Remove cdrom.sys Trojan.Patched

View previous topic View next topic Go down

Remove cdrom.sys Trojan.Patched

Post by blainegray on Mon Jul 12, 2010 1:31 am

Greetings.
I found a trojan I cannot get rid of. I noticed it when I found the windows sounds were not working and finally ran sfc /scannow. When sfc got to the cdrom.sys, the notice about Trojan.Patch appeared. mbam blocked the execution of the trojan and I checked quanantine on the mbam dialog box. The AVG runs every night, the Spysweeper runs every afternoon, the mbam runs in the morning, and the superantispysweeper runs in the afternoon. None of them indicated a problem or when run specifically found the trojan. I ran the AVG rootkit check and it returned with all clear.

I downloaded the latest update to java. The update to Adobe Reader was already done. I downloaded and ran JavaRa and then ran OTL.

I welcome your help.
Blaine
I tried to cut and paste the log files but got a post too long error message.
I tried to upload the two files and got a not the right type of file error message.
What now?
Blaine

blainegray
Novice
Novice

Status :
Online
Offline

Posts : 7
Joined : 2010-07-11
Gender : Male
OS : Windows XP SP3

View user profile

Back to top Go down

Re: Remove cdrom.sys Trojan.Patched

Post by Sneakyone on Mon Jul 12, 2010 1:47 am

Hi, Welcome to GeekPolice.net! Smile

Please split them into multiple posts. Right On!


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Status :
Online
Offline

Posts : 2707
Joined : 2010-01-10
Gender : Male
OS : Windows 7 Ultimate 64-bit

View user profile

Back to top Go down

cdrom.sys trojan -2

Post by blainegray on Mon Jul 12, 2010 2:27 am

OTL logfile created on: 7/11/2010 8:47:48 PM - Run 1
OTL by OldTimer - Version 3.2.9.0 Folder = C:\My Download Files\GeekPolice
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 58.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 61.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 3837 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.20 Gb Total Space | 111.55 Gb Free Space | 76.83% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PC4700
Current User Name: blainegray
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/07/11 20:43:47 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\My Download Files\GeekPolice\OTL.exe
PRC - [2010/07/11 10:41:20 | 000,604,488 | ---- | M] (TuneUp Software) -- C:\WINDOWS\SYSTEM32\TUProgSt.exe
PRC - [2010/07/03 14:35:29 | 002,403,568 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2010/06/22 08:49:50 | 002,065,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/06/22 08:49:46 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/06/22 08:49:45 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/06/22 08:49:43 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/06/22 08:49:37 | 005,897,808 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010/06/22 08:49:37 | 000,596,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2010/06/22 08:49:34 | 002,331,032 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgfws9.exe
PRC - [2010/06/22 08:49:32 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/06/22 08:49:30 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/06/22 08:49:29 | 000,842,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgam.exe
PRC - [2010/06/16 17:20:50 | 000,624,056 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
PRC - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2010/04/29 15:39:32 | 000,437,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2010/01/20 21:12:24 | 000,028,672 | ---- | M] (Sage Software, Inc.) -- C:\Program Files\ACT\Act for Windows\Act.Outlook.Service.exe
PRC - [2010/01/02 11:45:06 | 001,201,640 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
PRC - [2009/11/06 16:19:58 | 006,515,784 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe
PRC - [2009/11/06 13:00:22 | 004,048,240 | ---- | M] (Webroot Software, Inc. ([You must be registered and logged in to see this link.] -- C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
PRC - [2009/11/06 13:00:22 | 000,165,232 | ---- | M] (Webroot Software, Inc. ([You must be registered and logged in to see this link.] -- C:\Program Files\Webroot\WebrootSecurity\SSU.exe
PRC - [2009/10/15 12:06:52 | 000,053,064 | ---- | M] (TechSmith Corporation) -- C:\Program Files\TechSmith\SnagIt 9\TscHelp.exe
PRC - [2009/10/15 12:06:50 | 000,066,888 | ---- | M] (TechSmith Corporation) -- C:\Program Files\TechSmith\SnagIt 9\SnagPriv.exe
PRC - [2009/10/15 12:06:46 | 007,168,328 | ---- | M] (TechSmith Corporation) -- C:\Program Files\TechSmith\SnagIt 9\SnagitEditor.exe
PRC - [2009/10/15 12:06:46 | 006,287,176 | ---- | M] (TechSmith Corporation) -- C:\Program Files\TechSmith\SnagIt 9\Snagit32.exe
PRC - [2009/07/15 12:00:32 | 000,098,304 | ---- | M] (StorageCraft Technology Corporation) -- C:\Program Files\StorageCraft\ImageManager\ImageManager.exe
PRC - [2009/05/27 03:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.3\MSSQL\Binn\sqlservr.exe
PRC - [2009/05/27 03:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
PRC - [2009/05/26 13:18:20 | 000,090,112 | ---- | M] () -- C:\Program Files\DT Utilities\DT Utilities PC Backup Pro\DR\FsLoader.exe
PRC - [2009/05/26 13:18:02 | 000,176,128 | ---- | M] () -- C:\Program Files\DT Utilities\DT Utilities PC Backup Pro\DR\CBP\DCSchdler.exe
PRC - [2008/12/09 17:20:30 | 001,127,704 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
PRC - [2008/11/24 22:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2008/11/24 22:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/08/10 03:05:54 | 000,080,368 | ---- | M] () -- C:\Program Files\Roxio Creator 2009 Ultimate\5.0\CPMonitor.exe
PRC - [2008/08/01 11:59:26 | 000,125,424 | ---- | M] () -- C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe
PRC - [2008/04/13 20:12:36 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\snmp.exe
PRC - [2008/04/13 20:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\INETSRV\inetinfo.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/08 07:41:12 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2007/09/08 15:58:50 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2007/07/18 09:19:05 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2007/03/22 12:38:52 | 000,028,672 | ---- | M] (Xerox Corporation) -- c:\Program Files\XEROX\UAT 3.0\Server\Xerox.UAT.Scheduler.exe
PRC - [2007/03/22 12:38:36 | 000,040,960 | ---- | M] (Xerox Corporation) -- c:\Program Files\XEROX\UAT 3.0\Server\Xerox.UAT.RemotingService.exe
PRC - [2007/02/25 16:32:16 | 000,350,672 | ---- | M] (Assistance & Resources for Computing, Inc.) -- C:\Program Files\PurgeIE\PurgPro_Service.exe
PRC - [2007/02/10 05:29:54 | 029,178,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2005/11/18 14:12:10 | 000,049,152 | ---- | M] ( U.S. Robotics Corporation) -- C:\WINDOWS\SYSTEM32\3cshtdwn.exe
PRC - [2005/11/18 14:12:04 | 000,073,728 | ---- | M] (U.S. Robotics Corporation) -- C:\WINDOWS\SYSTEM32\3cmlink.exe
PRC - [2005/09/01 10:43:58 | 000,118,784 | ---- | M] (Kensington Technology Group) -- C:\WINDOWS\SYSTEM32\kmw_run.exe
PRC - [2005/09/01 10:43:36 | 000,188,416 | ---- | M] () -- C:\WINDOWS\SYSTEM32\kmw_show.exe


========== Modules (SafeList) ==========

MOD - [2010/07/11 20:43:47 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\My Download Files\GeekPolice\OTL.exe
MOD - [2008/04/13 20:12:30 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\ntvdm.exe
MOD - [2008/04/13 20:12:10 | 000,264,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\wow32.dll
MOD - [2008/04/13 20:12:01 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\msvcp60.dll
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\msscript.ocx
MOD - [2005/09/01 10:43:50 | 000,122,880 | ---- | M] (Kensington Technology Group) -- C:\WINDOWS\SYSTEM32\kmw_dll.dll
MOD - [2004/08/04 07:00:00 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\TSAPPCMP.DLL

========== Win32 Services (SafeList) ==========

SRV - [2010/07/11 10:41:20 | 000,604,488 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\SYSTEM32\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc)
SRV - [2010/07/11 10:41:16 | 000,361,288 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2010/06/22 08:49:43 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/06/22 08:49:37 | 005,897,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/06/22 08:49:34 | 002,331,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgfws9.exe -- (avgfws9)
SRV - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/01/20 21:23:24 | 000,081,920 | ---- | M] (Sage Software, Inc.) [Auto | Stopped] -- C:\Program Files\ACT\Act for Windows\Act.Scheduler.exe -- (ACT! Scheduler)
SRV - [2010/01/02 11:45:06 | 001,201,640 | ---- | M] (Webroot Software, Inc. ) [Auto | Running] -- C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe -- (WRConsumerService)
SRV - [2009/11/06 13:00:22 | 004,048,240 | ---- | M] (Webroot Software, Inc. ([You must be registered and logged in to see this link.] [Auto | Running] -- C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe -- (WebrootSpySweeperService)
SRV - [2009/07/15 12:00:32 | 000,098,304 | ---- | M] (StorageCraft Technology Corporation) [Auto | Running] -- C:\Program Files\StorageCraft\ImageManager\ImageManager.exe -- (StorageCraft Image Manager)
SRV - [2009/07/15 11:48:20 | 000,029,000 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\SYSTEM32\uxtuneup.dll -- (UxTuneUp)
SRV - [2009/06/23 15:28:48 | 000,257,088 | ---- | M] (DT Utilities, by Data Transfer LLC) [Auto | Stopped] -- C:\Program Files\DT Utilities\DT Utilities PC Backup Pro\mgService.exe -- (mgService)
SRV - [2009/05/27 03:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\MSSQL.3\MSSQL\Binn\sqlservr.exe -- (MSSQLSERVER) SQL Server (MSSQLSERVER)
SRV - [2009/05/27 03:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS)
SRV - [2009/05/26 13:18:20 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Program Files\DT Utilities\DT Utilities PC Backup Pro\DR\Fsloader.exe -- (Real time Backup Loader)
SRV - [2009/05/26 13:18:04 | 000,098,304 | ---- | M] () [Auto | Stopped] -- C:\Program Files\DT Utilities\DT Utilities PC Backup Pro\DR\CBP\DCSchdlerSRVC.exe -- (Backup Scheduler)
SRV - [2008/12/09 17:20:30 | 001,127,704 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV - [2008/11/24 22:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008/11/24 22:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2008/11/24 22:31:08 | 000,045,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/08/14 00:25:24 | 000,367,088 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Roxio Creator 2009 Ultimate\Digital Home 11\RoxioUpnpService11.exe -- (Roxio Upnp Server 11)
SRV - [2008/08/14 00:25:20 | 000,313,840 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Roxio Creator 2009 Ultimate\Digital Home 11\RoxioUPnPRenderer11.exe -- (Roxio UPnP Renderer 11)
SRV - [2008/08/14 00:24:06 | 000,309,744 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxLiveShare11.exe -- (RoxLiveShare11)
SRV - [2008/08/14 00:24:02 | 000,170,480 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatch11.exe -- (RoxWatch11)
SRV - [2008/08/14 00:23:42 | 001,124,848 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe -- (RoxMediaDB11)
SRV - [2008/08/01 11:59:26 | 000,125,424 | ---- | M] () [Auto | Running] -- C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe -- (9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269)
SRV - [2008/04/13 20:12:36 | 000,033,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\snmp.exe -- (SNMP)
SRV - [2008/04/13 20:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\INETSRV\inetinfo.exe -- (W3SVC)
SRV - [2008/04/13 20:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\INETSRV\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP)
SRV - [2008/04/13 20:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\INETSRV\inetinfo.exe -- (IISADMIN)
SRV - [2008/02/08 07:41:12 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007/09/08 15:58:50 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007/03/22 12:38:52 | 000,028,672 | ---- | M] (Xerox Corporation) [Auto | Running] -- c:\Program Files\XEROX\UAT 3.0\Server\Xerox.UAT.Scheduler.exe -- (Usage Analysis Tool Scheduler Service)
SRV - [2007/03/22 12:38:36 | 000,040,960 | ---- | M] (Xerox Corporation) [Auto | Running] -- c:\Program Files\XEROX\UAT 3.0\Server\Xerox.UAT.RemotingService.exe -- (Usage Analysis Tool Remoting Service)
SRV - [2007/02/25 16:32:16 | 000,350,672 | ---- | M] (Assistance & Resources for Computing, Inc.) [Auto | Running] -- C:\Program Files\PurgeIE\PurgPro_Service.exe -- (PurgProService)
SRV - [2007/02/10 05:29:54 | 029,178,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$ACT7) SQL Server (ACT7)
SRV - [2002/12/17 21:23:30 | 000,311,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlagent.EXE -- (SQLAgent$MICROSOFTBCM)
SRV - [2002/12/17 21:23:30 | 000,311,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlagent.EXE -- (SQLAgent$ACT7)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\DVDRC.sys -- (DVDRC)
DRV - [2010/06/22 08:49:48 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/06/22 08:49:39 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys -- (AVGIDSFilterxpx)
DRV - [2010/06/22 08:49:39 | 000,026,192 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys -- (AVGIDSShimxpx)
DRV - [2010/06/22 08:49:39 | 000,025,168 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\AVGIDSxx.sys -- (AVGIDSErHrxpx)
DRV - [2010/06/22 08:49:38 | 000,122,448 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys -- (AVGIDSDriverxpx)
DRV - [2010/06/22 08:49:32 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/06/01 10:00:17 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SABKUTIL)
DRV - [2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mbam.sys -- (MBAMProtector)
DRV - [2010/03/29 08:40:40 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\System32\Drivers\avgrkx86.sys -- (AvgRkx86)
DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/11/06 13:00:36 | 000,176,752 | ---- | M] (Webroot Software, Inc. ([You must be registered and logged in to see this link.] [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ssidrv.sys -- (ssidrv)
DRV - [2009/11/06 13:00:36 | 000,023,152 | ---- | M] (Webroot Software, Inc. ([You must be registered and logged in to see this link.] [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sshrmd.sys -- (sshrmd)
DRV - [2009/11/06 13:00:34 | 000,029,808 | ---- | M] (Webroot Software, Inc. ([You must be registered and logged in to see this link.] [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ssfs0bbc.sys -- (ssfs0bbc)
DRV - [2009/11/02 11:34:14 | 000,030,104 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgfwdx.sys -- (Avgfwfd)
DRV - [2009/11/02 11:34:14 | 000,030,104 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgfwdx.sys -- (Avgfwdx)
DRV - [2009/10/19 10:00:22 | 000,036,928 | ---- | M] (microOLAP Technologies LTD) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\pssdk41.sys -- (PsSdk41)
DRV - [2009/05/26 13:18:14 | 000,155,648 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\DCDisk.sys -- (DCDisk)
DRV - [2009/05/26 13:18:14 | 000,077,472 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\dcsnap.sys -- (dcsnap)
DRV - [2008/08/21 00:52:41 | 003,299,840 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtag.sys -- (ati2mtag)
DRV - [2008/08/11 10:53:22 | 000,057,328 | ---- | M] (Sonic Solutions) [File_System | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\RxFilter.sys -- (RxFilter)
DRV - [2008/08/01 01:00:00 | 000,025,584 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\SaibVd32.sys -- (SaibVd32)
DRV - [2008/08/01 01:00:00 | 000,020,464 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\SahdIa32.sys -- (SahdIa32)
DRV - [2008/08/01 01:00:00 | 000,015,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\SaibIa32.sys -- (SaibIa32)
DRV - [2008/05/01 15:25:52 | 000,072,000 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ftser2k.sys -- (FTSER2K)
DRV - [2008/05/01 15:25:52 | 000,057,536 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ftdibus.sys -- (FTDIBUS)
DRV - [2008/04/13 15:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 14:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 14:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 14:36:38 | 000,020,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\hidbatt.sys -- (HidBatt)
DRV - [2008/03/12 03:00:00 | 000,009,200 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2008/03/12 03:00:00 | 000,009,072 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2008/01/04 20:34:36 | 000,023,920 | ---- | M] (Webroot Software Inc ([You must be registered and logged in to see this link.] [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\sskbfd.sys -- (SSKBFD)
DRV - [2007/06/15 03:47:26 | 001,127,936 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\P17.sys -- (P17)
DRV - [2005/11/18 14:02:00 | 000,329,056 | ---- | M] (U.S. Robotics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\3c1807pd.sys -- (3c1807pd)
DRV - [2005/10/22 08:05:00 | 000,311,680 | ---- | M] (Sonic Solutions) [File_System | System | Stopped] -- C:\WINDOWS\System32\drivers\Cdudf_xp.sys -- (cdudf_xp)
DRV - [2005/10/22 08:05:00 | 000,119,168 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\Pwd_2k.sys -- (pwd_2k)
DRV - [2005/10/22 08:05:00 | 000,027,264 | ---- | M] (Sonic Solutions) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\dvd_2k.sys -- (dvd_2K)
DRV - [2005/10/22 08:05:00 | 000,027,136 | ---- | M] (Sonic Solutions) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\mmc_2k.sys -- (mmc_2K)
DRV - [2005/09/01 10:41:56 | 000,092,032 | ---- | M] (Kensington Technology Group) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\KMW_SYS.sys -- (KMW_SYS)
DRV - [2005/09/01 10:41:36 | 000,005,760 | ---- | M] (Kensington Technology Group) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\KMW_KBD.sys -- (KMW_KBD)
DRV - [2005/09/01 10:41:34 | 000,010,496 | ---- | M] (Kensington Technology Group) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\KMW_USB.sys -- (KMW_USB)
DRV - [2005/08/10 11:22:10 | 000,114,464 | ---- | M] (McAfee Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\naiavf5x.sys -- (NaiAvFilter1)
DRV - [2005/03/08 21:05:30 | 000,141,184 | ---- | M] (Windows (R) 2000 DDK provider) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\DVDVRRdr_xp.sys -- (DVDVRRdr_xp)
DRV - [2005/03/08 20:54:48 | 000,202,496 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\Udfreadr.sys -- (UDFReadr)
DRV - [2005/01/27 03:22:00 | 000,088,016 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\drvmcdb.sys -- (drvmcdb)
DRV - [2005/01/10 11:15:30 | 000,106,496 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctoss2k.sys -- (ossrv)
DRV - [2005/01/10 11:15:24 | 000,138,752 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctsfm2k.sys -- (ctsfm2k)
DRV - [2004/12/22 12:58:14 | 000,008,704 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\Pfmodnt.sys -- (PfModNT)
DRV - [2004/08/04 00:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\NV4_MINI.SYS -- (nv)
DRV - [2003/12/19 02:00:00 | 000,006,656 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cinemsup.sys -- (Cinemsup)
DRV - [2003/11/17 17:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 17:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 17:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_DP.sys -- (HSF_DP)
DRV - [2002/11/08 15:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2001/08/17 16:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 16:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 16:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 16:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 16:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 15:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 15:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 15:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 15:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 15:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 15:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 15:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 15:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 15:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 15:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 15:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 14:28:26 | 000,113,762 | ---- | M] (U.S. Robotics Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\USRpdA.sys -- (USRpdA)
DRV - [1999/09/24 02:13:04 | 000,003,904 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\BCM Diagnostics Pro\MAPMEM.SYS -- (MAPMEM)
DRV - [1999/09/24 02:13:04 | 000,003,744 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\BCM Diagnostics Pro\BCMNTIO.SYS -- (BCMNTIO)
DRV - [1999/09/16 03:31:04 | 000,006,304 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Program Files\BCM Diagnostics Pro\sysmon\HSMPORT.SYS -- (HSMPORT)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\PCHEALTH\HELPCTR\System\panels\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\PCHEALTH\HELPCTR\System\panels\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\..\URLSearchHook: *{4D25F926-B9FE-4682-BF72-8AB8210D6D75} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: *{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0


FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/12/07 15:48:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/11 20:29:01 | 000,000,000 | ---D | M]

[2009/12/07 15:48:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\blainegray\Application Data\Mozilla\Extensions
[2009/12/07 17:12:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\blainegray\Application Data\Mozilla\Firefox\Profiles\v0u7wkd8.default\extensions
[2009/12/07 15:48:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\blainegray\Application Data\Mozilla\Firefox\Profiles\v0u7wkd8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/12/07 17:12:39 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\blainegray\Application Data\Mozilla\Firefox\Profiles\v0u7wkd8.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/07/11 20:29:10 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/11 20:29:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2006/03/01 21:03:26 | 001,312,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll

O1 HOSTS File: ([2010/06/19 14:12:17 | 000,000,027 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 9\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagitIEAddin.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [3c1807pd] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Act! Preloader] C:\Program Files\ACT\Act for Windows\ActSage.exe (Sage Software, Inc.)
O4 - HKLM..\Run: [Act.Outlook.Service] C:\Program Files\ACT\Act for Windows\Act.Outlook.Service.exe (Sage Software, Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CPMonitor] C:\Program Files\Roxio Creator 2009 Ultimate\5.0\CPMonitor.exe ()
O4 - HKLM..\Run: [kmw_run.exe] C:\WINDOWS\System32\kmw_run.exe (Kensington Technology Group)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SpySweeper] C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe (Webroot Software, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Snagit 9.lnk = C:\Program Files\TechSmith\SnagIt 9\Snagit32.exe (TechSmith Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: rumormillnews.com ([www] http in Trusted sites)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} [You must be registered and logged in to see this link.] (QuickTime Object)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} [You must be registered and logged in to see this link.] (Office Genuine Advantage Validation Tool)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} [You must be registered and logged in to see this link.] (PCPitstop Utility)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} [You must be registered and logged in to see this link.] (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} [You must be registered and logged in to see this link.] (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} [You must be registered and logged in to see this link.] (MySpace Uploader Control)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} [You must be registered and logged in to see this link.] (MUCatalogWebControl Class)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} [You must be registered and logged in to see this link.] (BDSCANONLINE Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} [You must be registered and logged in to see this link.] (DivXBrowserPlugin Object)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [You must be registered and logged in to see this link.] (MUWebControl Class)
O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} [You must be registered and logged in to see this link.] (ParallelGraphics Cortona Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} [You must be registered and logged in to see this link.] (Crucial cpcScan)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} [You must be registered and logged in to see this link.] (Office Update Installation Engine)
O16 - DPF: {C9E2242D-DC05-4C54-9483-A5C90653F7BC} [You must be registered and logged in to see this link.] (ClientPlugin Object)
O16 - DPF: {CA6F0A67-18BB-4E39-BB8A-A1E04D6AACDF} [You must be registered and logged in to see this link.] (SABMachineInfo Class)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: {DE833CC3-52E7-4C9A-BDC4-8EC24B422A2B} [You must be registered and logged in to see this link.] (Superscape VisLite)
O16 - DPF: Microsoft XML Parser for Java Reg Error: Value error. (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\blainegray\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\blainegray\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O30 - LSA: Security Packages - (IO SHARED\11.0\DLLSHARED) - File not found
O30 - LSA: Security Packages - (y Pack) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 19:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{74671aab-cc53-11d9-a5e5-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{74671aab-cc53-11d9-a5e5-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{74671aab-cc53-11d9-a5e5-806d6172696f}\Shell\AutoRun\command - "" = D:\setup.exe -- File not found
O33 - MountPoints2\{e8076649-24e6-11df-b40e-0013200e9567}\Shell - "" = AutoRun
O33 - MountPoints2\{e8076649-24e6-11df-b40e-0013200e9567}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: UxTuneUp - C:\WINDOWS\SYSTEM32\uxtuneup.dll (TuneUp Software)
NetSvcs: WmdmPmSp - File not found

MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: WebrootSpySweeperService - C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe (Webroot Software, Inc. ([You must be registered and logged in to see this link.]
SafeBootMin: WRConsumerService - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe (Webroot Software, Inc. )
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PEVSystemStart - Service
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: procexp90.Sys - Driver
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: vsmon - Service
SafeBootNet: WebrootSpySweeperService - C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe (Webroot Software, Inc. ([You must be registered and logged in to see this link.]
SafeBootNet: WRConsumerService - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe (Webroot Software, Inc. )
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.
ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6EF9EC14-7A18-B3A7-EF3A-77D216696F0C} - DirectAnimation
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {DD43490B-5E12-B6B2-50E5-D45ABED8921F} - Viewpoint Media Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {ECD292A0-0347-4244-8C24-5DBCE990FB40} - Hotfix for Microsoft .NET Framework 3.0 (KB932471)
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: Microsoft Base Smart Card Crypto Provider Package -

blainegray
Novice
Novice

Status :
Online
Offline

Posts : 7
Joined : 2010-07-11
Gender : Male
OS : Windows XP SP3

View user profile

Back to top Go down

cdrom.sys trojan - 3

Post by blainegray on Mon Jul 12, 2010 2:32 am

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902053519425536)

