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini[2005/09/08 07:56:51 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI[2005/09/08 07:54:47 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI[2005/09/08 07:54:38 | 000,003,278 | ---- | C] () -- C:\WINDOWS\System32\LudaP17.ini[2005/09/08 07:54:38 | 000,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini[2005/09/08 07:54:33 | 000,000,072 | ---- | C] () -- C:\WINDOWS\SBWIN.INI[2005/09/08 07:30:12 | 000,064,512 | ---- | C] () -- C:\WINDOWS\System32\P17.dll[2005/09/08 07:30:12 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\P17CPI.dll[2005/09/08 07:29:26 | 000,000,375 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini[2005/08/18 06:26:46 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbuvs.dll[2005/08/05 15:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll[2005/06/22 13:37:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini[2004/08/19 17:20:39 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini[2004/08/19 17:16:24 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat[2004/08/19 17:01:43 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini[2003/12/03 15:31:20 | 000,001,005 | ---- | C] () -- C:\Program Files\SMDesk.ini[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI[2002/08/12 12:53:04 | 000,000,052 | ---- | C] () -- C:\Program Files\AUTORUN.INF[2000/04/11 20:44:56 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll========== Custom Scans ==========< %SYSTEMDRIVE%\*.* >[2004/08/19 17:07:14 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT[2010/09/23 18:34:42 | 000,000,209 | RHS- | M] () -- C:\boot.ini[2007/09/27 06:44:58 | 031,686,704 | ---- | M] () -- C:\buffer.wav[2004/08/19 17:07:14 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS[2005/09/08 07:36:54 | 000,006,281 | RH-- | M] () -- C:\dell.sdr[2010/07/09 14:04:10 | 000,000,522 | ---- | M] () -- C:\dlbu.log[2010/04/17 15:23:41 | 000,006,434 | ---- | M] () -- C:\EyeCandyLog.txt[2005/09/13 17:09:46 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1[2004/08/19 17:07:14 | 000,000,000 | -H-- | M] () -- C:\IO.SYS[2008/08/27 16:44:50 | 000,000,065 | ---- | M] () -- C:\jetscan.log[2007/09/16 10:23:44 | 000,000,151 | ---- | M] () -- C:\liprefs.js[2010/01/17 14:18:12 | 000,000,476 | ---- | M] () -- C:\LOG10F.log[2008/11/26 15:43:14 | 000,000,476 | ---- | M] () -- C:\LOG24.log[2008/11/29 08:17:30 | 000,000,476 | ---- | M] () -- C:\LOG5AC.log[2010/01/25 07:51:19 | 000,000,476 | ---- | M] () -- C:\LOG966.log[2007/08/20 18:21:10 | 000,002,082 | ---- | M] () -- C:\mmjb.DDF[2004/08/19 17:07:14 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS[2009/07/11 18:53:54 | 000,000,571 | ---- | M] () -- C:\NTDClient.log[2004/08/10 06:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM[2008/08/02 16:39:39 | 000,250,048 | RHS- | M] () -- C:\ntldr[2010/09/30 05:55:19 | 4293,918,720 | -HS- | M] () -- C:\pagefile.sys[2007/09/03 12:21:46 | 000,000,184 | ---- | M] () -- C:\preview.avi_index[2005/09/08 08:01:20 | 000,000,087 | ---- | M] () -- C:\SystemInfo.ini[2010/07/05 12:19:27 | 000,030,067 | ---- | M] () -- C:\winzip.log[2010/01/16 10:20:20 | 000,004,794 | ---- | M] () -- C:\_AUDIT.LOG[2007/01/06 10:38:47 | 000,001,269 | ---- | M] () -- C:\_DICOM.LOG< %systemroot%\Fonts\*.com >[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont< %systemroot%\Fonts\*.dll >< %systemroot%\Fonts\*.ini >[2004/08/19 17:06:24 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini< %systemroot%\Fonts\*.ini2 >< %systemroot%\Fonts\*.exe >< %systemroot%\system32\spool\prtprocs\w32x86\*.* >[2006/07/31 01:00:00 | 000,022,528 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPD7W.DLL[2006/07/31 01:00:00 | 000,065,024 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPP7W.DLL[2007/01/30 04:53:40 | 000,118,272 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\dlbuPP5C(2).DLL[2007/01/30 04:53:40 | 000,118,272 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\dlbuPP5C(3).DLL[2007/01/30 04:53:40 | 000,118,272 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\dlbuPP5C.DLL[2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll[2007/04/09 14:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll[2008/07/06 06:50:04 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe< %systemroot%\REPAIR\*.bak1 >< %systemroot%\REPAIR\*.ini >< %systemroot%\system32\*.jpg >[2007/08/11 08:09:11 | 000,045,811 | ---- | M] () -- C:\WINDOWS\system32\awakening.jpg< %systemroot%\*.jpg >< %systemroot%\*.png >< %systemroot%\*.scr >< %systemroot%\*._sy >< %APPDATA%\Adobe\Update\*.* >< %ALLUSERSPROFILE%\Favorites\*.* >< %APPDATA%\Microsoft\*.* >< %PROGRAMFILES%\*.* >[2002/08/12 12:53:04 | 000,000,052 | ---- | M] () -- C:\Program Files\AUTORUN.INF[2007/08/18 09:18:13 | 002,293,712 | ---- | M] () -- C:\Program Files\FLV PlayerFCSetup.exe[2007/08/18 09:15:42 | 003,655,608 | ---- | M] () -- C:\Program Files\FLV PlayerRCATSetup.exe[2007/08/18 09:14:24 | 000,411,248 | ---- | M] (Applian Technologies Inc.) -- C:\Program Files\FLV PlayerRCSetup.exe[2003/12/03 15:31:20 | 000,001,005 | ---- | M] () -- C:\Program Files\SMDesk.ini[2002/09/27 10:40:58 | 000,069,632 | ---- | M] (Smith Micro Software, Inc.) -- C:\Program Files\Start.exe< %APPDATA%\Update\*.* >< %systemroot%\*. /mp /s >< %systemroot%\System32\config\*.sav >[2004/08/19 16:56:28 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav[2004/08/19 16:56:28 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav[2004/08/19 16:56:28 | 000,876,544 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav< %PROGRAMFILES%\bak. /s >< %systemroot%\system32\bak. /s >< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >[2008/08/02 16:45:43 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini< %systemroot%\system32\config\systemprofile\*.dat /x >< %systemroot%\*.config >< %systemroot%\system32\*.db >< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >[2004/08/19 17:14:12 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini[2004/08/19 17:14:12 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf< %USERPROFILE%\Desktop\*.exe >[2010/09/29 18:06:22 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\Administrator\Desktop\ATF-Cleaner.exe[2010/09/29 18:16:57 | 000,443,392 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\CKScanner.exe[2010/09/29 18:14:22 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Administrator\Desktop\erunt-setup.exe[2010/09/29 18:16:27 | 000,032,653 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\LockSearch.exe[2010/09/29 18:18:36 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe[2010/09/29 18:16:03 | 000,173,119 | ---- | M] (Eric_71) -- C:\Documents and Settings\Administrator\Desktop\Rooter.exe[2010/09/29 18:07:13 | 009,458,552 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Administrator\Desktop\SUPERAntiSpyware.exe[2010/09/29 18:15:00 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\TFC.exe[2010/09/29 18:17:30 | 003,514,115 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\WVCheck.exe< %PROGRAMFILES%\Common Files\*.* >< %systemroot%\*.src >< %systemroot%\install\*.* >< %systemroot%\system32\DLL\*.* >< %systemroot%\system32\HelpFiles\*.* >< %systemroot%\system32\rundll\*.* >< %systemroot%\winn32\*.* >< %systemroot%\Java\*.* >< %systemroot%\system32\test\*.* >< %systemroot%\system32\Rundll32\*.* >< %systemroot%\AppPatch\Custom\*.* >< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >< %PROGRAMFILES%\Internet Explorer\*.tmp >< %PROGRAMFILES%\Internet Explorer\*.dat >< %USERPROFILE%\My Documents\*.exe >< %USERPROFILE%\*.exe >< %systemroot%\ADDINS\*.* >[2004/08/10 06:00:00 | 000,000,791 | ---- | M] () -- C:\WINDOWS\addins\fxsext.ecf< %systemroot%\assembly\*.bak2 >< %systemroot%\Config\*.* >< %systemroot%\REPAIR\*.bak2 >< %systemroot%\SECURITY\Database\*.sdb /x >< %systemroot%\SYSTEM\*.bak2 >< %systemroot%\Web\*.bak2 >< %systemroot%\Driver Cache\*.* >< %PROGRAMFILES%\Mozilla Firefox\0*.exe >< %ProgramFiles%\Microsoft Common\*.* >< %ProgramFiles%\TinyProxy. >< %USERPROFILE%\Favorites\*.url /x >[2004/08/19 17:14:12 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Administrator\Favorites\Desktop.ini< %systemroot%\system32\*.bk >< %systemroot%\*.te >< %systemroot%\system32\system32\*.* >< %ALLUSERSPROFILE%\*.dat /x >< %systemroot%\system32\drivers\*.rmv >< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >< dir /b "%systemroot%\*.exe" | find /i " " /c >< %PROGRAMFILES%\Microsoft\*.* >< %systemroot%\System32\Wbem\proquota.exe >< %PROGRAMFILES%\Mozilla Firefox\*.dat >< %USERPROFILE%\Cookies\*.txt /x >[2010/09/30 05:58:12 | 000,049,152 | ---- | M] () -- C:\Documents and Settings\Administrator\Cookies\index.dat< %SystemRoot%\system32\fonts\*.* >< %systemroot%\system32\winlog\*.* >< %systemroot%\system32\Language\*.* >< %systemroot%\system32\Settings\*.