========== Files/Folders - Created Within 30 Days ==========

[2010/07/11 20:29:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/07/11 20:29:01 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/07/11 20:29:01 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/07/11 20:29:01 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/07/11 20:29:01 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/07/11 13:09:42 | 000,116,224 | ---- | C] (Xerox) -- C:\WINDOWS\System32\dllcache\xrxwiadr.dll
[2010/07/11 13:08:12 | 000,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wstcodec.sys
[2010/07/11 13:08:07 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wshirda.dll
[2010/07/11 13:07:32 | 000,008,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiacpi.sys
[2010/07/11 13:06:28 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wceusbsh.sys
[2010/07/11 13:04:53 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vfwwdm32.dll
[2010/07/11 13:04:06 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbser.sys
[2010/07/11 13:04:04 | 000,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbscan.sys
[2010/07/11 13:04:02 | 000,017,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbohci.sys
[2010/07/11 13:01:56 | 000,082,944 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\tp4mon.exe
[2010/07/11 13:01:06 | 000,149,376 | ---- | C] (M-Systems) -- C:\WINDOWS\System32\dllcache\tffsport.sys
[2010/07/11 12:59:24 | 000,015,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\streamip.sys
[2010/07/11 12:57:50 | 000,007,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sonyait.sys
[2010/07/11 12:57:05 | 000,006,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smbclass.sys
[2010/07/11 12:57:03 | 000,016,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smbbatt.sys
[2010/07/11 12:56:31 | 000,011,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\slip.sys
[2010/07/11 12:49:42 | 000,011,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scsiscan.sys
[2010/07/11 12:49:08 | 000,043,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sbp2port.sys
[2010/07/11 12:47:48 | 000,029,696 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw450ext.dll
[2010/07/11 12:47:46 | 000,027,648 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw430ext.dll
[2010/07/11 12:47:07 | 000,079,104 | ---- | C] (Comtrol Corporation) -- C:\WINDOWS\System32\dllcache\rocket.sys
[2010/07/11 12:45:57 | 000,006,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qic157.sys
[2010/07/11 12:45:37 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ptpusd.dll
[2010/07/11 12:45:10 | 000,017,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ppa3.sys
[2010/07/11 12:45:04 | 000,008,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\powerfil.sys
[2010/07/11 12:44:09 | 000,259,328 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINDOWS\System32\dllcache\perm3dd.dll
[2010/07/11 12:44:08 | 000,028,032 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINDOWS\System32\dllcache\perm3.sys
[2010/07/11 12:44:07 | 000,211,584 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINDOWS\System32\dllcache\perm2dll.dll
[2010/07/11 12:44:06 | 000,027,904 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINDOWS\System32\dllcache\perm2.sys
[2010/07/11 12:42:01 | 000,061,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ohci1394.sys
[2010/07/11 12:41:13 | 000,028,672 | ---- | C] (National Semiconductor Corporation) -- C:\WINDOWS\System32\dllcache\nscirda.sys
[2010/07/11 12:40:21 | 000,010,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndisip.sys
[2010/07/11 12:40:16 | 000,085,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nabtsfec.sys
[2010/07/11 12:38:55 | 000,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstee.sys
[2010/07/11 12:38:53 | 000,049,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstape.sys
[2010/07/11 12:38:24 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msircomm.sys
[2010/07/11 12:37:56 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdv.sys
[2010/07/11 12:37:31 | 000,015,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mpe.sys
[2010/07/11 12:36:54 | 000,026,112 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\dllcache\memstpci.sys
[2010/07/11 12:35:56 | 000,007,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ltotape.sys
[2010/07/11 12:35:11 | 000,034,688 | ---- | C] (Toshiba Corp.) -- C:\WINDOWS\System32\dllcache\lbrtfdc.sys
[2010/07/11 12:35:01 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksxbar.ax
[2010/07/11 12:35:00 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kswdmcap.ax
[2010/07/11 12:34:59 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kstvtune.ax
[2010/07/11 12:34:47 | 000,253,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kdsusd.dll
[2010/07/11 12:34:45 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kdsui.dll
[2010/07/11 12:33:37 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd106.dll
[2010/07/11 12:33:08 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irmon.dll
[2010/07/11 12:33:03 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irftp.exe
[2010/07/11 12:33:02 | 000,088,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irda.sys
[2010/07/11 12:32:58 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ipsink.ax
[2010/07/11 12:31:00 | 000,702,845 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\i81xdnt5.dll
[2010/07/11 12:28:36 | 000,028,288 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grserial.sys
[2010/07/11 12:28:23 | 000,059,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gckernel.sys
[2010/07/11 12:28:21 | 000,010,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gameenum.sys
[2010/07/11 12:24:37 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dshowext.ax
[2010/07/11 12:24:14 | 000,206,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dot4.sys
[2010/07/11 12:24:00 | 000,008,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dlttape.sys
[2010/07/11 12:22:06 | 000,249,856 | ---- | C] (ComtrolŪ Corporation) -- C:\WINDOWS\System32\dllcache\ctmasetp.dll
[2010/07/11 12:21:22 | 000,013,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmbatt.sys
[2010/07/11 12:20:56 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\changer.sys
[2010/07/11 12:20:14 | 000,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ccdecode.sys
[2010/07/11 12:20:03 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camext30.dll
[2010/07/11 12:18:25 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bdasup.sys
[2010/07/11 12:18:24 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bdaplgin.ax
[2010/07/11 12:18:06 | 000,013,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avcstrm.sys
[2010/07/11 12:18:04 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avc.sys
[2010/07/11 12:16:35 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\61883.sys
[2010/07/11 12:16:35 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\4mmdat.sys
[2010/07/11 12:16:31 | 000,053,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\1394bus.sys
[2010/06/24 07:51:04 | 000,000,000 | ---D | C] -- C:\Program Files\Project Clock Pro
[2010/06/24 07:51:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\blainegray\Application Data\CyberMatrix
[2010/06/22 08:49:46 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/06/19 17:29:20 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2010/06/19 14:36:18 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/06/19 14:33:23 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/06/19 13:47:55 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/06/19 13:45:24 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/06/19 13:45:24 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/06/19 13:45:24 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/06/19 13:45:24 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/06/19 13:44:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/06/19 13:43:34 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/06/19 13:43:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\blainegray\Application Data\AVG9
[2010/06/12 12:23:31 | 000,000,000 | ---D | C] -- C:\Program Files\DT Utilities
[2010/06/11 21:28:53 | 000,000,000 | ---D | C] -- C:\Program Files\KamzyProcessWatcher
[2004/08/25 16:22:08 | 000,151,552 | ---- | C] ( ) -- C:\WINDOWS\System32\ATIDEMGR.dll
[1980/01/01 02:00:00 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/07/11 21:00:06 | 000,000,496 | ---- | M] () -- C:\WINDOWS\tasks\1-Click Maintenance.job
[2010/07/11 20:42:14 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\blainegray\Local Settings\Application Data\prvlcl.dat
[2010/07/11 20:36:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/11 20:17:21 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/07/11 19:15:20 | 061,903,785 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/07/11 17:36:01 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/11 17:30:33 | 000,002,516 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2010/07/11 17:08:38 | 000,014,848 | -H-- | M] () -- C:\logicinf.bin
[2010/07/11 17:08:37 | 000,001,024 | -H-- | M] () -- C:\diskfile1
[2010/07/11 17:07:57 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/11 17:07:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/07/11 17:07:54 | 000,044,964 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap
[2010/07/11 17:07:52 | 2682,408,960 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/11 16:40:09 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\blainegray\Desktop\oty3zji9.exe
[2010/07/11 15:30:38 | 011,796,480 | ---- | M] () -- C:\Documents and Settings\blainegray\ntuser.dat
[2010/07/11 15:00:06 | 000,001,650 | ---- | M] () -- C:\WINDOWS\tasks\wrSpySweeper_LF3EA03D510E143A3BC478725BBF66440.job
[2010/07/11 14:55:32 | 000,000,402 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{2C17EBE8-23AB-43FE-9E32-6033DE9602BD}.job
[2010/07/11 13:12:55 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\blainegray\NTUSER.INI
[2010/07/11 10:41:20 | 000,604,488 | ---- | M] (TuneUp Software) -- C:\WINDOWS\System32\TUProgSt.exe
[2010/07/11 10:41:16 | 000,361,288 | ---- | M] (TuneUp Software) -- C:\WINDOWS\System32\TuneUpDefragService.exe
[2010/07/11 02:00:17 | 000,000,546 | ---- | M] () -- C:\WINDOWS\tasks\b4a_PC4700 Daily.job
[2010/07/09 23:16:17 | 000,601,364 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavifw.avm
[2010/07/07 21:54:36 | 000,000,036 | ---- | M] () -- C:\WINDOWS\iltwain.ini
[2010/07/06 20:43:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/07/04 11:08:27 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/06/23 21:49:04 | 000,906,770 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/23 21:49:04 | 000,726,258 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2010/06/23 21:49:04 | 000,181,990 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2010/06/22 08:49:48 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/06/22 08:49:46 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/06/22 08:49:39 | 000,025,168 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\System32\drivers\AVGIDSxx.sys
[2010/06/22 08:49:32 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/06/19 21:00:13 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\blainegray\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2010/06/19 20:38:25 | 000,399,144 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/19 20:33:25 | 000,000,976 | ---- | M] () -- C:\WINDOWS\WIN.INI
[2010/06/19 20:30:42 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/06/19 14:13:04 | 000,000,254 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/06/19 14:12:17 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\HOSTS
[2010/06/19 14:03:53 | 000,578,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll
[2010/06/19 13:48:01 | 000,000,281 | RHS- | M] () -- C:\BOOT.INI
[2010/06/11 21:28:54 | 000,000,758 | ---- | M] () -- C:\Documents and Settings\blainegray\Application Data\Microsoft\Internet Explorer\Quick Launch\KamzyProcessWatcher.lnk
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/11 16:40:06 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\blainegray\Desktop\oty3zji9.exe
[2010/07/11 13:09:34 | 000,018,944 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxscnui.dll
[2010/07/11 12:45:31 | 000,033,280 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisrndr.ax
[2010/07/11 12:45:25 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisdecd.dll
[2010/07/11 12:37:57 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdvbnp.ax
[2010/06/29 18:00:55 | 000,001,650 | ---- | C] () -- C:\WINDOWS\tasks\wrSpySweeper_LF3EA03D510E143A3BC478725BBF66440.job
[2010/06/27 07:22:57 | 000,234,448 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/06/19 13:48:01 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/06/19 13:47:58 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/06/19 13:45:24 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/06/19 13:45:24 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/06/19 13:45:24 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/06/19 13:45:24 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/06/19 13:45:24 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/06/19 12:14:14 | 2682,408,960 | -HS- | C] () -- C:\hiberfil.sys
[2010/06/12 12:26:19 | 000,001,024 | -H-- | C] () -- C:\diskfile1
[2010/06/12 12:26:18 | 000,014,848 | -H-- | C] () -- C:\logicinf.bin
[2010/06/11 21:28:54 | 000,000,758 | ---- | C] () -- C:\Documents and Settings\blainegray\Application Data\Microsoft\Internet Explorer\Quick Launch\KamzyProcessWatcher.lnk
[2009/11/12 16:18:18 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2009/09/18 20:46:22 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\drivers\DCDisk.sys
[2009/09/18 20:46:22 | 000,077,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\dcsnap.sys
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/03/17 21:38:12 | 000,815,104 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/03/17 21:38:11 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/08/03 11:19:38 | 000,000,019 | ---- | C] () -- C:\WINDOWS\info2.ini
[2008/08/03 11:19:36 | 000,000,019 | ---- | C] () -- C:\WINDOWS\info1.ini
[2008/07/21 14:44:57 | 000,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2008/07/21 14:44:55 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2008/07/21 14:42:22 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2008/07/21 14:42:20 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2008/07/21 14:42:15 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2007/12/08 15:21:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2006/11/06 21:13:57 | 000,000,088 | ---- | C] () -- C:\WINDOWS\System32\B1885A7868.sys
[2006/10/02 10:43:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/07/23 07:36:07 | 000,000,031 | ---- | C] () -- C:\WINDOWS\sbewin32.INI
[2005/12/02 18:42:50 | 000,000,104 | ---- | C] () -- C:\WINDOWS\System32\68785A88B1.sys
[2005/10/12 09:14:36 | 000,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
[2005/10/12 09:14:36 | 000,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
[2005/07/15 14:35:56 | 000,831,488 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2005/07/15 14:35:56 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2005/07/12 22:29:04 | 000,000,239 | ---- | C] () -- C:\WINDOWS\ActiveAct.INI
[2005/07/04 20:37:15 | 000,000,056 | ---- | C] () -- C:\WINDOWS\Addrfixr.ini
[2005/07/04 20:37:15 | 000,000,036 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2005/07/04 20:36:17 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\DYMOCFG.DLL
[2005/07/04 20:36:15 | 000,009,391 | ---- | C] () -- C:\WINDOWS\System32\dymourl.ini
[2005/06/25 21:17:21 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\EmailShared.dll
[2005/04/01 00:16:31 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/04/01 00:14:44 | 000,000,851 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/04/01 00:01:14 | 000,000,592 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/03/31 23:58:46 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2005/03/31 23:58:37 | 000,003,278 | ---- | C] () -- C:\WINDOWS\System32\LudaP17.ini
[2005/03/31 23:58:37 | 000,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2005/03/31 23:58:31 | 000,000,072 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2005/03/31 23:32:38 | 000,000,370 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/03/01 15:30:20 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2004/11/30 04:10:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\besched.dll
[2004/08/11 19:25:56 | 000,000,791 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/08/04 07:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\FXSPERF.INI
[2003/12/19 02:00:00 | 000,013,387 | ---- | C] () -- C:\WINDOWS\System32\CinemSup.sys
[2003/10/02 01:00:00 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lockout.dll
[2003/10/02 01:00:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\lockres.dll
[2003/09/17 13:00:56 | 000,266,327 | ---- | C] () -- C:\WINDOWS\System32\ADErrorHandling.dll
[2003/01/07 17:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/03/22 04:24:22 | 000,327,680 | ---- | C] () -- C:\WINDOWS\System32\psctsnmp.dll
[1998/08/16 06:00:00 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll
[1980/01/01 02:00:00 | 000,064,512 | ---- | C] () -- C:\WINDOWS\System32\P17.dll
[1980/01/01 02:00:00 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\P17CPI.dll

========== Custom Scans ==========


< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/08/20 22:19:26 | 000,425,984 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\WINDOWS\SYSTEM32\ATIDEMGX.dll
[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.exe /lockedfiles >
[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2004/08/11 19:06:14 | 000,094,208 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.SAV
[2004/08/11 19:06:14 | 000,659,456 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.SAV
[2004/08/11 19:06:14 | 000,876,544 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.SAV

< %systemroot%\system32\*.sys >
[2006/02/24 16:31:09 | 000,000,104 | ---- | M] () -- C:\WINDOWS\SYSTEM32\68785A88B1.sys
[2004/08/04 07:00:00 | 000,009,029 | ---- | M] () -- C:\WINDOWS\SYSTEM32\ANSI.SYS
[2006/11/06 21:46:54 | 000,000,088 | ---- | M] () -- C:\WINDOWS\SYSTEM32\B1885A7868.sys
[2003/12/19 02:00:00 | 000,013,387 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CinemSup.sys
[2004/08/04 07:00:00 | 000,027,097 | ---- | M] () -- C:\WINDOWS\SYSTEM32\COUNTRY.SYS
[2004/06/09 08:29:56 | 000,006,977 | ---- | M] (Gteko Ltd.) -- C:\WINDOWS\SYSTEM32\DDMI2.sys
[2004/06/09 14:31:10 | 000,006,144 | ---- | M] (Gteko Ltd.) -- C:\WINDOWS\SYSTEM32\DLPT.sys
[2004/06/17 11:56:42 | 000,007,626 | ---- | M] (Gteko Ltd.) -- C:\WINDOWS\SYSTEM32\GPCIEnu.sys
[2004/08/04 07:00:00 | 000,004,768 | ---- | M] () -- C:\WINDOWS\SYSTEM32\HIMEM.SYS
[2004/08/04 07:00:00 | 000,042,809 | ---- | M] () -- C:\WINDOWS\SYSTEM32\KEY01.SYS
[2004/08/04 07:00:00 | 000,042,537 | ---- | M] () -- C:\WINDOWS\SYSTEM32\KEYBOARD.SYS
[2004/08/04 07:00:00 | 000,027,866 | ---- | M] () -- C:\WINDOWS\SYSTEM32\NTDOS.SYS
[2004/08/04 07:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\SYSTEM32\NTDOS404.SYS
[2004/08/04 07:00:00 | 000,029,370 | ---- | M] () -- C:\WINDOWS\SYSTEM32\NTDOS411.SYS
[2004/08/04 07:00:00 | 000,029,274 | ---- | M] () -- C:\WINDOWS\SYSTEM32\NTDOS412.SYS
[2004/08/04 07:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\SYSTEM32\NTDOS804.SYS
[2004/08/04 07:00:00 | 000,033,840 | ---- | M] () -- C:\WINDOWS\SYSTEM32\NTIO.SYS
[2004/08/04 07:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\SYSTEM32\NTIO404.SYS
[2004/08/04 07:00:00 | 000,035,648 | ---- | M] () -- C:\WINDOWS\SYSTEM32\NTIO411.SYS
[2004/08/04 07:00:00 | 000,035,424 | ---- | M] () -- C:\WINDOWS\SYSTEM32\NTIO412.SYS
[2004/08/04 07:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\SYSTEM32\NTIO804.SYS
[2008/07/09 09:05:22 | 000,394,952 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\SYSTEM32\vsdatant(2).sys
[2008/04/13 14:44:59 | 000,017,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\watchdog.sys
[2010/05/02 01:22:50 | 001,851,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\win32k.sys
[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\drivers\*.dll >
[2008/04/13 20:11:48 | 000,004,255 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\adv01nt5.dll
[2008/04/13 20:11:48 | 000,003,967 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\adv02nt5.dll
[2008/04/13 20:11:48 | 000,003,615 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\adv05nt5.dll
[2008/04/13 20:11:48 | 000,003,647 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\adv07nt5.dll
[2008/04/13 20:11:48 | 000,003,135 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\adv08nt5.dll
[2008/04/13 20:11:48 | 000,003,711 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\adv09nt5.dll
[2008/04/13 20:11:48 | 000,003,775 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\adv11nt5.dll
[2008/08/20 21:17:17 | 000,053,248 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\ati2erec.dll
[2008/04/13 20:11:50 | 000,021,183 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\atv01nt5.dll
[2008/04/13 20:11:50 | 000,011,359 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\atv02nt5.dll
[2008/04/13 20:11:50 | 000,025,471 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\atv04nt5.dll
[2008/04/13 20:11:50 | 000,014,143 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\atv06nt5.dll
[2008/04/13 20:11:50 | 000,017,279 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\atv10nt5.dll
[2008/04/13 20:11:50 | 000,015,423 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\ch7xxnt5.dll
[2008/04/13 20:12:05 | 000,003,901 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\siint5.dll
[2008/04/13 20:12:08 | 000,011,325 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\vchnt5.dll

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %SYSTEMDRIVE%\*.* >
[2008/06/18 14:31:04 | 000,000,944 | ---- | M] () -- C:\ActABLog2.txt
[2008/06/18 15:36:53 | 000,228,924 | ---- | M] () -- C:\ActExtLog.txt
[2004/08/11 19:15:00 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/05/29 11:55:05 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/06/19 13:48:01 | 000,000,281 | RHS- | M] () -- C:\BOOT.INI
[2004/09/14 17:12:04 | 000,094,208 | ---- | M] (ComponentOne LLC) -- C:\C1.C1Zip.dll
[2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2010/06/19 14:22:16 | 000,029,074 | ---- | M] () -- C:\ComboFix.txt
[2005/06/26 12:19:56 | 000,000,073 | ---- | M] () -- C:\config.001
[2005/06/26 15:20:12 | 000,000,073 | ---- | M] () -- C:\config.002
[2005/06/26 15:20:12 | 000,000,073 | ---- | M] () -- C:\CONFIG.SYS
[2009/02/18 16:47:00 | 000,432,454 | ---- | M] () -- C:\coreuninstall.log
[2006/09/25 09:28:06 | 000,000,000 | ---- | M] () -- C:\DBS.TXT
[2005/03/31 23:37:18 | 000,005,591 | RH-- | M] () -- C:\DELL.SDR
[2005/07/10 20:06:09 | 000,000,762 | ---- | M] () -- C:\devicetable.log
[2010/07/11 17:08:37 | 000,001,024 | -H-- | M] () -- C:\diskfile1
[2009/07/18 20:22:42 | 000,000,076 | ---- | M] () -- C:\DVDPATH.TXT
[2002/03/03 15:47:02 | 000,004,096 | -H-- | M] () -- C:\ffastun.ffo
[2010/07/11 17:07:52 | 2682,408,960 | -HS- | M] () -- C:\hiberfil.sys
[2004/08/11 19:27:32 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2009/02/18 16:55:22 | 000,000,164 | ---- | M] () -- C:\install.dat
[2004/08/11 19:15:00 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2010/07/11 20:45:19 | 000,006,778 | ---- | M] () -- C:\JavaRa.log
[2010/07/11 17:08:38 | 000,014,848 | -H-- | M] () -- C:\logicinf.bin
[2008/08/14 16:35:48 | 000,001,024 | ---- | M] () -- C:\mmjb.DDF
[2004/08/11 19:15:00 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2004/08/04 07:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/10/03 09:42:36 | 000,250,048 | RHS- | M] () -- C:\NTLDR
[2010/07/11 17:07:51 | 805,306,368 | -HS- | M] () -- C:\pagefile.sys
[2007/06/14 12:00:27 | 000,002,236 | ---- | M] () -- C:\rollback.ini
[2007/06/17 17:00:05 | 000,000,512 | ---- | M] () -- C:\ScanSectorLog.dat
[2009/09/18 20:46:26 | 000,000,000 | RH-- | M] () -- C:\tasks.ini
[2009/07/18 20:22:53 | 000,001,939 | ---- | M] () -- C:\temp.png
[2009/08/18 16:43:54 | 000,004,096 | -HS- | M] () -- C:\VSM000.IDX