* >< %systemroot%\system32\*.quo >< %SYSTEMROOT%\AppPatch\*.exe >< %SYSTEMROOT%\inf\*.exe >[2007/06/26 23:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe< %SYSTEMROOT%\Installer\*.exe >< %systemroot%\system32\config\*.bak2 >< %systemroot%\system32\Computers\*.* >< %SystemRoot%\system32\Sound\*.* >< %SystemRoot%\system32\SpecialImg\*.* >< %SystemRoot%\system32\code\*.* >< %SystemRoot%\system32\draft\*.* >< %SystemRoot%\system32\MSSSys\*.* >< %ProgramFiles%\Javascript\*.* >< %systemroot%\pchealth\helpctr\System\*.exe /s >< %systemroot%\Web\*.exe >< %systemroot%\system32\msn\*.* >< %systemroot%\system32\*.tro >< %AppData%\Microsoft\Installer\msupdates\*.* >< %ProgramFiles%\Messenger\*.exe >[2008/04/13 20:12:28 | 001,695,232 | -HS- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe< %systemroot%\system32\systhem32\*.* >< %systemroot%\system\*.exe >[1999/09/10 08:06:00 | 000,004,672 | ---- | M] (Adaptec) -- C:\WINDOWS\system\wowpost.exe< %USERPROFILE%\Templates\*.tmp >< %SYSTEMDRIVE%\explorexxx.exe\*.* >< %Windir%\Installer\*.tmp >< %systemroot%\System32\*.xco >< %ProgramFiles%\system32\*.* >< %systemroot%\System32\windos\*.* >< %SystemRoot%\system32\sandbox\*.* >< %SystemRoot%\system32\*.amo >< %SystemRoot%\system32\Windows Live\*.* >< %ProgramFiles%\logs\*.* >< %ProgramFiles%\Bifrost\*.* >< %SystemRoot%\system32\*.goo >< %systemroot%\system32\IME\*.* >< %systemroot%\BackUp\*.* >< %systemroot%\system32\*.ico >< %systemroot%\system\*.dat >< %systemroot%\system\*.exe >[1999/09/10 08:06:00 | 000,004,672 | ---- | M] (Adaptec) -- C:\WINDOWS\system\wowpost.exe< %AppData%\Macromedia\Common\*.* >< %SYSTEMDRIVE%\dir\*.* /s >< %systemroot%\system32\ras\*.exe >< %SYSTEMDRIVE%\MFILES\*.* >< %SYSTEMDRIVE%\mDNSRespon.exe\*.* >< %systemroot%\system32\services\*.* >< %systemroot%\Spooler\*.* >< %ProgramFiles%\system32\*.* >< %systemroot%\system32\Setup\*.dll /x >< %systemroot%\system32\*.mine >< %SYSTEMDRIVE%\cleansweep.exe\*.* >< %systemroot%\system32\ras\*.dll >< %systemroot%\system32\ras\*.drv >< %systemroot%\*.iq >< %systemroot%\system32\XP\*.* >< %SYSTEMDRIVE%\Extracted\*.* >< %systemroot%\system32\windows\*.* >< %systemroot%\logs\*.* >< %SYSTEMDRIVE%\Win.Msi\*.* >< %systemroot%\regedit\*.* >< %systemroot%\system32\skype\*.* >< %AppData%\Adobe\dlluplwin25\*.* >< %UserProfile%\*.dat >[2010/09/29 19:50:15 | 005,505,024 | -H-- | M] () -- C:\Documents and Settings\Administrator\ntuser.dat< %UserProfile%\*.dll >< %systemroot%\system32\*.sxo >< %SYSTEMDRIVE%\Gazma\*.* /s >< %systemroot%\system32\spynet\*.* >< %systemroot%\system32\System\*.* >< %appdata%\Microsoft\Windows\*.* >< %systemroot%\system32\WinDir\*.* >< %systemroot%\_\*.* >< %systemroot%\system32\windows32\*.* >< %ProgramFiles%\win\*.* >< %AppData%\Microsoft\CD Burning\*.* >< %systemroot%\*.cab >< %systemroot%\K.Backup\*.* >< %ProgramFiles%\Massenger\*.* >< %systemroot%\System32\*.doc >< %systemroot%\Office12\*.* >< %systemroot%\System32\Rundl32.exe\*.* >< %ProgramFiles%\yahoo.net\*.* >< %systemroot%\system32\*.igo >< %systemroot%\*.rew >< %systemroot%\System32\spool\DRIVERS\W32X86\3\*.exe >[2006/07/31 01:00:00 | 000,006,144 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\CNMSE7W.EXE[2007/02/28 18:38:20 | 000,214,512 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\dlbujswx.exe[2007/02/28 18:38:24 | 000,189,936 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\dlbupswx.exe[2007/02/28 18:38:26 | 000,062,960 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\dlbuserv.exe[2007/02/28 18:38:28 | 000,058,864 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\dlbutime.exe[2007/02/28 18:38:30 | 000,058,864 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\dlbuupld.exe[2007/02/28 18:38:32 | 000,058,864 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\dlbuview.exe< %USERPROFILE%\.COMMgr\*.* >< %USERPROFILE%\Desktop\*.bat >< %PROGRAMFILES%\Common Files\Real\visualizations\*.* >[2010/05/30 12:13:34 | 000,043,008 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Visualizations\Annabelle.rpv[2010/05/30 12:13:34 | 000,080,384 | ---- | M] () -- C:\Program Files\Common Files\Real\Visualizations\CosmicBelt.rpv[2010/05/30 12:13:34 | 000,007,168 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Visualizations\Fire.rpv[2010/05/30 12:13:34 | 000,007,680 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Visualizations\FreqBands.rpv[2010/05/30 12:13:35 | 000,069,632 | ---- | M] () -- C:\Program Files\Common Files\Real\Visualizations\Nebula.rpv< %PROGRAMFILES%\Internet Explorer\*.Jmp >< %PROGRAMFILES%\Windows NT\system\*.dll >< %systemroot%\system32\*.ext >< %systemroot%\system32\Com\*.cfg >< %systemroot%\system32\btz\*.* >< %systemroot%\system32\EMP\*.* >< %systemroot%\system32\expo\*.* >< %systemroot%\system32\inet2\*.* >< %systemroot%\system32\xrem\*.* >< %ProgramFiles%\Microsoft\*.* >< %systemroot%\usgwmt\*.* >< %ProgramFiles%\B\*.* >< %SYSTEMDRIVE%\lspp\*.* >< %systemroot%\Kral\*.* >< %SYSTEMDRIVE%\windowsdvd.exe\*.* >< %systemroot%\system32\*.ipo >< %SYSTEMDRIVE%\usxxxxxxxx.exe\*.* >< %systemroot%\system32\*.mof >< %systemroot%\*.atm >< %systemroot%\system32\svhost\*.* >< %ProgramFiles%\system32\*.* >< %ProgramFiles%\Docmentt\*.* >< %systemroot%\Help\*.vbs >< %ProgramFiles%\Windows WinSxs\*.* /s >< %ProgramFiles%\Outlook Express\IDT\*.* /s >< %ProgramFiles%\Microsoft Office\365\*.* /s >< %ProgramFiles%\Windows Live\*.* >< %systemroot%\system32\win32\*.* >< %SYSTEMDRIVE%\RECYCLER\*.* >< %systemroot%\Fresh1\*.* >< %ProgramFiles%\Kekj\*.* /s >< %systemroot%\GDU\*.* >< %systemroot%\KA\*.* >< %systemroot%\R\*.* >< %systemroot%\system32\*.fyo >< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >< End of report >#########################################################OTL Extras logfile created on: 9/30/2010 5:59:14 AM - Run 1OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\Administrator\DesktopWindows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 7.0.5730.13)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 91.00% Memory free7.00 Gb Paging File | 7.00 Gb Available in Paging File | 98.00% Paging File freePaging file location(s): C:\pagefile.sys 5373 7373 [binary data]%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 228.13 Gb Total Space | 113.08 Gb Free Space | 49.57% Space Free | Partition Type: NTFSD: Drive not present or media not loadedE: Drive not present or media not loadedF: Drive not present or media not loadedG: Drive not present or media not loadedH: Drive not present or media not loadedI: Drive not present or media not loadedComputer Name: CINCHEETAHCurrent User Name: AdministratorLogged in as Administrator.Current Boot Mode: SafeMode with NetworkingScan Mode: Current userCompany Name Whitelist: OffSkip Microsoft Files: OffFile Age = 30 DaysOutput = Minimal========== Extra Registry (SafeList) ==================== File Associations ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]========== Shell Spawning ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*exefile [open] -- "%1" %*htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)jsfile [edit] -- "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1" (Macromedia, Inc.)piffile [open] -- "%1" %*regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)scrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)========== Security Center Settings ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]"FirstRunDisabled" = 1"UpdatesDisableNotify" = 0"AntiVirusOverride" = 0"FirewallOverride" = 0"AntiVirusDisableNotify" = 0"FirewallDisableNotify" = 0[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]========== System Restore Settings ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]"DisableSR" = 0[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]"Start" = 0[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]"Start" = 2========== Firewall Settings ==========[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]"EnableFirewall" = 1"DoNotAllowExceptions" = 0"DisableNotifications" = 0[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002"62515:UDP" = 62515:UDP:*:Enabled:Cisco VPN Serivice"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007"9051:UDP" = 9051:UDP:LocalSubNet:Enabled:Verizon Tech Wizard========== Authorized Applications List ==========[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (America Online, Inc)"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- (America Online, Inc.)"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- (America Online, Inc.)"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech)"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (America Online, Inc)"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- (America Online, Inc.)"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- (America Online, Inc.)"C:\Old Data\Program Files\Macromedia\Flash MX\Flash.exe" = C:\Old Data\Program Files\Macromedia\Flash MX\Flash.exe:*:Enabled:Flash 6.0 r25 -- (Macromedia, Inc.)"C:\Old Data\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe" = C:\Old Data\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe:*:Enabled:Dreamweaver MX -- (Macromedia, Inc.)"C:\Old Data\Program Files\WS_FTP\WS_FTP95.exe" = C:\Old Data\Program Files\WS_FTP\WS_FTP95.exe:*:Enabled:WS_FTP 95 -- (Ipswitch, Inc. 10 Maguire Road. Lexington, MA 02421)"C:\WINDOWS\system32\fxsclnt.exe" = C:\WINDOWS\system32\fxsclnt.exe:*:Enabled:Microsoft Fax Console -- (Microsoft Corporation)"C:\Old Data\Program Files\Macromedia\Fireworks MX\Fireworks.exe" = C:\Old Data\Program Files\Macromedia\Fireworks MX\Fireworks.exe:*:Enabled:Fireworks MX -- (Macromedia Inc.)"C:\Program Files\QuickTime\QuickTimePlayer.exe" = C:\Program Files\QuickTime\QuickTimePlayer.exe:*:Enabled:QuickTime Player -- (Apple Inc.)"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech)"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()"C:\Program Files\Parallels\Parallels Transporter\ParallelsTransporter.exe" = C:\Program Files\Parallels\Parallels Transporter\ParallelsTransporter.exe:*:Enabled:Parallels Transporter -- File not found"C:\Program Files\Parallels\Parallels Transporter Agent\ParallelsTransporterAgent.exe" = C:\Program Files\Parallels\Parallels Transporter Agent\ParallelsTransporterAgent.exe:*:Enabled:Parallels Transporter Agent -- File not found"C:\WINDOWS\system32\dlbucoms.exe" = C:\WINDOWS\system32\dlbucoms.exe:*:Enabled:Photo AIO Printer 942 Server -- ( )"C:\Program Files\Parallels\Parallels Transporter\Parallels Transporter\ParallelsTransporter.exe" = C:\Program Files\Parallels\Parallels Transporter\Parallels Transporter\ParallelsTransporter.exe:*:Enabled:ParallelsTransporter -- ()"C:\Program Files\Parallels\Parallels Transporter\Parallels Transporter Agent\ParallelsTransporterAgent.exe" = C:\Program Files\Parallels\Parallels Transporter\Parallels Transporter Agent\ParallelsTransporterAgent.exe:*:Enabled:ParallelsTransporterAgent -- ()"C:\Program Files\Verizon\FiOS\ihs\web100clt.exe" = C:\Program Files\Verizon\FiOS\ihs\web100clt.exe:*:Disabled:web100clt -- File not found"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java Platform SE binary -- (Sun Microsystems, Inc.)"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- File not found"C:\Program Files\Replay AV 8\Replay Player\Replay Player.exe" = C:\Program Files\Replay AV 8\Replay Player\Replay Player.exe:*:Enabled:Replay Player -- ()"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:realplay -- (RealNetworks, Inc.)"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)"C:\Program Files\iolo\System Mechanic Professional\SysMech.exe" = C:\Program Files\iolo\System Mechanic Professional\SysMech.exe:*:Enabled:iolo System Shield® -- ()========== HKEY_LOCAL_MACHINE Uninstall List ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data"{0837A661-FEC3-48B3-876C-91E7D32048A9}" = Macromedia Dreamweaver 8"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP1700" = Canon iP1700"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA"{13768624-13E9-4A9D-BF5B-6DB72FFFD954}" = Eudora"{14FCFE7C-AB86-428A-9D2E-BFB6F5A7AA6E}" = Cisco Systems VPN Client 5.0.01.0600"{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter"{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB}" = iPod for Windows 2006-03-23"{20ACB2F8-3BCA-45A8-80A2-9D3CB5C25F43}" = Safari"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD LE"{232EF9A7-CCB1-416E-BC15-E6AA5D17F434}" = AmpliTube LE"{23C3F5C0-566B-478B-AAB6-197ADAD0C945}" = Uniblue SpeedUpMyPC 2009"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java 6 Update 21"{2746B4DE-A2EE-4B33-A7CE-B33BAD5EF6FE}" = Vz In Home Agent"{2A8E4833-F483-4074-B4DB-F295F7901A8D}" = MobileMe Control Panel"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager"{30DBAD4A-BA6D-4F9D-8AB0-2F6C7B0612A4}" = AVSDK5"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java SE Runtime Environment 6 Update 1"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java 6 Update 2"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java 6 Update 3"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java 6 Update 5"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP"{350FB27C-CF62-4EF3-AF9D-70FF313FE221}" = iTunes"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor"{36BD0774-6CD6-4FF9-A148-83CA09AC123E}" = Intel® PROSafe for Wired Connections"{3884FCC0-9E16-423B-959A-FD77DD2F39E6}" = GuitarVision"{39A908FD-7322-41AE-B374-C7A076B2FC97}" = Memeo AutoBackup"{3AE00DF4-ADF1-479E-834C-D1B2E71570BD}" = YouSendIt Application Plug-in SDK"{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}" = Google Earth"{403EF592-953B-4794-BCEF-ECAB835C2095}" = Intel® PROSafe for Wired Connections"{4192EAC0-6B36-4723-B216-D0E86E7757AC}" = Jasc Paint Shop Photo Album 5"{44A537A5-859C-43A6-8285-C0668142A090}" = iPod for Windows 2005-03-23"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater"{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager"{56F3E1FF-54FE-4384-A153-6CCABA097814}" = Creative MediaSource"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7"{601C6E14-DF1E-4113-A8C8-F9DB90CB0D88}" = SanDisk TransferMate"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.5"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053"{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}" = Jasc Paint Shop Pro Studio, Dell Editon"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper"{7F34A21F-2DEB-4598-BB19-611D6BD24271}" = Managed DirectX (0900)"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8 Dell Edition"{82E63B84-5A8B-4839-A6E1-B326CC31CD33}" = Parallels Transporter"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight"{8D2C1E44-7685-4D05-8342-B0DC6422FA47}" = Ulead Straight-to-Disc SDK"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Matrix Storage Manager"{91130409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Basic Edition 2003"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders"{A26FA58F-0AD6-4F9C-A134-FE2CFB2EAE97}" = McAfee Anti-Theft"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic Audio module"{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0"{AF06CAE4-C134-44B1-B699-14FBDB63BD37}" = Dell Picture Studio v3.0"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player"{BBD3F66B-1180-4785-B679-3F91572CD3B4}_is1" = iolo technologies' System Mechanic Professional"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1"{CBD55377-3FEA-4A93-A877-DB87B6C6C990}" = Logitech Harmony Remote Software 7"{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}" = Jasc Paint Shop Photo Album"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1"{CEB481CC-F57C-4397-81A0-DADD22257047}" = Sound Blaster Live! 24-bit"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center"{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC}" = iPod for Windows 2005-09-23"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime"{E7559288-223B-453C-9F06-340E3BE21E39}" = MyWay Search Assistant"{E901C3E0-E37C-4645-9906-718C3A5FE59F}" = SnapAPI"{FA61D601-A0FC-48BD-AE7A-54946BCD7FB6}_is1" = BitPim 1.0.5"{FCD9CD52-7222-4672-94A0-A722BA702FD0}" = Dell Resource CD"{FD29EB58-CF8D-4BE9-9AE8-8EE4FEF6D2E0}" = Memeo AutoSync"{FF3999BE-1A7B-4738-88AA-97BF14094A4A}" = PictureProject"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic"1st Page 2000 2.00 Free" = 1st Page 2000 2.00 Free"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin"ADS Tech V3.5 DVD Xpress CapWiz" = ADS Tech V3.5 DVD Xpress CapWiz"America Online us" = America Online (Choose which version to remove)"Anfy" = Anfy"AOL Connectivity Services" = AOL Connectivity Services"AOLCoach" = AOL Coach Version 1.0(Build:20040229.1 en)"ATI Display Driver" = ATI Display Driver"Audacity_is1" = Audacity 1.2.6"AVS DVDMenu Editor_is1" = AVS DVDMenu Editor 1.2.1.19"AVS Video Tools 5_is1" = AVS Video Tools 5.6"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto"bitRipper" = bitRipper"CAL" = Canon Camera Access Library"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder"Canon iP1700 User Registration" = Canon iP1700 User Registration"CanonMyPrinter" = Canon My Printer"cayahooantispy" = CA Yahoo! Anti-Spy (remove only)"CCleaner" = CCleaner"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem"CopyToDVD_is1" = CopyToDVD"Crystal Button 2008 InMotion! Pack_is1" = Crystal Button 2008 InMotion! (v.3.2)"CSCLIB" = Canon Camera Support Core Library"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver"DVD43_is1" = DVD43 v3.9.0"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint"Easy-WebPrint" = Easy-WebPrint"EOS Utility" = Canon Utilities EOS Utility"ERUNT_is1" = ERUNT 1.1j"ESCD_6.0" = Enhanced Sound Card Driver 8.0"FadeToBlack" = FadeToBlack"Flash News Scroller Wizard" = Flash News Scroller Wizard 1.7"FLV Player1.33 FC" = FLV Player"Free DVD Decrypter_is1" = Free DVD Decrypter version 1.3"Freecorder Toolbar3.03" = Freecorder Toolbar 3.03 Application"Freecorder_3 Toolbar" = Freecorder_3 Toolbar"GuitarPort 