< %PROGRAMFILES%\*. >
[2009/10/24 15:21:18 | 000,000,000 | ---D | M] -- C:\Program Files\2BrightSparks
[2005/10/26 11:04:45 | 000,000,000 | ---D | M] -- C:\Program Files\3Com
[2007/12/17 18:14:39 | 000,000,000 | ---D | M] -- C:\Program Files\ACT
[2008/12/18 16:49:31 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2008/08/16 09:13:33 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2005/06/25 16:48:36 | 000,000,000 | ---D | M] -- C:\Program Files\ATI Multimedia
[2008/10/14 15:34:10 | 000,000,000 | ---D | M] -- C:\Program Files\ATI Technologies
[2006/07/30 12:45:02 | 000,000,000 | ---D | M] -- C:\Program Files\Avery Dennison
[2009/11/02 11:34:14 | 000,000,000 | ---D | M] -- C:\Program Files\AVG
[2010/05/28 22:04:36 | 000,000,000 | ---D | M] -- C:\Program Files\BCM Diagnostics Pro
[2009/11/12 16:18:18 | 000,000,000 | ---D | M] -- C:\Program Files\Belarc
[2009/03/17 20:59:40 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2005/07/29 21:17:29 | 000,000,000 | ---D | M] -- C:\Program Files\CheckScreen
[2009/06/19 10:43:34 | 000,000,000 | ---D | M] -- C:\Program Files\Classic PhoneTools
[2010/06/19 14:03:15 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2005/03/31 23:31:02 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2007/12/17 17:04:38 | 000,000,000 | ---D | M] -- C:\Program Files\CONEXANT
[2005/06/25 16:49:54 | 000,000,000 | ---D | M] -- C:\Program Files\Creative
[2009/09/04 18:00:27 | 000,000,000 | ---D | M] -- C:\Program Files\CyberLink
[2005/06/26 19:35:35 | 000,000,000 | ---D | M] -- C:\Program Files\Dell
[2005/07/10 15:00:20 | 000,000,000 | ---D | M] -- C:\Program Files\Dell Support
[2005/06/25 19:53:40 | 000,000,000 | ---D | M] -- C:\Program Files\DesignPro
[2007/12/23 17:43:44 | 000,000,000 | ---D | M] -- C:\Program Files\DIFX
[2007/12/12 10:59:18 | 000,000,000 | ---D | M] -- C:\Program Files\Digital Line Detect
[2009/02/28 14:34:42 | 000,000,000 | ---D | M] -- C:\Program Files\Dirprint
[2006/11/02 17:23:11 | 000,000,000 | ---D | M] -- C:\Program Files\DirPrn
[2007/12/04 17:09:33 | 000,000,000 | ---D | M] -- C:\Program Files\DiskCheckup
[2009/05/04 14:51:31 | 000,000,000 | ---D | M] -- C:\Program Files\Diskeeper Corporation
[2007/12/04 10:18:11 | 000,000,000 | ---D | M] -- C:\Program Files\DivX
[2009/11/19 12:44:54 | 000,000,000 | ---D | M] -- C:\Program Files\DPlotJr
[2010/06/12 12:23:31 | 000,000,000 | ---D | M] -- C:\Program Files\DT Utilities
[2010/07/07 21:54:36 | 000,000,000 | ---D | M] -- C:\Program Files\DYMO Label
[2005/10/24 16:28:52 | 000,000,000 | ---D | M] -- C:\Program Files\epson
[2005/06/25 16:50:24 | 000,000,000 | ---D | M] -- C:\Program Files\EssNetTools3
[2009/05/04 14:42:53 | 000,000,000 | ---D | M] -- C:\Program Files\Executive Software
[2005/08/04 10:44:39 | 000,000,000 | ---D | M] -- C:\Program Files\Exponenciel
[2008/08/03 11:19:12 | 000,000,000 | ---D | M] -- C:\Program Files\GFI
[2010/05/10 10:35:31 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2007/12/11 16:21:21 | 000,000,000 | ---D | M] -- C:\Program Files\Grisoft
[2010/02/05 10:25:03 | 000,000,000 | ---D | M] -- C:\Program Files\Hellmansoft
[2005/06/25 16:50:25 | 000,000,000 | ---D | M] -- C:\Program Files\Imaging for Internet
[2010/06/12 11:32:00 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2005/03/31 23:57:13 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2009/09/19 14:59:04 | 000,000,000 | ---D | M] -- C:\Program Files\InterActual
[2010/06/19 20:24:40 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2005/06/25 16:50:26 | 000,000,000 | ---D | M] -- C:\Program Files\Iomega
[2005/04/01 00:10:22 | 000,000,000 | ---D | M] -- C:\Program Files\Jasc Software Inc
[2010/07/11 20:45:14 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2010/06/11 21:28:53 | 000,000,000 | ---D | M] -- C:\Program Files\KamzyProcessWatcher
[2005/06/26 15:47:23 | 000,000,000 | ---D | M] -- C:\Program Files\Kensington
[2006/02/17 17:32:10 | 000,000,000 | ---D | M] -- C:\Program Files\LiveUpdate
[2010/07/11 13:23:36 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/10/03 09:57:32 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2005/04/01 00:00:31 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
[2005/03/31 23:31:04 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2009/03/08 17:21:43 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2005/04/01 00:08:41 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Plus! Digital Media Edition
[2005/04/01 00:08:43 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Plus! Photo Story 2 LE
[2010/04/07 13:42:04 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server
[2005/04/01 00:00:00 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2005/04/01 00:01:44 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio .NET 2003
[2008/10/06 20:46:53 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2006/11/06 21:06:59 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2005/03/31 23:57:30 | 000,000,000 | ---D | M] -- C:\Program Files\Modem Helper
[2010/03/11 18:04:14 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2009/12/07 17:12:40 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2007/12/07 17:15:56 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2009/03/08 17:21:28 | 000,000,000 | ---D | M] -- C:\Program Files\MSECache
[2005/03/31 23:30:58 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2005/03/31 23:31:00 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2006/10/14 14:14:01 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2007/03/22 09:23:13 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 6.0
[2008/10/15 09:33:50 | 000,000,000 | ---D | M] -- C:\Program Files\MUSICMATCH
[2007/06/03 17:57:33 | 000,000,000 | ---D | M] -- C:\Program Files\NASA
[2008/10/03 09:46:38 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2005/03/31 23:57:52 | 000,000,000 | ---D | M] -- C:\Program Files\NetWaiting
[2008/08/03 14:14:55 | 000,000,000 | ---D | M] -- C:\Program Files\NetworkView3
[2008/09/19 14:52:59 | 000,000,000 | ---D | M] -- C:\Program Files\NetworkView36
[2010/03/28 15:07:21 | 000,000,000 | ---D | M] -- C:\Program Files\NexusFile
[2005/06/25 16:52:16 | 000,000,000 | ---D | M] -- C:\Program Files\OfficeUpdate
[2005/06/25 16:52:16 | 000,000,000 | ---D | M] -- C:\Program Files\ONAN
[2005/06/25 16:52:17 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2010/05/14 06:35:37 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2009/04/09 16:10:17 | 000,000,000 | ---D | M] -- C:\Program Files\Palm
[2006/02/26 12:31:40 | 000,000,000 | ---D | M] -- C:\Program Files\PC Magazine Utilities
[2009/10/20 16:27:52 | 000,000,000 | ---D | M] -- C:\Program Files\PerformanceTest
[2005/06/25 16:52:18 | 000,000,000 | ---D | M] -- C:\Program Files\PestPatrol
[2005/06/25 16:52:26 | 000,000,000 | ---D | M] -- C:\Program Files\PhotoDeluxe 2.0
[2009/10/20 16:28:14 | 000,000,000 | ---D | M] -- C:\Program Files\Plextor
[2005/06/25 16:52:28 | 000,000,000 | ---D | M] -- C:\Program Files\Plus!
[2010/06/24 21:17:34 | 000,000,000 | ---D | M] -- C:\Program Files\Project Clock Pro
[2005/06/25 16:52:39 | 000,000,000 | ---D | M] -- C:\Program Files\pup5
[2008/08/13 20:32:43 | 000,000,000 | ---D | M] -- C:\Program Files\PurgeIE
[2009/10/03 16:54:21 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2005/06/25 16:53:28 | 000,000,000 | ---D | M] -- C:\Program Files\Real
[2007/12/07 17:11:16 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2007/12/07 22:20:54 | 000,000,000 | ---D | M] -- C:\Program Files\RegHealer
[2009/09/19 14:58:59 | 000,000,000 | ---D | M] -- C:\Program Files\Roxio
[2009/09/19 14:57:54 | 000,000,000 | ---D | M] -- C:\Program Files\Roxio Creator 2009 Ultimate
[2009/09/19 14:45:54 | 000,000,000 | ---D | M] -- C:\Program Files\SmartSound Software
[2010/05/31 10:42:26 | 000,000,000 | ---D | M] -- C:\Program Files\Softland
[2009/11/02 20:15:00 | 000,000,000 | ---D | M] -- C:\Program Files\Sonic
[2005/07/29 15:05:23 | 000,000,000 | ---D | M] -- C:\Program Files\Startup Control Panel
[2009/08/28 10:25:46 | 000,000,000 | ---D | M] -- C:\Program Files\stg
[2006/07/22 21:45:17 | 000,000,000 | ---D | M] -- C:\Program Files\Stonefield Query for ACT! 2005-2006
[2009/08/12 13:45:56 | 000,000,000 | ---D | M] -- C:\Program Files\StorageCraft
[2010/07/03 14:35:29 | 000,000,000 | ---D | M] -- C:\Program Files\SUPERAntiSpyware
[2007/04/10 09:16:31 | 000,000,000 | ---D | M] -- C:\Program Files\Superscape
[2005/06/25 16:53:48 | 000,000,000 | ---D | M] -- C:\Program Files\Symantec
[2005/06/25 16:53:48 | 000,000,000 | ---D | M] -- C:\Program Files\Syslogd
[2008/06/16 15:03:49 | 000,000,000 | ---D | M] -- C:\Program Files\TechSmith
[2009/09/04 17:25:19 | 000,000,000 | ---D | M] -- C:\Program Files\Temp
[2009/11/12 09:45:23 | 000,000,000 | ---D | M] -- C:\Program Files\TempCleaner
[2009/12/06 08:17:51 | 000,000,000 | ---D | M] -- C:\Program Files\TuneUp Utilities 2009
[2005/06/25 16:54:23 | 000,000,000 | ---D | M] -- C:\Program Files\TV Viewer
[2005/06/25 16:54:24 | 000,000,000 | ---D | M] -- C:\Program Files\Typograf
[2007/12/23 17:44:45 | 000,000,000 | ---D | M] -- C:\Program Files\U.S. Robotics
[2005/04/01 00:01:54 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2005/06/25 16:54:24 | 000,000,000 | ---D | M] -- C:\Program Files\Viewpoint
[2008/09/05 21:38:31 | 000,000,000 | ---D | M] -- C:\Program Files\VS Revo Group
[2009/02/18 16:56:05 | 000,000,000 | ---D | M] -- C:\Program Files\Webroot
[2006/11/06 15:32:16 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Installer Clean Up
[2006/12/25 18:11:11 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2008/10/03 09:46:32 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2008/10/03 09:46:31 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2009/09/19 14:51:27 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar
[2005/03/31 23:31:04 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2009/01/07 17:15:51 | 000,000,000 | ---D | M] -- C:\Program Files\WinGlucofacts Professional 3.04
[2005/07/28 09:48:42 | 000,000,000 | ---D | M] -- C:\Program Files\WinZip
[2009/08/04 11:15:22 | 000,000,000 | ---D | M] -- C:\Program Files\WZGrapher
[2005/10/04 16:17:17 | 000,000,000 | ---D | M] -- C:\Program Files\XEROX
[2009/03/17 21:38:12 | 000,000,000 | ---D | M] -- C:\Program Files\Xvid
[2009/03/24 20:59:00 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!
[2008/11/08 13:08:22 | 000,000,000 | ---D | M] -- C:\Program Files\YouSendIt
[2009/10/20 16:47:34 | 000,000,000 | ---D | M] -- C:\Program Files\Zone Labs


< %appdata%\*.* >
[2010/04/07 13:42:49 | 021,046,160 | ---- | M] (Sage Software ) -- C:\Documents and Settings\blainegray\Application Data\ACT1200HotFix_SS.exe
[2006/11/06 11:57:54 | 000,001,453 | ---- | M] () -- C:\Documents and Settings\blainegray\Application Data\act2006beforeupgrade11062006_ActObjectCreationResults.txt
[2006/12/26 10:51:45 | 000,000,066 | -H-- | M] () -- C:\Documents and Settings\blainegray\Application Data\ActUpdate.log
[2006/03/10 22:06:46 | 000,001,453 | ---- | M] () -- C:\Documents and Settings\blainegray\Application Data\backup03102006_ActObjectCreationResults.txt
[2004/08/11 19:07:12 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\blainegray\Application Data\DESKTOP.INI
[2008/03/23 10:50:09 | 000,005,632 | ---- | M] () -- C:\Documents and Settings\blainegray\Application Data\DMX.bmk
[2010/04/07 14:06:01 | 000,030,575 | ---- | M] () -- C:\Documents and Settings\blainegray\Application Data\NGEN_AppLog_Install.txt
[2010/04/07 13:56:01 | 000,009,176 | ---- | M] () -- C:\Documents and Settings\blainegray\Application Data\NGEN_AppLog_Uninstall.txt


< MD5 for: AGP440.SYS >
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:AGP440.sys
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp2.cab:AGP440.sys
[2008/10/03 09:28:35 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp3.cab:AGP440.sys
[2008/10/03 09:28:35 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SYSTEM32\DLLCACHE\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SYSTEM32\DRIVERS\agp440.sys
[2004/08/04 01:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\I386\AGP440.SYS

< MD5 for: AHCIX86.SYS >
[2008/03/07 21:24:52 | 000,176,136 | ---- | M] (AMD Technologies Inc.) MD5=B6E729A575F84938A08D367E8352EB86 -- C:\ATI\SUPPORT\8-9_xp32_dd_ccc_wdm_enu_68898\SBDrv\RAID7xx\x86\ahcix86.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:atapi.sys
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp2.cab:atapi.sys
[2008/10/03 09:28:35 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp3.cab:atapi.sys
[2008/10/03 09:28:35 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SYSTEM32\DLLCACHE\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SYSTEM32\DRIVERS\atapi.sys
[2004/08/04 00:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\I386\atapi.sys
[2004/08/04 00:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\SYSTEM32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys
[2004/08/04 00:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\SYSTEM32\ReinstallBackups\0013\DriverFiles\i386\atapi.sys

< MD5 for: DISK.SYS >
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:disk.sys
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp2.cab:disk.sys
[2008/10/03 09:28:35 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp3.cab:disk.sys
[2008/10/03 09:28:35 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2004/08/04 07:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\I386\DISK.SYS
[2008/04/13 14:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/13 14:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\SYSTEM32\DLLCACHE\disk.sys
[2008/04/13 14:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\SYSTEM32\DRIVERS\disk.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SYSTEM32\DLLCACHE\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SYSTEM32\eventlog.dll
[2004/08/04 07:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\I386\EVENTLOG.DLL

< MD5 for: NETLOGON.DLL >
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SYSTEM32\DLLCACHE\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SYSTEM32\netlogon.dll
[2004/08/04 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\I386\NETLOGON.DLL

< MD5 for: SCECLI.DLL >
[2004/08/04 07:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\I386\SCECLI.DLL
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SYSTEM32\DLLCACHE\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SYSTEM32\scecli.dll

< MD5 for: USBSTOR.SYS >
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:usbstor.sys
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp2.cab:usbstor.sys
[2008/10/03 09:28:35 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp3.cab:usbstor.sys
[2008/10/03 09:28:35 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:usbstor.sys
[2008/04/13 14:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\ServicePackFiles\i386\usbstor.sys
[2008/04/13 14:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\SYSTEM32\DLLCACHE\usbstor.sys
[2008/04/13 14:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\SYSTEM32\DRIVERS\usbstor.sys

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-06-24 01:50:44

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\blainegray\My Documents\PassMark:Roxio EMC Stream
@Alternate Data Stream - 359 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9A870F8B
@Alternate Data Stream - 197 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0D6E9A34
@Alternate Data Stream - 183 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:21654C57
@Alternate Data Stream - 154 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6DFF1A8A
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BEC0D766
< End of report >

blainegray
Novice
Novice

Status :
Online
Offline

Posts : 7
Joined : 2010-07-11
Gender : Male
OS : Windows XP SP3

View user profile

Back to top Go down

cdrom.sys trojan - 4

Post by blainegray on Mon Jul 12, 2010 2:34 am

OTL Extras logfile created on: 7/11/2010 8:47:48 PM - Run 1
OTL by OldTimer - Version 3.2.9.0 Folder = C:\My Download Files\GeekPolice
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 58.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 61.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 3837 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.20 Gb Total Space | 111.55 Gb Free Space | 76.83% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PC4700
Current User Name: blainegray
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe" = C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe:*:Enabled:CyberLink PowerDVD 8.0 -- (CyberLink Corp.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\ACT\ACT for Windows\Act8.exe" = C:\Program Files\ACT\ACT for Windows\Act8.exe:*:Enabled:ACT! 8.x/2006 -- (Sage Software SB, Inc)
"C:\Program Files\ACT\Act for Windows\ActSage.exe" = C:\Program Files\ACT\Act for Windows\ActSage.exe:*:Enabled:ACT! 9.x/2007 -- (Sage Software, Inc.)
"C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe" = C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe:*:Enabled:CyberLink PowerDVD 8.0 -- (CyberLink Corp.)
"C:\Program Files\AVG\AVG9\avgam.exe" = C:\Program Files\AVG\AVG9\avgam.exe:*:Enabled:avgam.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgdiagex.exe" = C:\Program Files\AVG\AVG9\avgdiagex.exe:*:Enabled:avgdiagex.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Softland\Backup4all Professional 4\Backup4all.exe" = C:\Program Files\Softland\Backup4all Professional 4\Backup4all.exe:*:Enabled:Backup4all Professional 4 -- (Softland)
"C:\Program Files\Softland\Backup4all Professional 4\b4aCmd.exe" = C:\Program Files\Softland\Backup4all Professional 4\b4aCmd.exe:*:Enabled:Backup4all Professional 4 command line -- (Softland)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{084DE53F-1398-4629-BFCE-3D7F4A42D190}" = Xerox Usage Analysis Tool 3.3
"{09EA3E66-F60C-45EF-9C16-6CA2262E21C4}" = Roxio Creator 2009 Ultimate
"{0A7FBF0B-F96C-B34F-7627-0F93C9A8FABD}" = Skins
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{121634B0-2F4A-11D3-ADA3-00C04F52DD53}" = Windows Installer Clean Up
"{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter
"{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}" = Intel(R) PROSet for Wired Connections
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1D53B6F9-E66E-42D8-A221-4FF8AC134FD7}" = Roxio Activation Module
"{1F72F606-ABE8-4FD3-A792-858B2CC35A3C}" = Diskeeper 2008 Professional
"{1FCC574F-AFA2-4432-9EF1-79CA7BA73431}_is1" = Spy Sweeper
"{20DFF861-31EE-41F6-98D5-0A992AE7D116}" = YouSendIt Plug-in for Outlook
"{21ABEA96-CCAB-4C40-8699-6BDFEC5FD63C}" = EMC 11 Content
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 20
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{2E0695EE-ED29-4D96-BD77-2A9A17EDF0D6}" = Cypress USB Mass Storage Driver Installation
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{3383136B-4F86-4F05-8612-DD4BB16A1EAE}" = Roxio Central
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{37039F32-5D27-409B-8FD4-5B51EEF31DBE}" = USRobotics Instant Update
"{396AE30A-AC77-4F41-9511-9190AFADA85D}" = Backup4all Professional 4
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3F5B6210-0903-4DC6-8034-8F488AA3A782}" = Spy Sweeper Core
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4C78937F-0C8E-11D9-A3EB-0001025FA304}" = Kensington MouseWorks
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{554E0167-0B53-B866-9512-44B766FABAAF}" = ccc-utility
"{55574205-0833-A7A2-FD0D-D1520E5469DD}" = CCC Help English
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{56F3E1FF-54FE-4384-A153-6CCABA097814}" = Creative MediaSource
"{58795EE4-FCF7-43A4-A5F6-269E69D0CD0B}" = ACT! by Sage 2010
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{5C47C8B6-77FF-4FC7-A388-66FCF9CFC24C}" = Snagit 9.1.3
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{66563AD8-637B-407F-BCA7-0233A16891AB}" = Business Contact Manager for Outlook 2003
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A4C13C8-39F5-305C-44DE-CD26E1DE0DD6}" = Catalyst Control Center Graphics Full New
"{6BDB3C23-89B6-11D3-9B58-004005368CFC}" = Xerox CentreWare MC
"{6DEF11C0-35FF-4160-A543-FDD336C4DAE5}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = LiveUpdate BVRP Software
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78D944D7-A97B-4004-AB0A-B5AD06839940}" = My Way Search Assistant
"{7919D8D9-69FB-4E94-B330-04C4AF251867}" = Roxio Creator 2009 Ultimate
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{82E760D8-F344-3DE4-134D-2D782E31AACF}" = Catalyst Control Center Core Implementation
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{87A83C6F-F53C-448A-B078-FF00E3EAEB29}" = Roxio Disaster Recovery
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{91A1E62C-FC2F-482F-B1A0-DC2E461A78F8}" = PlexTools Professional XL V3.16
"{91BFB889-7BDE-E3BB-A622-068DB5202B0F}" = Catalyst Control Center Graphics Previews Common
"{97AE00A8-1336-410F-B467-1C6623127BD6}" = DesignPro 5.0 Limited Edition
"{9D622363-9235-E8F0-380C-D9114D77FB52}" = ccc-core-static
"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA749D64-3741-4D5F-B804-B0BC05D179D1}" = Roxio CinePlayer
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.3
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B6164988-AA55-4099-BB9C-EC058210DAD6}" = ImageManager
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BAAB98AF-E4B6-4A2F-A3D7-296BADB7FE2E}" = Microsoft SQL Server 2005 Express Edition
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C0FE37FA-0886-4B66-B01B-76CF70FB77AB}" = Roxio CinePlayer Decoder Pack
"{C225B58A-611C-4E2B-A998-EDC35187BF0F}" = PC Backup Pro
"{C7793EE8-F666-4E6B-9827-76468679480E}" = Tweakui Powertoy for Windows XP
"{C9DD3547-2B8B-B451-F479-30F8B05ED6D6}" = Catalyst Control Center Graphics Full Existing
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBB6F775-E76E-49F7-98D3-1519414B1E4B}" = YouSendIt Express
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEB481CC-F57C-4397-81A0-DADD22257047}" = Sound Blaster Live! 24-bit
"{D053EC1F-0649-4347-AB18-2740D1086E9E}" = Planbook
"{D658D98A-6D93-49BE-8640-63F4CB697600}" = 3Com Network Supervisor
"{D6E00160-F372-F959-A54C-ABDE5E03B170}" = ccc-core-preinstall
"{E3436EE2-D5CB-4249-840B-3A0140CC34C3}" = Classic PhoneTools
"{E5D3E730-1EF6-7876-358A-41C0E61475F5}" = Catalyst Control Center Graphics Light
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{ED0FB0C1-CD06-4C29-B903-8A91D4BF5B61}_is1" = NexusFile V (5.1.3.3652)
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{F80034B6-921B-4B96-A028-D932C7EDD6A1}" = WinGlucofacts Professional 3.04
"{FA3A247D-437A-455E-A88F-7EB6E5F9E799}" = Catalyst Control Center - Branding
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Acrobat 8 Professional" = Adobe Acrobat 8.2.3 Professional
"Adobe Acrobat 8 Professional_823" = Adobe Acrobat 8.2.3 - CPSID_83708
"Adobe Atmosphere Player" = Adobe Atmosphere Player for Acrobat and Adobe Reader
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"AVG9Uninstall" = AVG 9.0
"BCM Diagnostics Pro" = BCM Diagnostics Pro
"Belarc Advisor" = Belarc Advisor 8.1
"C3199E8208FB1818A1C0618F0F1ACF434D6958BA" = Windows Driver Package - U.S. Robotics Corporation (3c1807pd) Modem (11/18/2005 5.00.000.198)
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"DellSupport" = Dell Support 5.0.0 (630)
"Directory Printer_is1" = Directory Printer 3.72
"DPlot Jr_is1" = DPlot Jr Graph Software version 2.2.7.5
"DYMO Label Software" = DYMO Label Software
"EPSON Scanner" = EPSON Scan
"FavOrg" = FavOrg
"Google Updater" = Google Updater
"GoogleVideoPlayer" = Google Video Player
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"InstallShield_{20DFF861-31EE-41F6-98D5-0A992AE7D116}" = YouSendIt Plug-in for Outlook
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{58795EE4-FCF7-43A4-A5F6-269E69D0CD0B}" = ACT! by Sage 2010
"InstallShield_{97AE00A8-1336-410F-B467-1C6623127BD6}" = DesignPro 5.0 Limited Edition
"InstallShield_{CBB6F775-E76E-49F7-98D3-1519414B1E4B}" = YouSendIt Express
"KamzyProcessWatcher_is1" = KamzyProcessWatcher
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Monitors Matter CheckScreen 1.2" = Monitors Matter CheckScreen 1.2
"Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)
"NetworkView_is1" = NetworkView Version 3.60
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PC Backup Pro" = PC Backup Pro
"PerformanceTest 7_is1" = PerformanceTest v7.0
"Project Clock Pro_is1" = Project Clock Pro 9.11
"PROSet" = Intel(R) PRO Network Connections Drivers
"PurgeIE Pro_is1" = PurgeIE Pro - 4.01
"RegHealer_is2" = Registry Healer 4.5.0 uninstall
"Revo Uninstaller" = Revo Uninstaller 1.89
"SM1FX_AT" = USB Storage Adapter FX (SM1)
"STG FolderPrint Plus_is1" = STG FolderPrint Plus 3.73
"VisLite" = Superscape VisLite
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Xvid_is1" = Xvid 1.2.1 final uninstall
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/11/2010 3:45:47 PM | Computer Name = PC4700 | Source = ACT! Scheduler | ID = 0
Description = Service cannot be started. System.Exception: Unable to start scheduler
service. ScheduledItems count is less than or equal to 0. at Act.Scheduler.SchedulerService.OnStart(String[]
args) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error - 7/11/2010 3:45:51 PM | Computer Name = PC4700 | Source = IISADMIN | ID = 102
Description = IISADMIN service found that account IWAM_PC4700 is disabled. Some
IIS functions can fail for this reason. For additional information specific to this
message please visit the Microsoft Online Support site located at: [You must be registered and logged in to see this link.]

Error - 7/11/2010 3:45:51 PM | Computer Name = PC4700 | Source = IISADMIN | ID = 102
Description = IISADMIN service found that account IUSR_PC4700 is disabled. Some
IIS functions can fail for this reason. For additional information specific to this
message please visit the Microsoft Online Support site located at: [You must be registered and logged in to see this link.]

Error - 7/11/2010 3:46:00 PM | Computer Name = PC4700 | Source = MSSQL$ACT7 | ID = 8313
Description = Error in mapping SQL Server performance object/counter indexes to
object/counter names. SQL Server performance counters are disabled.

Error - 7/11/2010 3:46:00 PM | Computer Name = PC4700 | Source = MSSQL$ACT7 | ID = 3409
Description = Performance counter shared memory setup failed with error -1. Reinstall
sqlctr.ini for this instance, and ensure that the instance login account has correct
registry permissions.

Error - 7/11/2010 5:08:36 PM | Computer Name = PC4700 | Source = ACT! Scheduler | ID = 0
Description = Service cannot be started. System.Exception: Unable to start scheduler
service. ScheduledItems count is less than or equal to 0. at Act.Scheduler.SchedulerService.OnStart(String[]
args) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error - 7/11/2010 5:08:41 PM | Computer Name = PC4700 | Source = IISADMIN | ID = 102
Description = IISADMIN service found that account IWAM_PC4700 is disabled. Some
IIS functions can fail for this reason. For additional information specific to this
message please visit the Microsoft Online Support site located at: [You must be registered and logged in to see this link.]

Error - 7/11/2010 5:08:41 PM | Computer Name = PC4700 | Source = IISADMIN | ID = 102
Description = IISADMIN service found that account IUSR_PC4700 is disabled. Some
IIS functions can fail for this reason. For additional information specific to this
message please visit the Microsoft Online Support site located at: [You must be registered and logged in to see this link.]

Error - 7/11/2010 5:08:51 PM | Computer Name = PC4700 | Source = MSSQL$ACT7 | ID = 8313
Description = Error in mapping SQL Server performance object/counter indexes to
object/counter names. SQL Server performance counters are disabled.

Error - 7/11/2010 5:08:51 PM | Computer Name = PC4700 | Source = MSSQL$ACT7 | ID = 3409
Description = Performance counter shared memory setup failed with error -1. Reinstall
sqlctr.ini for this instance, and ensure that the instance login account has correct
registry permissions.