2.51.0" = GuitarPort 2.51.0 (Remove Only)"HijackThis" = HijackThis 2.0.2"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs"ie7" = Windows Internet Explorer 7"InstallShield_{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB}" = iPod for Windows 2006-03-23"InstallShield_{3AE00DF4-ADF1-479E-834C-D1B2E71570BD}" = YouSendIt Application Plug-in SDK"InstallShield_{44A537A5-859C-43A6-8285-C0668142A090}" = iPod for Windows 2005-03-23"InstallShield_{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC}" = iPod for Windows 2005-09-23"IObit Security 360_is1" = IObit Security 360"Jasc Paint Shop Pro Studio.01 , Dell Edition 1.0.1.1 Patch" = Jasc Paint Shop Pro Studio.01 , Dell Edition 1.0.1.1 Patch"LG USB Drivers" = LG USB Drivers"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware"MediaCoder" = MediaCoder 0.6.1"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX"Mozilla Firefox (3.5.9)" = Mozilla Firefox (3.5.9)"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs"PhotoStitch" = Canon Utilities PhotoStitch"PROSetDX" = Intel® PRO Network Connections Software v9.2.4.11"Radio_Wizard_1" = Radio Wizard 1.0"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX"RealPlayer 12.0" = RealPlayer"RealVNC_is1" = VNC Free Edition 4.1.2"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX"Replay Media Catcher 3.0" = Replay Media Catcher 3.0"Replay Media Catcher2.10" = Replay Media Catcher"Replay_AV_807" = Replay AV 8"Replay_Converter_1" = Replay Converter 2.8"Replay_Media_Splitter_1.2" = Replay Media Splitter 1.4"Replay_Screencast_1.0" = Replay Screencast 1.21"RER Video Converter_is1" = RER Video Converter"RiffWorks Standard" = RiffWorks Standard"Uniblue SpeedUpMyPC 2009" = Uniblue SpeedUpMyPC 2009"Uninstall_is1" = Uninstall 1.0.0.1"Verizon Help and Support" = Verizon Help and Support Tool"ViewpointMediaPlayer" = Viewpoint Media Player"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5"WebCyberCoach_wtrb" = WebCyberCoach 3.2 Dell"WETCable" = Windows Easy Transfer"Windows Media Encoder 9" = Windows Media Encoder 9 Series"Windows Media Format Runtime" = Windows Media Format 11 runtime"Windows Media Player" = Windows Media Player 11"Windows XP Service Pack" = Windows XP Service Pack 3"winusb0100" = Microsoft WinUsb 1.0"WMFDist11" = Windows Media Format 11 runtime"wmp11" = Windows Media Player 11"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0"Yahoo! Companion" = Yahoo! Toolbar"Yahoo! Software Update" = Yahoo! Software Update"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX========== Last 10 Event Log Errors ==========[ Application Events ]Error - 9/30/2010 5:44:54 AM | Computer Name = CINCHEETAH | Source = Userenv | ID = 1041Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.Error - 9/30/2010 5:44:54 AM | Computer Name = CINCHEETAH | Source = Userenv | ID = 1041Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.Error - 9/30/2010 5:44:54 AM | Computer Name = CINCHEETAH | Source = Userenv | ID = 1041Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.Error - 9/30/2010 5:46:43 AM | Computer Name = CINCHEETAH | Source = Application Error | ID = 1000Description = Faulting application dlbubmon.exe, version 1.0.10.0, faulting module hid.dll, version 5.1.2600.5512, fault address 0x00001ab4.Error - 9/30/2010 5:47:47 AM | Computer Name = CINCHEETAH | Source = crypt32 | ID = 131080Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The connection with the server was terminated abnormally Error - 9/30/2010 5:47:47 AM | Computer Name = CINCHEETAH | Source = crypt32 | ID = 131080Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist. Error - 9/30/2010 5:55:45 AM | Computer Name = CINCHEETAH | Source = Userenv | ID = 1041Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.Error - 9/30/2010 5:55:45 AM | Computer Name = CINCHEETAH | Source = Userenv | ID = 1041Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.Error - 9/30/2010 5:55:45 AM | Computer Name = CINCHEETAH | Source = Userenv | ID = 1041Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.Error - 9/30/2010 5:55:45 AM | Computer Name = CINCHEETAH | Source = Userenv | ID = 1041Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.[ iolo Applications Events ]Error - 9/23/2010 3:16:16 PM | Computer Name = CINCHEETAH | Source = System Shield | ID = 17Description = [ System Events ]Error - 9/30/2010 5:47:52 AM | Computer Name = CINCHEETAH | Source = DCOM | ID = 10005Description = DCOM got error "%1058" attempting to start the service YahooAUService with arguments "" in order to run the server: {3D369E3A-9EDF-46C4-B4BC-47BF3304BF7C}Error - 9/30/2010 5:48:36 AM | Computer Name = CINCHEETAH | Source = Windows Update Agent | ID = 16Description = Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.Error - 9/30/2010 5:48:58 AM | Computer Name = CINCHEETAH | Source = DCOM | ID = 10005Description = DCOM got error "%1058" attempting to start the service YahooAUService with arguments "" in order to run the server: {90AFF435-B544-4F94-A0C2-CC020EACA4E3}Error - 9/30/2010 5:48:58 AM | Computer Name = CINCHEETAH | Source = DCOM | ID = 10005Description = DCOM got error "%1058" attempting to start the service YahooAUService with arguments "" in order to run the server: {90AFF435-B544-4F94-A0C2-CC020EACA4E3}Error - 9/30/2010 5:48:58 AM | Computer Name = CINCHEETAH | Source = DCOM | ID = 10005Description = DCOM got error "%1058" attempting to start the service YahooAUService with arguments "" in order to run the server: {90AFF435-B544-4F94-A0C2-CC020EACA4E3}Error - 9/30/2010 5:54:24 AM | Computer Name = CINCHEETAH | Source = DCOM | ID = 10005Description = DCOM got error "%1058" attempting to start the service YahooAUService with arguments "" in order to run the server: {90AFF435-B544-4F94-A0C2-CC020EACA4E3}Error - 9/30/2010 5:56:04 AM | Computer Name = CINCHEETAH | Source = DCOM | ID = 10005Description = DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}Error - 9/30/2010 5:57:11 AM | Computer Name = CINCHEETAH | Source = Service Control Manager | ID = 7001Description = The Canon Camera Access Library 8 service depends on the SSDP Discovery Service service which failed to start because of the following error: %%1058Error - 9/30/2010 5:57:11 AM | Computer Name = CINCHEETAH | Source = Service Control Manager | ID = 7001Description = The Media Center Extender Service service depends on the SSDP Discovery Service service which failed to start because of the following error: %%1058Error - 9/30/2010 5:57:11 AM | Computer Name = CINCHEETAH | Source = Service Control Manager | ID = 7026Description = The following boot-start or system-start driver(s) failed to load: FileDisk Fips intelppm< End of report > Quote Link to post Share on other sites
Cincheetah Posted October 1, 2010 Author Report Share Posted October 1, 2010 Since I use my computer for work - I read through a few threads to see if I could get some fixes on my own - you guys are a wealth of knowledge! I've made a little progress (the hijacking seems to have ceased) - however it appears the registry has a few problems. I'll post 2 GMER report after combo fix log/TDSSKiller logs.I did run combo fix (as I saw this on another thread) - and TDSSKiller afterwards which did find something (I assume that is what was causing the highjacks)ComboFix 10-09-30.03 - Administrator 10/01/2010 10:37:34.1.2 - x86 NETWORKMicrosoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.3297 [GMT -4:00]Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exeAV: System Shield *On-access scanning enabled* (Updated) {2565CEEE-6BDB-4A6D-AD6D-F682F2695014}.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.datc:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.datc:\program files\autorun.infc:\windows\settings.regc:\windows\system32\Data----- BITS: Possible infected sites -----hxxp://download.iolo.net.((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))).-------\Legacy_6TO4-------\Legacy_NPF((((((((((((((((((((((((( Files Created from 2010-09-01 to 2010-10-01 ))))))))))))))))))))))))))))))).2010-09-29 23:36 . 2010-09-29 23:36 -------- d-----w- C:\Rooter$2010-09-29 22:42 . 2010-09-29 22:43 -------- d-----w- c:\program files\ERUNT2010-09-29 21:31 . 2010-09-29 21:31 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes2010-09-29 20:57 . 2010-09-29 20:57 -------- d-----w- c:\documents and settings\NetworkService\Application Data\iolo2010-09-29 00:01 . 2010-09-29 00:01 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit2010-09-29 00:01 . 2010-09-29 00:01 -------- d-----w- c:\program files\IObit2010-09-28 23:31 . 2010-09-28 23:31 -------- d-----w- c:\program files\Trend Micro2010-09-28 23:30 . 2006-06-19 17:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll2010-09-28 23:30 . 2006-05-25 19:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll2010-09-28 23:30 . 2005-08-26 05:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll2010-09-28 23:30 . 