[ System Events ]
Error - 7/11/2010 1:17:07 PM | Computer Name = PC4700 | Source = Service Control Manager | ID = 7023
Description = The DT Utilities PC Backup Pro Backup/Copy Engine service terminated
with the following error: %%3758227475

Error - 7/11/2010 1:17:11 PM | Computer Name = PC4700 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdudf_xp sptd

Error - 7/11/2010 1:25:51 PM | Computer Name = PC4700 | Source = Service Control Manager | ID = 7023
Description = The DT Utilities PC Backup Pro Backup/Copy Engine service terminated
with the following error: %%3758227475

Error - 7/11/2010 1:25:56 PM | Computer Name = PC4700 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdudf_xp sptd

Error - 7/11/2010 2:44:46 PM | Computer Name = PC4700 | Source = Service Control Manager | ID = 7023
Description = The DT Utilities PC Backup Pro Backup/Copy Engine service terminated
with the following error: %%3758227475

Error - 7/11/2010 2:44:48 PM | Computer Name = PC4700 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p
asc3550
cbidf
cd20xrnt
cdudf_xp
CmdIde
Cpqarray
dac2w2k
dac960nt
dpti2o
hpn
i2omp
ini910u
IntelIde
mraid35x
perc2
perc2hib
ql1080
Ql10wnt
ql12160
ql1240
ql1280
sisagp
Sparrow
sptd
symc810
symc8xx
sym_hi
sym_u3
TosIde
ultra
viaagp
ViaIde

Error - 7/11/2010 3:48:09 PM | Computer Name = PC4700 | Source = Service Control Manager | ID = 7023
Description = The DT Utilities PC Backup Pro Backup/Copy Engine service terminated
with the following error: %%3758227475

Error - 7/11/2010 3:48:36 PM | Computer Name = PC4700 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdudf_xp sptd

Error - 7/11/2010 5:10:48 PM | Computer Name = PC4700 | Source = Service Control Manager | ID = 7023
Description = The DT Utilities PC Backup Pro Backup/Copy Engine service terminated
with the following error: %%3758227475

Error - 7/11/2010 5:11:10 PM | Computer Name = PC4700 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdudf_xp sptd

[ TuneUp Events ]
Error - 7/11/2010 1:26:22 PM | Computer Name = PC4700 | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-07-11 13:26:22', '\device\harddiskvolume2\program
files\malwarebytes' anti-malware\mbamgui.exe','4600',0)

Error - 7/11/2010 1:29:23 PM | Computer Name = PC4700 | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-07-11 13:29:23', '\device\harddiskvolume2\program
files\malwarebytes' anti-malware\mbam.exe','4608',0)

Error - 7/11/2010 2:44:10 PM | Computer Name = PC4700 | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-07-11 14:44:09', '\device\harddiskvolume2\program
files\malwarebytes' anti-malware\mbamservice.exe','3632',0)

Error - 7/11/2010 2:52:24 PM | Computer Name = PC4700 | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-07-11 14:52:24', '\device\harddiskvolume2\program
files\malwarebytes' anti-malware\mbamgui.exe','4712',0)

Error - 7/11/2010 2:52:24 PM | Computer Name = PC4700 | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-07-11 14:52:24', '\device\harddiskvolume2\program
files\malwarebytes' anti-malware\mbam.exe','5508',0)

Error - 7/11/2010 3:46:41 PM | Computer Name = PC4700 | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-07-11 15:46:41', '\device\harddiskvolume2\program
files\malwarebytes' anti-malware\mbamservice.exe','3312',0)

Error - 7/11/2010 3:47:19 PM | Computer Name = PC4700 | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-07-11 15:47:19', '\device\harddiskvolume2\program
files\malwarebytes' anti-malware\mbamgui.exe','5716',0)

Error - 7/11/2010 4:07:09 PM | Computer Name = PC4700 | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-07-11 16:07:09', '\device\harddiskvolume2\program
files\malwarebytes' anti-malware\mbam.exe','4420',0)

Error - 7/11/2010 4:16:19 PM | Computer Name = PC4700 | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-07-11 16:16:19', '\device\harddiskvolume2\program
files\malwarebytes' anti-malware\mbam.exe','4196',0)

Error - 7/11/2010 5:09:23 PM | Computer Name = PC4700 | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-07-11 17:09:23', '\device\harddiskvolume2\program
files\malwarebytes' anti-malware\mbamservice.exe','3108',0)


< End of report >

blainegray
Novice
Novice

Status :
Online
Offline

Posts : 7
Joined : 2010-07-11
Gender : Male
OS : Windows XP SP3

View user profile

Back to top Go down

Re: Remove cdrom.sys Trojan.Patched

Post by Sneakyone on Mon Jul 12, 2010 2:41 am

Hi, Smile

Please download ComboFix from [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Rename ComboFix.exe to commy.exe before you save it to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found [You must be registered and logged in to see this link.]
  • Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console


Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Status :
Online
Offline

Posts : 2707
Joined : 2010-01-10
Gender : Male
OS : Windows 7 Ultimate 64-bit

View user profile

Back to top Go down

Re: Remove cdrom.sys Trojan.Patched

Post by blainegray on Tue Jul 13, 2010 10:43 pm

ComboFix 10-07-12.06 - blainegray 07/13/2010 17:34:34.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2558.1576 [GMT -4:00]
Running from: c:\documents and settings\blainegray\desktop\combo-fix.exe
Command switches used :: /stepdel
AV: AVG Internet Security 3-pack *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\nypzlki
c:\windows\settings.reg

.
((((((((((((((((((((((((( Files Created from 2010-06-13 to 2010-07-13 )))))))))))))))))))))))))))))))
.

2010-07-12 00:29 . 2010-07-12 00:29 503808 ----a-w- c:\documents and settings\blainegray\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-46446b04-n\msvcp71.dll
2010-07-12 00:29 . 2010-07-12 00:29 499712 ----a-w- c:\documents and settings\blainegray\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-46446b04-n\jmc.dll
2010-07-12 00:29 . 2010-07-12 00:29 348160 ----a-w- c:\documents and settings\blainegray\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-46446b04-n\msvcr71.dll
2010-07-12 00:29 . 2010-07-12 00:29 61440 ----a-w- c:\documents and settings\blainegray\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-2d18fa03-n\decora-sse.dll
2010-07-12 00:29 . 2010-07-12 00:29 12800 ----a-w- c:\documents and settings\blainegray\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-2d18fa03-n\decora-d3d.dll
2010-07-12 00:29 . 2010-04-12 21:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-11 17:09 . 2008-04-14 00:12 116224 ----a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2010-07-11 17:09 . 2008-04-14 00:12 18944 ----a-w- c:\windows\system32\dllcache\xrxscnui.dll
2010-07-11 17:08 . 2008-04-13 18:46 19200 ----a-w- c:\windows\system32\dllcache\wstcodec.sys
2010-07-11 17:08 . 2008-04-14 00:12 8192 ----a-w- c:\windows\system32\dllcache\wshirda.dll
2010-07-11 17:07 . 2008-04-13 18:36 8832 ----a-w- c:\windows\system32\dllcache\wmiacpi.sys
2010-07-11 17:06 . 2008-04-13 18:45 31744 ----a-w- c:\windows\system32\dllcache\wceusbsh.sys
2010-07-11 17:04 . 2008-04-14 00:12 53760 ----a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2010-07-11 17:04 . 2008-04-13 18:45 26112 ----a-w- c:\windows\system32\dllcache\usbser.sys
2010-07-11 17:04 . 2008-04-13 18:45 15104 ----a-w- c:\windows\system32\dllcache\usbscan.sys
2010-07-11 17:04 . 2008-04-13 18:45 17152 ----a-w- c:\windows\system32\dllcache\usbohci.sys
2010-07-11 17:01 . 2008-04-14 00:12 82944 ----a-w- c:\windows\system32\dllcache\tp4mon.exe
2010-07-11 17:01 . 2008-04-13 18:40 149376 ----a-w- c:\windows\system32\dllcache\tffsport.sys
2010-07-11 16:59 . 2008-04-13 18:46 15232 ----a-w- c:\windows\system32\dllcache\streamip.sys
2010-07-11 16:57 . 2008-04-13 18:40 7552 ----a-w- c:\windows\system32\dllcache\sonyait.sys
2010-07-11 16:57 . 2008-04-13 18:36 6912 ----a-w- c:\windows\system32\dllcache\smbclass.sys
2010-07-11 16:57 . 2008-04-13 18:36 16000 ----a-w- c:\windows\system32\dllcache\smbbatt.sys
2010-07-11 16:56 . 2008-04-13 18:46 11136 ----a-w- c:\windows\system32\dllcache\slip.sys
2010-07-11 16:49 . 2008-04-13 18:45 11520 ----a-w- c:\windows\system32\dllcache\scsiscan.sys
2010-07-11 16:49 . 2008-04-13 18:40 43904 ----a-w- c:\windows\system32\dllcache\sbp2port.sys
2010-07-11 16:47 . 2008-04-14 00:12 29696 ----a-w- c:\windows\system32\dllcache\rw450ext.dll
2010-07-11 16:47 . 2008-04-14 00:12 27648 ----a-w- c:\windows\system32\dllcache\rw430ext.dll
2010-07-11 16:47 . 2008-04-13 18:40 79104 ----a-w- c:\windows\system32\dllcache\rocket.sys
2010-07-11 16:45 . 2008-04-13 18:40 6016 ----a-w- c:\windows\system32\dllcache\qic157.sys
2010-07-11 16:45 . 2008-04-14 00:12 159232 ----a-w- c:\windows\system32\dllcache\ptpusd.dll
2010-07-11 16:45 . 2008-04-14 00:12 363520 ----a-w- c:\windows\system32\dllcache\psisdecd.dll
2010-07-11 16:45 . 2008-04-13 18:41 17664 ----a-w- c:\windows\system32\dllcache\ppa3.sys
2010-07-11 16:45 . 2008-04-13 18:40 8832 ----a-w- c:\windows\system32\dllcache\powerfil.sys
2010-07-11 16:44 . 2008-04-14 00:10 259328 ----a-w- c:\windows\system32\dllcache\perm3dd.dll
2010-07-11 16:44 . 2008-04-13 18:44 28032 ----a-w- c:\windows\system32\dllcache\perm3.sys
2010-07-11 16:44 . 2008-04-14 00:10 211584 ----a-w- c:\windows\system32\dllcache\perm2dll.dll
2010-07-11 16:44 . 2008-04-13 18:44 27904 ----a-w- c:\windows\system32\dllcache\perm2.sys
2010-07-11 16:42 . 2008-04-13 18:46 61696 ----a-w- c:\windows\system32\dllcache\ohci1394.sys
2010-07-11 16:41 . 2008-04-13 18:54 28672 ----a-w- c:\windows\system32\dllcache\nscirda.sys
2010-07-11 16:40 . 2008-04-13 18:46 10880 ----a-w- c:\windows\system32\dllcache\ndisip.sys
2010-07-11 16:40 . 2008-04-13 18:46 85248 ----a-w- c:\windows\system32\dllcache\nabtsfec.sys
2010-07-11 16:38 . 2008-04-13 18:39 5504 ----a-w- c:\windows\system32\dllcache\mstee.sys
2010-07-11 16:38 . 2008-04-13 18:46 49024 ----a-w- c:\windows\system32\dllcache\mstape.sys
2010-07-11 16:38 . 2008-04-13 18:54 22016 ----a-w- c:\windows\system32\dllcache\msircomm.sys
2010-07-11 16:37 . 2008-04-13 18:46 51200 ----a-w- c:\windows\system32\dllcache\msdv.sys
2010-07-11 16:37 . 2008-04-13 18:46 15232 ----a-w- c:\windows\system32\dllcache\mpe.sys
2010-07-11 16:36 . 2008-04-13 18:41 26112 ----a-w- c:\windows\system32\dllcache\memstpci.sys
2010-07-11 16:35 . 2008-04-13 18:40 7040 ----a-w- c:\windows\system32\dllcache\ltotape.sys
2010-07-11 16:35 . 2008-04-13 18:40 34688 ----a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2010-07-11 16:34 . 2008-04-14 00:11 253952 ----a-w- c:\windows\system32\dllcache\kdsusd.dll
2010-07-11 16:34 . 2008-04-14 00:11 48640 ----a-w- c:\windows\system32\dllcache\kdsui.dll
2010-07-11 16:33 . 2008-04-14 00:09 6144 ----a-w- c:\windows\system32\dllcache\kbd106.dll
2010-07-11 16:33 . 2008-04-14 00:11 28160 ----a-w- c:\windows\system32\dllcache\irmon.dll
2010-07-11 16:33 . 2008-04-14 00:12 151552 ----a-w- c:\windows\system32\dllcache\irftp.exe
2010-07-11 16:33 . 2008-04-13 18:54 88192 ----a-w- c:\windows\system32\dllcache\irda.sys
2010-07-11 16:31 . 2008-04-14 00:11 702845 ----a-w- c:\windows\system32\dllcache\i81xdnt5.dll
2010-07-11 16:28 . 2008-04-13 18:40 28288 ----a-w- c:\windows\system32\dllcache\grserial.sys
2010-07-11 16:28 . 2008-04-13 18:45 59136 ----a-w- c:\windows\system32\dllcache\gckernel.sys
2010-07-11 16:28 . 2008-04-13 18:45 10624 ----a-w- c:\windows\system32\dllcache\gameenum.sys
2010-07-11 16:24 . 2008-04-13 18:39 206976 ----a-w- c:\windows\system32\dllcache\dot4.sys
2010-07-11 16:24 . 2008-04-13 18:40 8320 ----a-w- c:\windows\system32\dllcache\dlttape.sys
2010-07-11 16:22 . 2008-04-14 00:11 249856 ----a-w- c:\windows\system32\dllcache\ctmasetp.dll
2010-07-11 16:21 . 2008-04-13 18:36 13952 ----a-w- c:\windows\system32\dllcache\cmbatt.sys
2010-07-11 16:20 . 2008-04-13 18:40 8192 ----a-w- c:\windows\system32\dllcache\changer.sys
2010-07-11 16:20 . 2008-04-13 18:46 17024 ----a-w- c:\windows\system32\dllcache\ccdecode.sys
2010-07-11 16:20 . 2008-04-14 00:11 121856 ----a-w- c:\windows\system32\dllcache\camext30.dll
2010-07-11 16:18 . 2008-04-13 18:46 11776 ----a-w- c:\windows\system32\dllcache\bdasup.sys
2010-07-11 16:18 . 2008-04-13 18:46 13696 ----a-w- c:\windows\system32\dllcache\avcstrm.sys
2010-07-11 16:18 . 2008-04-13 18:46 38912 ----a-w- c:\windows\system32\dllcache\avc.sys
2010-07-11 16:16 . 2008-04-13 18:46 48128 ----a-w- c:\windows\system32\dllcache\61883.sys
2010-07-11 16:16 . 2008-04-13 18:40 12288 ----a-w- c:\windows\system32\dllcache\4mmdat.sys
2010-07-11 16:16 . 2008-04-13 18:46 53376 ----a-w- c:\windows\system32\dllcache\1394bus.sys
2010-06-29 12:01 . 2010-06-29 12:01 1039712 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
2010-06-27 11:22 . 2010-07-05 17:00 234448 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-06-24 11:51 . 2010-06-25 01:17 -------- d-----w- c:\program files\Project Clock Pro
2010-06-24 11:51 . 2010-06-24 11:51 -------- d-----w- c:\documents and settings\blainegray\Application Data\CyberMatrix
2010-06-23 01:10 . 2010-06-23 01:10 501936 ----a-w- c:\documents and settings\All Users\Application Data\Google\Google Toolbar\Update\gtbD.tmp.exe
2010-06-22 12:50 . 2010-06-22 12:50 74760 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\UniversalDD.sys
2010-06-22 12:50 . 2010-06-22 12:50 26120 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\AVGIDSShim.sys
2010-06-22 12:50 . 2010-06-22 12:50 25096 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\AVGIDSxx.sys
2010-06-22 12:50 . 2010-06-22 12:50 242896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-06-22 12:50 . 2010-06-22 12:50 30216 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\AVGIDSFilter.sys
2010-06-22 12:50 . 2010-06-22 12:50 216200 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgldx86.sys
2010-06-22 12:50 . 2010-06-22 12:50 122376 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\AVGIDSDriver.sys
2010-06-22 12:49 . 2010-06-22 12:49 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-06-22 12:48 . 2010-06-22 12:48 813336 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avginet.dll
2010-06-22 12:48 . 2010-06-22 12:48 624920 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgiproxy.exe
2010-06-22 12:48 . 2010-06-22 12:48 1690464 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2010-06-19 21:29 . 2010-05-06 10:41 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-19 17:43 . 2010-06-19 17:43 -------- d-----w- c:\documents and settings\blainegray\Application Data\AVG9