2003-02-03 00:06 153088 ----a-w- c:\windows\system32\unrar3.dll2010-09-28 23:30 . 2002-03-06 05:00 75264 ----a-w- c:\windows\system32\unacev2.dll2010-09-28 23:30 . 2010-09-28 23:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software2010-09-28 22:26 . 2010-09-28 22:26 -------- d-----w- c:\windows\system32\vmm322010-09-28 22:26 . 2010-09-28 22:26 -------- d-----w- c:\program files\CCleaner2010-09-27 21:30 . 2010-09-28 22:26 -------- d-----w- c:\program files\Spybot - Search & Destroy2010-09-27 21:30 . 2010-09-28 22:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy2010-09-22 22:06 . 2010-09-28 22:26 -------- d-----w- c:\program files\Common Files\Motive2010-09-18 22:16 . 2010-09-18 22:16 -------- d-----w- c:\program files\Common Files\Authentium2010-09-18 22:16 . 2009-11-11 23:46 118784 ----a-w- c:\windows\system32\iavlsp.dll2010-09-18 22:16 . 2010-07-06 19:44 94384 ----a-w- c:\windows\system32\IncContxMenu.dll2010-09-18 22:16 . 2010-07-06 19:44 2319536 ----a-w- c:\windows\system32\Incinerator.dll2010-09-18 22:16 . 2010-06-29 22:30 9341 ----a-w- c:\windows\system32\drivers\filedisk.sys2010-09-18 22:16 . 2010-09-07 13:37 41957480 ----a-w- c:\documents and settings\All Users\Application Data\iolo\System Shield\smsysshieldinstaller.exe2010-09-18 22:16 . 2010-02-03 14:21 12288 ----a-w- c:\windows\system32\smrgdf.exe2010-09-18 22:16 . 2010-02-03 14:21 30208 ----a-w- c:\windows\system32\iolobtdfg.exe2010-09-18 22:16 . 2010-09-18 22:16 -------- d-----w- c:\program files\iolo2010-09-18 22:13 . 2010-09-18 22:13 74703 ----a-w- c:\windows\system32\mfc45.dll2010-09-18 22:13 . 2010-09-18 22:13 -------- d-----w- C:\iolo2010-09-18 21:50 . 2010-09-18 22:26 -------- d-----w- c:\documents and settings\All Users\Application Data\iolo2010-09-18 17:56 . 2010-09-18 17:56 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AdobeUM2010-09-18 17:55 . 2010-09-18 17:56 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe2010-09-18 13:21 . 2010-09-18 13:21 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.33.18.5\SetupAdmin.exe2010-09-18 13:10 . 2010-09-18 13:10 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 10.0.0.68\SetupAdmin.exe2010-09-18 12:51 . 2010-09-18 13:12 -------- d-----w- c:\program files\iTunes2010-09-18 12:51 . 2010-09-18 12:51 -------- d-----w- c:\program files\iTunes(2)2010-09-16 22:47 . 2010-09-16 22:47 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Yahoo!.(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2010-10-01 13:41 . 2007-09-05 12:31 1324 ----a-w- c:\windows\system32\d3d9caps.dat2010-09-28 22:26 . 2009-10-04 23:18 -------- d-----w- c:\program files\Verizon2010-09-24 00:11 . 2008-05-01 23:58 -------- d-----w- c:\program files\dl_Cats2010-09-22 23:11 . 2005-09-08 11:53 -------- d-----w- c:\program files\Dell2010-09-22 22:17 . 2009-07-11 18:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Motive2010-09-21 21:56 . 2009-11-28 15:26 -------- d-----w- c:\program files\Common Files\McAfee2010-09-21 21:53 . 2006-04-21 10:48 -------- d-----w- c:\program files\Lavasoft2010-09-21 21:40 . 2009-10-03 12:03 -------- d-----w- c:\program files\Uniblue2010-09-21 13:42 . 2008-12-27 16:26 -------- d-----w- c:\program files\DoremiSoft2010-09-21 13:39 . 2009-03-02 14:28 -------- d-----w- c:\program files\SpreadsheetConverter2010-09-21 13:39 . 2008-12-26 16:20 -------- d-----w- c:\program files\Show.kit 2.12010-09-21 13:38 . 2008-08-16 11:12 -------- d-----w- c:\program files\Flash Website Design2010-09-21 13:37 . 2008-10-12 13:12 -------- d-----w- c:\program files\AnvSoft Flash to Video Converter2010-09-18 21:48 . 2005-10-13 21:43 -------- d-----w- c:\program files\Google2010-09-18 13:22 . 2008-07-16 20:58 -------- d-----w- c:\program files\Safari2010-09-18 13:16 . 2009-12-16 23:11 -------- d-----w- c:\program files\QuickTime2010-09-18 13:11 . 2007-07-10 00:35 -------- d-----w- c:\program files\Common Files\Apple2010-09-18 12:51 . 2005-10-03 15:42 -------- d-----w- c:\program files\iPod2010-09-07 21:31 . 2008-08-09 15:17 -------- d-----w- c:\program files\Microsoft Silverlight2010-08-21 14:53 . 2010-08-21 14:53 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.33.17.8\SetupAdmin.exe2010-08-21 14:52 . 2010-08-21 14:51 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}2010-08-21 14:37 . 2010-08-21 14:37 -------- d-----w- c:\program files\Bonjour2010-08-21 14:31 . 2010-08-21 14:31 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe2010-08-17 13:17 . 2004-08-19 20:49 58880 ----a-w- c:\windows\system32\spoolsv.exe2010-07-22 15:49 . 2004-08-19 20:49 590848 ----a-w- c:\windows\system32\rpcrt4.dll2010-07-22 05:57 . 2009-04-15 10:03 5120 ----a-w- c:\windows\system32\xpsp4res.dll2010-07-17 09:00 . 2010-08-02 09:08 423656 ----a-w- c:\windows\system32\deployJava1.dll2007-08-18 13:18 . 2007-08-18 13:18 2293712 ----a-w- c:\program files\FLV PlayerFCSetup.exe2007-08-18 13:15 . 2007-08-18 13:15 3655608 ----a-w- c:\program files\FLV PlayerRCATSetup.exe2007-08-18 13:14 . 2007-08-18 13:14 411248 ----a-w- c:\program files\FLV PlayerRCSetup.exe2003-12-03 19:31 . 2003-12-03 19:31 1005 ----a-w- c:\program files\SMDesk.ini2002-09-27 14:40 . 2002-09-27 14:40 69632 ----a-w- c:\program files\Start.exe2007-03-09 07:12 . 2007-03-09 07:12 27648 --sha-w- c:\windows\system32\AVSredirect.dll.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c5d332f5-f6c8-4845-bd6c-937838ba907f}]2010-09-05 17:18 2735200 ----a-w- c:\program files\Freecorder_3\tbFre1.dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]"{c5d332f5-f6c8-4845-bd6c-937838ba907f}"= "c:\program files\Freecorder_3\tbFre1.dll" [2010-09-05 2735200][HKEY_CLASSES_ROOT\clsid\{c5d332f5-f6c8-4845-bd6c-937838ba907f}][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-04-25 139264]"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-15 344064]"CTSysVol"="c:\program files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]"P17Helper"="P17.dll" [2005-05-03 64512]"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344]"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2006-03-22 1191936]"Dell Photo AIO Printer 942"="c:\program files\Dell Photo AIO Printer 942\dlbubmgr.exe" [2004-08-31 294912]"DellMCM"="c:\program files\Dell Photo AIO Printer 942\memcard.exe" [2004-07-27 262144]"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-08 47904]"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-05-30 202256]"DLBUCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLBUtime.dll" [2007-02-12 73728]"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2010-03-17 1565696]"IObit Security 360"="c:\program files\IObit\IObit Security 360\IS360tray.exe" [2010-06-11 1280344]c:\documents and settings\All Users\Start Menu\Programs\Startup\Monitor.lnk - c:\program files\SanDisk\SanDisk TransferMate\SD Monitor.exe [2007-9-1 114688]VPN Client.lnk - c:\windows\Installer\{14FCFE7C-AB86-428A-9D2E-BFB6F5A7AA6E}\Icon3E5562ED7.ico [2008-1-25 6144][HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]BootExecute REG_MULTI_SZ \0[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]@=""[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkbMonitor.exe.lnk]backup=c:\windows\pss\NkbMonitor.exe.lnkCommon Startup[HKLM\~\startupfolder\C:^Documents and Settings^Cin^Start Menu^Programs^Startup^Memeo AutoBackup Launcher.lnk]backup=c:\windows\pss\Memeo AutoBackup Launcher.lnkStartup[HKLM\~\startupfolder\C:^Documents and Settings^Cin^Start Menu^Programs^Startup^Memeo AutoSync Launcher.lnk]backup=c:\windows\pss\Memeo AutoSync Launcher.lnkStartupHKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dvd43]2006-05-22 18:26 694272 ----a-w- c:\program files\dvd43\DVD43_Tray.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]2005-02-23 21:19 53248 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]2004-08-09 09:03 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]2004-08-09 09:03 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]2008-01-01 14:03 36864 ----a-w- c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McPvTray]2008-05-28 14:33 655360 ----a-w- c:\program files\McAfee\Anti-Theft\McPvTray.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]2008-04-14 00:12 1695232 --sh--w- c:\program files\Messenger\msmsgs.exe[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="c:\\Program Files\\America Online 9.0\\waol.exe"="c:\\Old Data\\Program Files\\Macromedia\\Flash MX\\Flash.exe"="c:\\Old Data\\Program Files\\Macromedia\\Dreamweaver MX\\Dreamweaver.exe"="c:\\Old Data\\Program Files\\WS_FTP\\WS_FTP95.exe"="c:\\Program Files\\Messenger\\msmsgs.exe"="c:\\WINDOWS\\system32\\fxsclnt.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\Old Data\\Program Files\\Macromedia\\Fireworks MX\\Fireworks.exe"="c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"="c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"="c:\\WINDOWS\\system32\\dlbucoms.exe"="c:\\Program Files\\Parallels\\Parallels Transporter\\Parallels Transporter\\ParallelsTransporter.exe"="c:\\Program Files\\Parallels\\Parallels Transporter\\Parallels Transporter Agent\\ParallelsTransporterAgent.exe"="c:\\Program Files\\Java\\jre6\\bin\\java.exe"="c:\\Program Files\\Replay AV 8\\Replay Player\\Replay Player.exe"="c:\\Program Files\\Real\\RealPlayer\\realplay.exe"="c:\\Program Files\\Bonjour\\mDNSResponder.exe"="c:\\Program Files\\iTunes\\iTunes.exe"="c:\\Program Files\\iolo\\System Mechanic Professional\\SysMech.exe"=[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009"62515:UDP"= 62515:UDP:Cisco VPN SeriviceR0 McPvDrv;McPvDrv;c:\windows\system32\drivers\McPvDrv.sys [5/28/2008 10:32 AM 61688]S2 AMP;AMP;c:\windows\system32\drivers\amp.sys [1/19/2010 6:53 PM 127016]S2 AMPSE;AMPSE;c:\windows\system32\drivers\ampse.sys [1/19/2010 6:53 PM 1118248]S2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [9/18/2010 6:16 PM 711352]S2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [9/18/2010 6:16 PM 711352]S2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\is360srv.exe [9/28/2010 8:01 PM 312152]S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [11/28/2009 11:28 AM 93320]S2 vseamps;vseamps;c:\program files\Common Files\Authentium\AntiVirus5\vseamps.exe [1/19/2010 6:46 PM 121384]S2 vsedsps;vsedsps;c:\program files\Common Files\Authentium\AntiVirus5\vsedsps.exe [1/19/2010 6:46 PM 117288]S3 GPWADrv;Service for L6 GuitarPort Driver (WDM);c:\windows\system32\drivers\GPWADrv.sys [12/9/2005 8:06 PM 393216]S3 L6DP;L6DP;c:\windows\system32\drivers\l6dp.sys [7/15/2002 11:39 PM 26496]S3 vseqrts;vseqrts;c:\program files\Common Files\Authentium\AntiVirus5\vseqrts.exe [1/19/2010 6:46 PM 158248][HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]2010-05-04 17:20 124928 ----a-w- c:\windows\system32\advpack.dll.Contents of the 'Scheduled Tasks' folder2010-09-29 c:\windows\Tasks\AppleSoftwareUpdate.job- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]2010-10-01 c:\windows\Tasks\User_Feed_Synchronization-{9126A126-9FBD-4754-B7F4-B9FC53C8E989}.job- c:\windows\system32\msfeedssync.exe [2006-10-17 23:36]..------- Supplementary Scan -------.uStart Page = hxxp://www.dell4me.com/mywayuSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000LSP: c:\windows\system32\iavlsp.dllHandler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dllFF - ProfilePath - FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\..------- File Associations -------.JSEFile=NOTEPAD.EXE %1.- - - - ORPHANS REMOVED - - - -Toolbar-Locked - (no file)ActiveSetup-{FDC32A47-A70D-4F9E-97DD-7E08EA9C6BF8} - c:\documents and settings\Cin\Application Data\Bitrix Security\fadosvlk.dllAddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb**************************************************************************catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2010-10-01 10:58Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run DLBUCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLBUtime.dll,_RunDLLEntry@16??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? scanning hidden files ... scan completed successfullyhidden files: 0**************************************************************************.--------------------- LOCKED REGISTRY KEYS ---------------------[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]"Enabled"=dword:00000001[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]@Denied: (A 2) (Everyone)@="IFlashBroker4"[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}"[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0"[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\.--------------------- DLLs Loaded Under Running Processes ---------------------- - - - - - - > 'winlogon.exe'(1028)c:\windows\system32\WININET.dllc:\windows\system32\l3codeca.acmc:\windows\system32\scg726.acmc:\windows\system32\alf2cd.acmc:\windows\system32\AC3ACM.acm- - - - - - - > 'lsass.exe'(1088)c:\windows\system32\WININET.dll- - - - - - - > 'explorer.exe'(1444)c:\windows\system32\WININET.dllc:\windows\system32\iavlsp.dllc:\windows\system32\ieframe.dll.Completion time: 2010-10-01 11:01:00 - machine was rebootedComboFix-quarantined-files.txt 2010-10-01 15:00Pre-Run: 121,264,717,824 bytes freePost-Run: 121,148,014,592 bytes freeWindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe[boot loader]timeout=2default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS[operating systems]c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdconsUnsupportedDebug="do not select this" /debugmulti(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect- - End Of File - - 190ADA934C68BC9D018B44EFEFA76D8D####################################################################################2010/10/01 11:07:14.0843 TDSS rootkit removing tool 2.4.3.0 Sep 27 2010 15:28:542010/10/01 11:07:14.0843 ================================================================================2010/10/01 11:07:14.0843 SystemInfo:2010/10/01 11:07:14.0843 2010/10/01 11:07:14.0843 OS Version: 5.1.2600 ServicePack: 3.02010/10/01 11:07:14.0843 Product type: Workstation2010/10/01 11:07:14.0843 ComputerName: CINCHEETAH2010/10/01 11:07:14.0843 UserName: Administrator2010/10/01 11:07:14.0843 Windows directory: C:\WINDOWS2010/10/01 11:07:14.0843 System windows directory: C:\WINDOWS2010/10/01 11:07:14.0843 Processor architecture: Intel x862010/10/01 11:07:14.0843 Number of processors: 22010/10/01 11:07:14.0843 Page size: 0x10002010/10/01 11:07:14.0843 Boot type: Safe boot with network2010/10/01 11:07:14.0843 ================================================================================2010/10/01 11:07:15.0125 Initialize success2010/10/01 11:07:21.0500 ================================================================================2010/10/01 11:07:21.0500 Scan started2010/10/01 11:07:21.0500 Mode: Manual;2010/10/01 11:07:21.0500 ================================================================================2010/10/01 11:07:24.0468 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS2010/10/01 11:07:24.0625 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys2010/10/01 11:07:24.0687 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys2010/10/01 11:07:24.0718 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys2010/10/01 11:07:24.0796 ADSEXPB (d08916e4579f64af0844ca2c283573a6) C:\WINDOWS\system32\Drivers\adsexpb.sys2010/10/01 11:07:24.0875 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys2010/10/01 11:07:24.0968 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys2010/10/01 11:07:25.0062 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys2010/10/01 11:07:25.0093 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys2010/10/01 11:07:25.0125 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys2010/10/01 11:07:25.0171 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys2010/10/01 11:07:25.0218 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys2010/10/01 11:07:25.0312 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys2010/10/01 11:07:25.0375 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys2010/10/01 11:07:25.0421 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys2010/10/01 11:07:25.0546 AMP (182806937f4af5cc0f3c65b4d68b051e) C:\WINDOWS\system32\DRIVERS\amp.sys2010/10/01 11:07:25.0640 AMPSE (b95101fbceb2ae4873e3bc38460f5568) C:\WINDOWS\system32\DRIVERS\ampse.sys2010/10/01 11:07:25.0718 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys2010/10/01 11:07:25.0812 APLMp50 (1bf91f352d746ad7469fa71783b5fae8) C:\WINDOWS\system32\Drivers\APLMp50.sys2010/10/01 11:07:25.0875 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys2010/10/01 11:07:25.0921 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys2010/10/01 11:07:25.0968 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys2010/10/01 11:07:26.0093 Aspi32 (b979979ab8027f7f53fb16ec4229b7db) C:\WINDOWS\system32\drivers\Aspi32.sys2010/10/01 11:07:26.0234 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys2010/10/01 11:07:26.0421 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys2010/10/01 11:07:26.0625 ati2mtag (b8142104502f794689c1c0bcbfb53b98) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys2010/10/01 11:07:26.0859 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys2010/10/01 11:07:26.0984 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys2010/10/01 11:07:27.0062 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys2010/10/01 11:07:27.0296 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys2010/10/01 11:07:27.0328 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys2010/10/01 11:07:27.0390 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys2010/10/01 11:07:27.0437 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys2010/10/01 11:07:27.0531 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys2010/10/01 11:07:27.0625 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys2010/10/01 11:07:27.0765 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys2010/10/01 