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-13 21:20 . 2007-11-17 19:55 2516 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2010-07-13 21:20 . 2007-11-17 19:55 2516 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2010-07-13 18:42 . 2010-03-06 18:39 0 ----a-w- c:\documents and settings\blainegray\Local Settings\Application Data\prvlcl.dat
2010-07-13 17:45 . 2008-08-21 14:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-07-13 17:05 . 2010-06-12 16:26 14848 ---h--w- C:\logicinf.bin
2010-07-13 17:04 . 2009-11-12 14:21 7304 ----a-w- c:\windows\TMP0001.TMP
2010-07-13 10:30 . 2007-12-04 21:10 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-07-12 12:57 . 2009-10-25 15:35 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-12 00:45 . 2005-04-01 03:56 -------- d-----w- c:\program files\Java
2010-07-12 00:29 . 2005-04-01 03:56 -------- d-----w- c:\program files\Common Files\Java
2010-07-11 17:23 . 2010-03-06 21:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-11 14:41 . 2009-09-03 20:35 604488 ----a-w- c:\windows\system32\TUProgSt.exe
2010-07-11 14:41 . 2009-12-06 12:18 361288 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2010-07-08 01:54 . 2005-07-05 00:36 -------- d-----w- c:\program files\DYMO Label
2010-07-03 18:35 . 2010-06-10 01:35 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-06-22 12:49 . 2008-09-18 14:49 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-22 12:49 . 2009-11-02 15:35 25168 ----a-w- c:\windows\system32\drivers\AVGIDSxx.sys
2010-06-22 12:49 . 2008-09-18 14:49 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-06-19 18:03 . 2004-08-04 11:00 578560 ----a-w- c:\windows\system32\user32.dll
2010-06-19 01:05 . 2009-09-19 18:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Sonic
2010-06-15 01:06 . 2009-11-02 15:34 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-06-12 16:23 . 2010-06-12 16:23 -------- d-----w- c:\program files\DT Utilities
2010-06-12 15:37 . 2009-08-15 20:35 -------- d-----w- c:\documents and settings\All Users\Application Data\DT Utilities
2010-06-12 15:32 . 2005-04-01 03:57 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-12 15:27 . 2008-08-16 13:08 -------- d-----w- c:\program files\Common Files\Apple
2010-06-12 15:27 . 2005-08-18 20:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-06-12 01:28 . 2010-06-12 01:28 -------- d-----w- c:\program files\KamzyProcessWatcher
2010-06-10 01:35 . 2010-06-10 01:35 63488 ----a-w- c:\documents and settings\blainegray\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-06-10 01:35 . 2010-06-10 01:35 52224 ----a-w- c:\documents and settings\blainegray\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-06-10 01:35 . 2010-06-10 01:35 117760 ----a-w- c:\documents and settings\blainegray\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-06-10 01:35 . 2010-06-10 01:35 -------- d-----w- c:\documents and settings\blainegray\Application Data\SUPERAntiSpyware.com
2010-06-10 01:35 . 2010-06-10 01:35 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-06-01 14:00 . 2008-09-18 14:49 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-05-31 14:42 . 2010-03-09 21:26 -------- d-----w- c:\program files\Softland
2010-05-31 14:42 . 2009-10-25 15:42 -------- d-----w- c:\documents and settings\blainegray\Application Data\Softland
2010-05-29 02:04 . 2006-04-27 01:13 -------- d-----w- c:\program files\BCM Diagnostics Pro
2010-05-06 10:41 . 2004-08-04 11:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 20:58 . 2010-05-31 14:43 173056 ----a-w- c:\documents and settings\blainegray\Application Data\Softland\Backup4all Professional 4\Plugins\OutlookExpressSources.dll
2010-05-04 20:58 . 2010-05-31 14:43 188416 ----a-w- c:\documents and settings\blainegray\Application Data\Softland\Backup4all Professional 4\Plugins\MicrosoftOutlookSources.dll
2010-05-02 05:22 . 2004-08-04 11:00 1851264 ------w- c:\windows\system32\win32k.sys
2010-04-29 19:39 . 2010-03-07 03:12 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39 . 2010-03-07 03:12 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-20 05:30 . 2004-08-04 11:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2003-08-27 18:19 . 2005-07-29 18:14 36963 -c--a-r- c:\program files\Common Files\SM1updtr.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1115392]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-10-16 17:13 1115392 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1115392]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1115392]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-18 68856]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-07-03 2403568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"3c1807pd"="c:\windows\SYSTEM32\3cmlink.exe RunServices \Device\3cpipe-3c1807pd" [X]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440]
"kmw_run.exe"="c:\windows\system32\kmw_run.exe" [2005-09-01 118784]
"CPMonitor"="c:\program files\Roxio Creator 2009 Ultimate\5.0\CPMonitor.exe" [2008-08-10 80368]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-06-22 2065760]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"Act.Outlook.Service"="c:\program files\ACT\Act for Windows\Act.Outlook.Service.exe" [2010-01-21 28672]
"Act! Preloader"="c:\program files\ACT\Act for Windows\ActSage.exe" [2010-01-21 331776]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2010-06-16 624056]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-06-17 40368]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]
"SpySweeper"="c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe" [2009-11-06 6515784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-23 39264]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Snagit 9.lnk - c:\program files\TechSmith\SnagIt 9\Snagit32.exe [2009-10-15 6287176]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-06-22 12:49 12536 ----a-w- c:\windows\SYSTEM32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"CTSysVol"="c:\program files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" /r
"UpdReg"="c:\windows\UpdReg.EXE"
"SM1BG"="c:\windows\SM1BG.EXE"
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatchTray11.exe"
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe"
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe"
"Act! Preloader"="c:\act!2010\Standard\ACTSTD\program files\ACT\ActInstallDir\ActSage.exe" -preload
"Act.Outlook.Service"="c:\act!2010\Standard\ACTSTD\program files\ACT\ActInstallDir\Act.Outlook.Service.exe"
"RunSetup"="c:\act!2010\Standard\ACTSTD\Setup.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ACT\\ACT for Windows\\Act8.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ACT\\Act for Windows\\ActSage.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Softland\\Backup4all Professional 4\\Backup4all.exe"=
"c:\\Program Files\\Softland\\Backup4all Professional 4\\b4aCmd.exe"=

R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\SYSTEM32\DRIVERS\AVGIDSxx.sys [11/2/2009 11:35 AM 25168]
R0 AvgRkx86;avgrkx86.sys;c:\windows\SYSTEM32\DRIVERS\avgrkx86.sys [9/18/2008 10:49 AM 52872]
R0 dcsnap;dcsnap;c:\windows\SYSTEM32\DRIVERS\dcsnap.sys [9/18/2009 8:46 PM 77472]
R0 SahdIa32;HDD Filter Driver;c:\windows\SYSTEM32\DRIVERS\SahdIa32.sys [9/19/2009 3:00 PM 20464]
R0 SaibIa32;Volume Filter Driver;c:\windows\SYSTEM32\DRIVERS\SaibIa32.sys [9/19/2009 3:00 PM 15856]
R0 ssfs0bbc;ssfs0bbc;c:\windows\SYSTEM32\DRIVERS\ssfs0bbc.sys [12/7/2008 10:26 PM 29808]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [9/18/2008 10:49 AM 216400]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\SYSTEM32\DRIVERS\avgtdix.sys [9/18/2008 10:49 AM 243024]
R1 DCDisk;DCDisk;c:\windows\SYSTEM32\DRIVERS\DCDisk.sys [9/18/2009 8:46 PM 155648]
R1 SaibVd32;Virtual Disk Driver;c:\windows\SYSTEM32\DRIVERS\SaibVd32.sys [9/19/2009 3:00 PM 25584]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]
R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\program files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe [8/1/2008 11:59 AM 125424]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [6/22/2010 8:49 AM 308136]
R2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [6/1/2010 10:00 AM 2331032]
R2 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [6/22/2010 8:49 AM 5897808]
R2 BCMNTIO;BCMNTIO;c:\program files\BCM Diagnostics Pro\BCMNTIO.SYS [4/26/2006 9:13 PM 3744]
R2 HSMPORT;HSMPORT;c:\program files\BCM Diagnostics Pro\sysmon\HSMPORT.SYS [4/26/2006 9:14 PM 6304]
R2 MAPMEM;MAPMEM;c:\program files\BCM Diagnostics Pro\MAPMEM.SYS [4/26/2006 9:13 PM 3904]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [3/6/2010 11:12 PM 304464]
R2 MSSQL$ACT7;SQL Server (ACT7);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2/26/2008 10:08 PM 29178224]
R2 PurgProService;PurgPro XP Service;c:\program files\PurgeIE\PurgPro_Service.exe [7/19/2006 10:24 AM 350672]
R2 StorageCraft Image Manager;StorageCraft Image Manager;c:\program files\StorageCraft\ImageManager\ImageManager.exe [7/15/2009 12:00 PM 98304]
R2 Usage Analysis Tool Remoting Service;Usage Analysis Tool Remoting Service;c:\program files\XEROX\UAT 3.0\Server\Xerox.UAT.RemotingService.exe [3/22/2007 12:38 PM 40960]
R2 Usage Analysis Tool Scheduler Service;Usage Analysis Tool Scheduler Service;c:\program files\XEROX\UAT 3.0\Server\Xerox.UAT.Scheduler.exe [3/22/2007 12:38 PM 28672]
R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\WebrootSecurity\WRConsumerService.exe [2/18/2009 4:56 PM 1201640]
R3 Avgfwdx;Avgfwdx;c:\windows\SYSTEM32\DRIVERS\avgfwdx.sys [9/18/2008 10:48 AM 30104]
R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys [11/2/2009 11:34 AM 122448]
R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys [11/2/2009 11:34 AM 30288]
R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys [11/2/2009 11:34 AM 26192]
R3 MBAMProtector;MBAMProtector;c:\windows\SYSTEM32\DRIVERS\mbam.sys [3/6/2010 11:12 PM 20952]
S0 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]
S1 efbDisk;efbDisk; [x]
S1 SABKUTIL;SABKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]
S2 ACT! Scheduler;ACT! Scheduler;c:\program files\ACT\Act for Windows\Act.Scheduler.exe [1/20/2010 9:23 PM 81920]
S2 Backup Scheduler;Backup Scheduler;c:\program files\DT Utilities\DT Utilities PC Backup Pro\DR\CBP\DCSchdlerSRVC.exe [9/18/2009 8:46 PM 98304]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/6/2010 2:16 PM 135664]
S2 mgService;DT Utilities PC Backup Pro Backup/Copy Engine;c:\program files\DT Utilities\DT Utilities PC Backup Pro\mgService.exe [6/23/2009 3:28 PM 257088]
S2 Real time Backup Loader;Real time Backup Loader;c:\program files\DT Utilities\DT Utilities PC Backup Pro\DR\FsLoader.exe [9/18/2009 8:46 PM 90112]
S2 Roxio Upnp Server 11;Roxio Upnp Server 11;c:\program files\Roxio Creator 2009 Ultimate\Digital Home 11\RoxioUpnpService11.exe [8/14/2008 12:25 AM 367088]
S2 RoxLiveShare11;LiveShare P2P Server 11;c:\program files\Common Files\Roxio Shared\11.0\SharedCOM\RoxLiveShare11.exe [8/14/2008 12:24 AM 309744]
S2 RoxWatch11;Roxio Hard Drive Watcher 11;c:\program files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatch11.exe [8/14/2008 12:24 AM 170480]
S3 Avgfwfd;AVG network filter service;c:\windows\SYSTEM32\DRIVERS\avgfwdx.sys [9/18/2008 10:48 AM 30104]
S3 PsSdk41;PsSdk41;c:\windows\SYSTEM32\DRIVERS\pssdk41.sys [7/15/2008 11:06 AM 36928]
S3 Roxio UPnP Renderer 11;Roxio UPnP Renderer 11;c:\program files\Roxio Creator 2009 Ultimate\Digital Home 11\RoxioUPnPRenderer11.exe [8/14/2008 12:25 AM 313840]
S3 RoxMediaDB11;RoxMediaDB11;c:\program files\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe [8/14/2008 12:23 AM 1124848]
S3 SQLAgent$ACT7;SQLAgent$ACT7;c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlagent.EXE -i ACT7 --> c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlagent.EXE -i ACT7 [?]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2010-07-13 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-07-16 14:54]

2010-07-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2010-07-13 c:\windows\Tasks\b4a_PC4700 Daily.job
- c:\program files\Softland\Backup4all Professional 4\b4aSchedStarter.exe [2010-05-04 20:58]

2010-07-13 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-01 23:39]

2010-07-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 18:15]

2010-07-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 18:15]

2010-07-12 c:\windows\Tasks\User_Feed_Synchronization-{2C17EBE8-23AB-43FE-9E32-6033DE9602BD}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]

2010-07-13 c:\windows\Tasks\wrSpySweeper_LF3EA03D510E143A3BC478725BBF66440.job
- c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe [2009-02-18 20:19]

2010-07-13 c:\windows\Tasks\wrSpySweeper_LF3EA03D510E143A3BC478725BBF66440.job
- c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe [2009-02-18 20:19]
.
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\PCHEALTH\HELPCTR\System\panels\blank.htm
uStart Page = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
mLocal Page = c:\windows\PCHEALTH\HELPCTR\System\panels\blank.htm
uInternet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
Trusted Zone: rumormillnews.com\www
DPF: Microsoft XML Parser for Java
DPF: {C9E2242D-DC05-4C54-9483-A5C90653F7BC} - [You must be registered and logged in to see this link.]
DPF: {CA6F0A67-18BB-4E39-BB8A-A1E04D6AACDF} - [You must be registered and logged in to see this link.]
DPF: {DE833CC3-52E7-4C9A-BDC4-8EC24B422A2B} - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\blainegray\Application Data\Mozilla\Firefox\Profiles\v0u7wkd8.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 600000
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-07-13 17:43
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-142283734-1097928129-3353262864-1007\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(2020)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\documents and settings\blainegray\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
c:\documents and settings\blainegray\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
c:\documents and settings\blainegray\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-07-13 17:46:46
ComboFix-quarantined-files.txt 2010-07-13 21:46
ComboFix2.txt 2010-06-19 18:22