11:07:27.0859 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys2010/10/01 11:07:27.0953 ctsfm2k (8db84de3aab34a8b4c2f644eff41cd76) C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys2010/10/01 11:07:28.0031 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\WINDOWS\system32\DRIVERS\CVirtA.sys2010/10/01 11:07:28.0125 CVPNDRVA (26deef07394624247d1f549bd94f0b15) C:\WINDOWS\system32\Drivers\CVPNDRVA.sys2010/10/01 11:07:28.0234 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys2010/10/01 11:07:28.0375 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys2010/10/01 11:07:28.0484 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys2010/10/01 11:07:28.0593 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys2010/10/01 11:07:28.0703 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys2010/10/01 11:07:28.0734 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys2010/10/01 11:07:28.0781 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys2010/10/01 11:07:28.0859 DNE (7b4fdfbe97c047175e613aa96f3de987) C:\WINDOWS\system32\DRIVERS\dne2000.sys2010/10/01 11:07:28.0906 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys2010/10/01 11:07:28.0968 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys2010/10/01 11:07:29.0031 drvmcdb (96bc8f872f0270c10edc3931f1c03776) C:\WINDOWS\system32\drivers\drvmcdb.sys2010/10/01 11:07:29.0109 drvnddm (5afbec7a6ac61b211633dfdb1d9e0c89) C:\WINDOWS\system32\drivers\drvnddm.sys2010/10/01 11:07:29.0234 dvd43llh (1fc1eed3ea0c3a0ecf8a95b97e1b4831) C:\WINDOWS\system32\DRIVERS\dvd43llh.sys2010/10/01 11:07:29.0265 E100B (95974e66d3de4951d29e28e8bc0b644c) C:\WINDOWS\system32\DRIVERS\e100b325.sys2010/10/01 11:07:29.0328 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys2010/10/01 11:07:29.0359 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys2010/10/01 11:07:29.0421 FileDisk (0694585d54bf46379ce41aee2b6864aa) C:\WINDOWS\system32\drivers\FileDisk.sys2010/10/01 11:07:29.0453 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys2010/10/01 11:07:29.0515 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys2010/10/01 11:07:29.0609 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys2010/10/01 11:07:29.0671 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys2010/10/01 11:07:29.0750 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys2010/10/01 11:07:29.0875 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys2010/10/01 11:07:29.0984 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys2010/10/01 11:07:30.0093 GPWADrv (7c7da88e6d3b3fac62bbffc4d938d0c7) C:\WINDOWS\system32\Drivers\GPWADrv.sys2010/10/01 11:07:30.0171 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys2010/10/01 11:07:30.0218 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys2010/10/01 11:07:30.0281 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys2010/10/01 11:07:30.0343 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys2010/10/01 11:07:30.0453 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys2010/10/01 11:07:30.0515 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys2010/10/01 11:07:30.0562 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys2010/10/01 11:07:30.0640 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys2010/10/01 11:07:30.0750 iastor (d593517879e65167df35f6015814ac59) C:\WINDOWS\system32\drivers\iastor.sys2010/10/01 11:07:30.0984 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys2010/10/01 11:07:31.0062 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys2010/10/01 11:07:31.0125 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys2010/10/01 11:07:31.0171 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys2010/10/01 11:07:31.0218 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys2010/10/01 11:07:31.0265 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys2010/10/01 11:07:31.0296 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys2010/10/01 11:07:31.0343 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys2010/10/01 11:07:31.0390 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys2010/10/01 11:07:31.0453 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys2010/10/01 11:07:31.0546 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys2010/10/01 11:07:31.0562 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys2010/10/01 11:07:31.0609 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys2010/10/01 11:07:31.0656 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys2010/10/01 11:07:31.0765 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys2010/10/01 11:07:31.0828 L6DP (4b0dc386061dc7276eafb24cff641ded) C:\WINDOWS\system32\Drivers\l6dp.sys2010/10/01 11:07:31.0937 McPvDrv (436966e5f96ea810a8a80a5fb41b63ad) C:\WINDOWS\system32\drivers\McPvDrv.sys2010/10/01 11:07:32.0000 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys2010/10/01 11:07:32.0062 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys2010/10/01 11:07:32.0078 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys2010/10/01 11:07:32.0140 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys2010/10/01 11:07:32.0171 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys2010/10/01 11:07:32.0234 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys2010/10/01 11:07:32.0296 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys2010/10/01 11:07:32.0484 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys2010/10/01 11:07:32.0562 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys2010/10/01 11:07:32.0703 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS2010/10/01 11:07:32.0828 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS2010/10/01 11:07:32.0906 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys2010/10/01 11:07:33.0031 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys2010/10/01 11:07:33.0125 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys2010/10/01 11:07:33.0218 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys2010/10/01 11:07:33.0265 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys2010/10/01 11:07:33.0312 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys2010/10/01 11:07:33.0390 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys2010/10/01 11:07:33.0468 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys2010/10/01 11:07:33.0546 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys2010/10/01 11:07:33.0718 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys2010/10/01 11:07:33.0765 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys2010/10/01 11:07:33.0812 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys2010/10/01 11:07:33.0875 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys2010/10/01 11:07:33.0968 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys2010/10/01 11:07:34.0062 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys2010/10/01 11:07:34.0218 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys2010/10/01 11:07:34.0265 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys2010/10/01 11:07:34.0328 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys2010/10/01 11:07:34.0375 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys2010/10/01 11:07:34.0625 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys2010/10/01 11:07:34.0828 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys2010/10/01 11:07:34.0875 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys2010/10/01 11:07:35.0015 omci (53d5f1278d9edb21689bbbcecc09108d) C:\WINDOWS\system32\DRIVERS\omci.sys2010/10/01 11:07:35.0265 ossrv (103a9b117a7d9903111955cdafe65ac6) C:\WINDOWS\system32\DRIVERS\ctoss2k.sys2010/10/01 11:07:35.0343 P17 (df886ffed69aead0cf608b89b18c3f6f) C:\WINDOWS\system32\drivers\P17.sys2010/10/01 11:07:35.0609 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys2010/10/01 11:07:35.0859 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys2010/10/01 11:07:35.0921 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys2010/10/01 11:07:36.0000 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys2010/10/01 11:07:36.0125 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys2010/10/01 11:07:36.0203 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys2010/10/01 11:07:36.0281 Pcouffin (5b68c60b01dac03d895ec1ca0a0365da) C:\WINDOWS\system32\Drivers\Pcouffin.sys2010/10/01 11:07:36.0500 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys2010/10/01 11:07:36.0546 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys2010/10/01 11:07:36.0656 PfModNT (d9ed17ac15720096a9f92ff4ea587b09) C:\WINDOWS\system32\drivers\PfModNT.sys2010/10/01 11:07:36.0750 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys2010/10/01 11:07:36.0796 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys2010/10/01 11:07:36.0843 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys2010/10/01 11:07:36.0906 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys2010/10/01 11:07:36.0953 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys2010/10/01 11:07:36.0984 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys2010/10/01 11:07:37.0031 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys2010/10/01 11:07:37.0078 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys2010/10/01 11:07:37.0109 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys2010/10/01 11:07:37.0156 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys2010/10/01 11:07:37.0250 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys2010/10/01 11:07:37.0312 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys2010/10/01 11:07:37.0343 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys2010/10/01 11:07:37.0437 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys2010/10/01 11:07:37.0593 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys2010/10/01 11:07:37.0703 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys2010/10/01 11:07:37.0750 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys2010/10/01 11:07:37.0859 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys2010/10/01 11:07:38.0046 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys2010/10/01 11:07:38.0156 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys2010/10/01 11:07:38.0203 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys2010/10/01 11:07:38.0312 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys2010/10/01 11:07:38.0468 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys2010/10/01 11:07:38.0515 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys2010/10/01 11:07:38.0578 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys2010/10/01 11:07:38.0687 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys2010/10/01 11:07:38.0765 Srv (da852e3e0bf1cea75d756f9866241e57) C:\WINDOWS\system32\DRIVERS\srv.sys2010/10/01 11:07:38.0843 sscdbhk5 (98625722ad52b40305e74aaa83c93086) C:\WINDOWS\system32\drivers\sscdbhk5.sys2010/10/01 11:07:38.0906 ssrtln (d79412e3942c8a257253487536d5a994) C:\WINDOWS\system32\drivers\ssrtln.sys2010/10/01 11:07:38.0953 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys2010/10/01 11:07:39.0015 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys2010/10/01 11:07:39.0109 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys2010/10/01 11:07:39.0140 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys2010/10/01 11:07:39.0296 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys2010/10/01 11:07:39.0375 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys2010/10/01 11:07:39.0437 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys2010/10/01 11:07:39.0593 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys2010/10/01 11:07:39.0656 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys2010/10/01 11:07:39.0703 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys2010/10/01 11:07:39.0781 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys2010/10/01 11:07:39.0875 tfsnboio (d0177776e11b0b3f272eebd262a69661) C:\WINDOWS\system32\dla\tfsnboio.sys2010/10/01 11:07:39.0953 tfsncofs (599804bc938b8305a5422319774da871) C:\WINDOWS\system32\dla\tfsncofs.sys2010/10/01 11:07:39.0984 tfsndrct (a1902c00adc11c4d83f8e3ed947a6a32) C:\WINDOWS\system32\dla\tfsndrct.sys2010/10/01 11:07:40.0046 tfsndres (d8ddb3f2b1bef15cff6728d89c042c61) C:\WINDOWS\system32\dla\tfsndres.sys2010/10/01 11:07:40.0078 tfsnifs (c4f2dea75300971cdaee311007de138d) C:\WINDOWS\system32\dla\tfsnifs.sys2010/10/01 11:07:40.0125 tfsnopio (272925be0ea919f08286d2ee6f102b0f) C:\WINDOWS\system32\dla\tfsnopio.sys2010/10/01 11:07:40.0156 tfsnpool (7b7d955e5cebc2fb88b03ef875d52a2f) C:\WINDOWS\system32\dla\tfsnpool.sys2010/10/01 11:07:40.0203 tfsnudf (e3d01263109d800c1967c12c10a0b018) C:\WINDOWS\system32\dla\tfsnudf.sys2010/10/01 11:07:40.0250 tfsnudfa (b9e9c377906e3a65bc74598fff7f7458) C:\WINDOWS\system32\dla\tfsnudfa.sys2010/10/01 11:07:40.0343 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys2010/10/01 11:07:40.0421 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys2010/10/01 11:07:40.0468 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys2010/10/01 11:07:40.0546 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys2010/10/01 11:07:40.0687 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys2010/10/01 11:07:40.0765 usbbus (5353218b3265e3b8190335059f697a11) C:\WINDOWS\system32\DRIVERS\lgusbbus.sys2010/10/01 11:07:40.0828 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys2010/10/01 11:07:40.0906 UsbDiag (7dd3eefc62a1ef44e5f940fa651ed9ed) C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys2010/10/01 11:07:41.0046 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys2010/10/01 11:07:41.0125 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys2010/10/01 11:07:41.0171 USBModem (083031a78822eccbd7510bccd3e20d4c) C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys2010/10/01 11:07:41.0234 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys2010/10/01 11:07:41.0281 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys2010/10/01 11:07:41.0312 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS2010/10/01 11:07:41.0375 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys2010/10/01 11:07:41.0437 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys2010/10/01 11:07:41.0500 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys2010/10/01 11:07:41.0546 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys2010/10/01 11:07:41.0640 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys2010/10/01 11:07:41.0734 vsdatant (27b3dd12a19eec50220df15b64913dda) C:\WINDOWS\system32\vsdatant.sys2010/10/01 11:07:41.0906 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys2010/10/01 11:07:41.0984 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys2010/10/01 11:07:42.0078 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys2010/10/01 11:07:42.0203 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys2010/10/01 11:07:42.0296 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys2010/10/01 11:07:42.0531 winusb (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.SYS2010/10/01 11:07:42.0687 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys2010/10/01 11:07:42.0765 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys2010/10/01 11:07:42.0859 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys2010/10/01 11:07:43.0031 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys2010/10/01 11:07:43.0171 \HardDisk0\MBR - detected Rootkit.Win32.TDSS.tdl4 (0)2010/10/01 11:07:43.0187 ================================================================================2010/10/01 11:07:43.0187 Scan finished2010/10/01 11:07:43.0187 ================================================================================2010/10/01 11:07:43.0234 Detected object count: 12010/10/01 11:07:55.0343 \HardDisk0\MBR - will be cured after reboot2010/10/01 11:07:55.0343 Rootkit.Win32.TDSS.tdl4(\HardDisk0\MBR) - User select action: Cure2010/10/01 11:07:59.0734 Deinitialize success###################################################################################GMER 1.0.15.15281 - http://www.gmer.netRootkit scan 2010-10-01 11:39:59Windows 5.1.2600 Service Pack 3Running: gmer.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\fwloqkob.sys---- Registry - GMER 1.0.15 ----Reg HKLM\SOFTWARE\Classes\CLSID\{0588C38B-B085-80CE-5708-161854F73ED1}\InprocServer32@ C:\Program Files\Windows Media Components\Encoder\wmex.dllReg HKLM\SOFTWARE\Classes\CLSID\{0588C38B-B085-80CE-5708-161854F73ED1}\InprocServer32@ThreadingModel ApartmentReg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\InprocServer32@ C:\WINDOWS\system32\sysmon.ocxReg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\InprocServer32@ThreadingModel ApartmentReg HKLM\SOFTWARE\Classes\CLSID\{77F8D6E9-F0A7-8D50-B905-CAC75B2E221B}\Implemented Categories\{0DE86A54-2BAA-11CF-A229-00AA003D7352} Reg HKLM\SOFTWARE\Classes\CLSID\{77F8D6E9-F0A7-8D50-B905-CAC75B2E221B}\Implemented Categories\{0DE86A57-2BAA-11CF-A229-00AA003D7352} Reg HKLM\SOFTWARE\Classes\CLSID\{77F8D6E9-F0A7-8D50-B905-CAC75B2E221B}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4} Reg HKLM\SOFTWARE\Classes\CLSID\{77F8D6E9-F0A7-8D50-B905-CAC75B2E221B}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4} Reg HKLM\SOFTWARE\Classes\CLSID\{77F8D6E9-F0A7-8D50-B905-CAC75B2E221B}\InprocServer32@ C:\WINDOWS\system32\msvidctl.dllReg HKLM\SOFTWARE\Classes\CLSID\{77F8D6E9-F0A7-8D50-B905-CAC75B2E221B}\InprocServer32@ThreadingModel BothReg HKLM\SOFTWARE\Classes\CLSID\{77F8D6E9-F0A7-8D50-B905-CAC75B2E221B}\ProgID@ BDATuner.ChannelTuneRequest.1Reg HKLM\SOFTWARE\Classes\CLSID\{77F8D6E9-F0A7-8D50-B905-CAC75B2E221B}\TypeLib@ {9B085638-018E-11D3-9D8E-00C04F72D980}Reg HKLM\SOFTWARE\Classes\CLSID\{77F8D6E9-F0A7-8D50-B905-CAC75B2E221B}\VersionIndependentProgID@ BDATuner.ChannelTuneRequest---- EOF - GMER 1.0.15 ---- Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.