Pre-Run: 119,812,468,736 bytes free
Post-Run: 119,991,582,720 bytes free

- - End Of File - - 5438667115452CEBB5D7B073F09875A9

2010-06-19 18:20:59 . 2010-06-19 18:20:59 554 ----a-w- C:\Qoobox\Quarantine\Registry_backups\SafeBoot-svcWRSSSDK.reg.dat
2010-06-19 18:20:44 . 2010-06-19 18:20:44 171 ----a-w- C:\Qoobox\Quarantine\Registry_backups\WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440}.reg.dat
2010-06-19 18:20:44 . 2010-06-19 18:20:44 171 ----a-w- C:\Qoobox\Quarantine\Registry_backups\WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3}.reg.dat
2010-06-19 18:04:05 . 2010-06-19 18:04:05 3,292 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_6to4.reg.dat
2010-06-19 18:04:05 . 2010-06-19 18:04:05 990 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_6TO4.reg.dat
2010-06-19 18:03:53 . 2010-07-13 21:39:35 5,223 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2010-06-19 17:44:13 . 2010-07-13 21:31:29 153 ----a-w- C:\Qoobox\Quarantine\catchme.log
2010-06-19 17:39:41 . 2010-06-19 17:39:41 32,768 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\hgtd.ruy.vir
2010-06-19 17:39:41 . 2010-06-19 17:39:41 65,024 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\h7t.wt.vir
2010-06-11 01:57:45 . 2010-06-11 01:57:45 20 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SYSTEM.vir
2010-03-06 19:58:54 . 2010-03-06 19:58:54 5,819 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\blainegray\Local Settings\Temporary Internet Files\Nkyaa0.jpg.vir
2010-03-06 19:58:54 . 2010-03-06 19:58:54 2,259 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\blainegray\Local Settings\Temporary Internet Files\8lOx7j.jpg.vir
2010-03-06 19:58:54 . 2010-03-06 19:58:54 776 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\blainegray\Local Settings\Temporary Internet Files\l2xNaP.jpg.vir
2010-03-06 19:58:54 . 2010-03-06 19:58:54 949 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\blainegray\Local Settings\Temporary Internet Files\0M7nml.jpg.vir
2006-07-18 19:40:25 . 2006-07-18 19:53:24 1,931 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Start Menu\Programs\ACT! 2006 \Uninstall.lnk.vir
2006-04-19 20:35:23 . 2006-04-19 20:55:47 1,931 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\blainegray\Start Menu\Programs\ACT! 2006 \Uninstall.lnk.vir
2005-07-10 15:55:44 . 2009-10-20 20:28:13 0 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\WIN.INI.vir
2005-04-01 03:58:37 . 2004-06-10 16:37:00 11,766 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\SETTINGS.REG.vir
2004-08-04 11:00:00 . 2008-04-14 00:12:08 578,560 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\nypzlki.vir
2004-08-04 11:00:00 . 2010-06-19 17:39:38 578,560 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\user32.dll.vir.vir
2002-09-05 20:00:40 . 2002-09-05 20:13:36 147 -c--a-w- C:\Qoobox\Quarantine\C\Program Files\INSTALL.LOG.vir
1980-01-01 06:00:00 . 2008-04-13 18:40:30 96,512 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\atapi.sys.vir

blainegray
Novice
Novice

Status :
Online
Offline

Posts : 7
Joined : 2010-07-11
Gender : Male
OS : Windows XP SP3

View user profile

Back to top Go down

Re: Remove cdrom.sys Trojan.Patched

Post by Sneakyone on Wed Jul 14, 2010 12:35 am

Hi, Smile

Download [You must be registered and logged in to see this link.] and save it to your Desktop.


  • Right click on the file and choose extract all extract the file to your desktop then run it.
  • If prompted to restart the computer type in Y then it will restart.
  • Or if you are prompted with a hidden service warning do go ahead and delete it.
  • Once completed it will create a log in your C:\ drive
  • Please post the contents of that log


========

Please download Malwarebytes Anti-Malware from [You must be registered and logged in to see this link.].

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Status :
Online
Offline

Posts : 2707
Joined : 2010-01-10
Gender : Male
OS : Windows 7 Ultimate 64-bit

View user profile

Back to top Go down

Re: Remove cdrom.sys Trojan.Patched

Post by blainegray on Sat Jul 17, 2010 1:32 pm

Greetings
I took a while to get the mbam report. The software is not doing its scheduled scans and it takes a long time to get the full scan.
I also added the the tdss scan results.
Blaine

Malwarebytes' Anti-Malware 1.46
[You must be registered and logged in to see this link.]

Database version: 4314

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/17/2010 8:55:19 AM
mbam-log-2010-07-17 (08-55-19).txt

Scan type: Full scan (C:\|)
Objects scanned: 273287
Time elapsed: 1 hour(s), 31 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


20:46:37:171 3532 TDSS rootkit removing tool 2.3.2.2 Jun 30 2010 17:23:49
20:46:37:171 3532 ================================================================================
20:46:37:171 3532 SystemInfo:

20:46:37:171 3532 OS Version: 5.1.2600 ServicePack: 3.0
20:46:37:171 3532 Product type: Workstation
20:46:37:171 3532 ComputerName: PC4700
20:46:37:171 3532 UserName: blainegray
20:46:37:171 3532 Windows directory: C:\WINDOWS
20:46:37:171 3532 System windows directory: C:\WINDOWS
20:46:37:171 3532 Processor architecture: Intel x86
20:46:37:171 3532 Number of processors: 2
20:46:37:171 3532 Page size: 0x1000
20:46:37:171 3532 Boot type: Normal boot
20:46:37:171 3532 ================================================================================
20:46:38:078 3532 Initialize success
20:46:38:078 3532
20:46:38:078 3532 Scanning Services ...
20:46:38:515 3532 Raw services enum returned 444 services
20:46:38:531 3532
20:46:38:531 3532 Scanning Drivers ...
20:46:39:375 3532 3c1807pd (20598faa1765af9495760c368b7156f0) C:\WINDOWS\system32\DRIVERS\3c1807pd.sys
20:46:39:484 3532 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
20:46:39:515 3532 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:46:39:578 3532 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
20:46:39:609 3532 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
20:46:39:671 3532 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
20:46:39:718 3532 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
20:46:39:781 3532 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
20:46:39:812 3532 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
20:46:39:828 3532 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
20:46:39:859 3532 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
20:46:39:875 3532 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
20:46:39:906 3532 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
20:46:39:937 3532 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
20:46:39:953 3532 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
20:46:39:984 3532 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
20:46:40:000 3532 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
20:46:40:031 3532 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
20:46:40:046 3532 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
20:46:40:109 3532 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:46:40:140 3532 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
20:46:40:312 3532 ati2mtag (c06659ff381423d6cb19a91c2a2f80ad) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
20:46:40:375 3532 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:46:40:437 3532 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
20:46:40:484 3532 Avgfwdx (fa6336f05695e39995884d0c959c9608) C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
20:46:40:484 3532 Avgfwfd (fa6336f05695e39995884d0c959c9608) C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
20:46:40:578 3532 AVGIDSDriverxpx (97670687f6c8f35e7b611f2ce1f94472) C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys
20:46:40:625 3532 AVGIDSErHrxpx (277fc6b0f0be23bae7e63f184034b2fe) C:\WINDOWS\system32\Drivers\AVGIDSxx.sys
20:46:40:640 3532 AVGIDSFilterxpx (dba65f23b686bdf043bbb54e55c72887) C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys
20:46:40:671 3532 AVGIDSShimxpx (a552461aab7a36c2465ff19e59af08bf) C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys
20:46:40:703 3532 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\WINDOWS\System32\Drivers\avgldx86.sys
20:46:40:765 3532 AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\WINDOWS\System32\Drivers\avgmfx86.sys
20:46:40:796 3532 AvgRkx86 (5bbcd8646074a3af4ee9b321d12c2b64) C:\WINDOWS\system32\Drivers\avgrkx86.sys
20:46:40:859 3532 AvgTdiX (22e3b793c3e61720f03d3a22351af410) C:\WINDOWS\System32\Drivers\avgtdix.sys
20:46:40:953 3532 BCMNTIO (90a87d49205b3893281203a477f66fe5) C:\Program Files\BCM Diagnostics Pro\BCMNTIO.SYS
20:46:41:000 3532 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
20:46:41:125 3532 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
20:46:41:156 3532 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
20:46:41:171 3532 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
20:46:41:218 3532 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
20:46:41:281 3532 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
20:46:41:312 3532 Cdr4_xp (9714b7c918c6543d69074ec101f86ac4) C:\WINDOWS\system32\drivers\Cdr4_xp.sys
20:46:41:343 3532 Cdralw2k (0d856d16c08440bfb566d6cdd9948d4e) C:\WINDOWS\system32\drivers\Cdralw2k.sys
20:46:41:375 3532 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:46:41:421 3532 cdudf_xp (453ee75b9164fee7bce6a0168abe9d43) C:\WINDOWS\system32\drivers\cdudf_xp.sys
20:46:41:515 3532 Cinemsup (f6a0f51706cb4b0d5b8718ff69f831ba) C:\WINDOWS\system32\drivers\Cinemsup.sys
20:46:41:578 3532 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
20:46:41:593 3532 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
20:46:41:640 3532 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
20:46:41:703 3532 ctsfm2k (8db84de3aab34a8b4c2f644eff41cd76) C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
20:46:41:750 3532 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
20:46:41:781 3532 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
20:46:41:875 3532 DCDisk (11179bba0c9840f7f44cb786b5228bfa) C:\WINDOWS\system32\drivers\DCDisk.sys
20:46:41:953 3532 dcsnap (029f86c522b792e926cd05efadc01871) C:\WINDOWS\system32\drivers\dcsnap.sys
20:46:42:000 3532 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
20:46:42:062 3532 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
20:46:42:156 3532 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
20:46:42:187 3532 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
20:46:42:218 3532 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
20:46:42:234 3532 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
20:46:42:265 3532 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
20:46:42:312 3532 drvmcdb (7df2e645fbda7cde94fcabba7f0de4c2) C:\WINDOWS\system32\DRIVERS\drvmcdb.sys
20:46:42:437 3532 DVDVRRdr_xp (1d5eda9961b16b8e800639038d7492ad) C:\WINDOWS\system32\drivers\DVDVRRdr_xp.sys
20:46:42:515 3532 dvd_2K (dd031ff015b22b4d1560510df0f21fe6) C:\WINDOWS\system32\drivers\dvd_2K.sys
20:46:42:593 3532 E100B (d57a8fc800b501ac05b10d00f66d127a) C:\WINDOWS\system32\DRIVERS\e100b325.sys
20:46:42:687 3532 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
20:46:42:734 3532 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
20:46:43:062 3532 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
20:46:43:203 3532 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
20:46:43:234 3532 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
20:46:43:281 3532 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:46:43:312 3532 FTDIBUS (47b9cf937ac479046da289bd5a769ce9) C:\WINDOWS\system32\drivers\ftdibus.sys
20:46:43:328 3532 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:46:43:359 3532 FTSER2K (216b9a2191676034999785c7f94fa5d6) C:\WINDOWS\system32\drivers\ftser2k.sys
20:46:43:406 3532 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
20:46:43:453 3532 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:46:43:500 3532 HidBatt (748031ff4fe45ccc47546294905feab8) C:\WINDOWS\system32\DRIVERS\HidBatt.sys
20:46:43:546 3532 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:46:43:578 3532 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
20:46:43:625 3532 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
20:46:43:687 3532 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
20:46:43:812 3532 HSMPORT (6c4dbeab3acdc64422adffd1ca75a9fe) C:\Program Files\BCM Diagnostics Pro\SYSMON\HSMPORT.SYS
20:46:43:875 3532 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
20:46:43:906 3532 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
20:46:43:953 3532 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
20:46:43:968 3532 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:46:44:000 3532 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\drivers\Imapi.sys
20:46:44:000 3532 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
20:46:44:015 3532 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
20:46:44:031 3532 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
20:46:44:078 3532 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
20:46:44:125 3532 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:46:44:125 3532 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:46:44:156 3532 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:46:44:171 3532 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:46:44:203 3532 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
20:46:44:218 3532 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:46:44:250 3532 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:46:44:265 3532 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
20:46:44:296 3532 klmd23 (316353165feba3d0538eaa9c2f60c5b7) C:\WINDOWS\system32\drivers\klmd.sys
20:46:44:312 3532 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
20:46:44:343 3532 KMW_KBD (7f52061e32e4bb0905a76ef33dffa8f7) C:\WINDOWS\system32\DRIVERS\KMW_KBD.sys
20:46:44:390 3532 KMW_SYS (030d22f98060c6ccabb72ddb49dcc2ce) C:\WINDOWS\system32\DRIVERS\KMW_SYS.sys
20:46:44:421 3532 KMW_USB (196477579c1bf36cd8d2c11a8d4c6023) C:\WINDOWS\system32\DRIVERS\KMW_USB.sys
20:46:44:468 3532 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
20:46:44:562 3532 MAPMEM (61330a29bd4230505a7618bc41693cbb) C:\Program Files\BCM Diagnostics Pro\MAPMEM.SYS
20:46:44:593 3532 MBAMProtector (67b48a903430c6d4fb58cbaca1866601) C:\WINDOWS\system32\drivers\mbam.sys
20:46:44:625 3532 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
20:46:44:671 3532 mmc_2K (58955da604fa306f84e90f830f5c11b2) C:\WINDOWS\system32\drivers\mmc_2K.sys
20:46:44:734 3532 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
20:46:44:765 3532 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
20:46:44:812 3532 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
20:46:44:859 3532 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:46:44:906 3532 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:46:44:921 3532 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
20:46:44:937 3532 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
20:46:44:953 3532 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:46:44:984 3532 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:46:45:031 3532 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
20:46:45:046 3532 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:46:45:078 3532 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:46:45:093 3532 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
20:46:45:140 3532 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:46:45:156 3532 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
20:46:45:187 3532 NaiAvFilter1 (affd46144d763d9046673dd2d012cff9) C:\WINDOWS\system32\drivers\naiavf5x.sys
20:46:45:203 3532 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
20:46:45:234 3532 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:46:45:250 3532 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:46:45:265 3532 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:46:45:281 3532 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
20:46:45:328 3532 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
20:46:45:359 3532 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
20:46:45:375 3532 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
20:46:45:421 3532 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
20:46:45:468 3532 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
20:46:45:562 3532 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
20:46:45:625 3532 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:46:45:625 3532 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:46:45:640 3532 omci (53d5f1278d9edb21689bbbcecc09108d) C:\WINDOWS\system32\DRIVERS\omci.sys
20:46:45:703 3532 ossrv (103a9b117a7d9903111955cdafe65ac6) C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
20:46:45:734 3532 P17 (df886ffed69aead0cf608b89b18c3f6f) C:\WINDOWS\system32\drivers\P17.sys
20:46:45:812 3532 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
20:46:45:828 3532 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
20:46:45:859 3532 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
20:46:45:875 3532 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
20:46:45:906 3532 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
20:46:45:921 3532 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
20:46:45:984 3532 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
20:46:46:000 3532 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
20:46:46:000 3532 PfModNT (d9ed17ac15720096a9f92ff4ea587b09) C:\WINDOWS\system32\drivers\PfModNT.sys
20:46:46:015 3532 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:46:46:062 3532 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
20:46:46:078 3532 PsSdk41 (0c234a4a2fbab98e5e1bafaf3e3e403a) C:\WINDOWS\system32\Drivers\pssdk41.sys
20:46:46:125 3532 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:46:46:171 3532 pwd_2k (a57885ecdee5719a776a4202737fe347) C:\WINDOWS\system32\drivers\pwd_2k.sys
20:46:46:203 3532 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
20:46:46:203 3532 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
20:46:46:234 3532 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
20:46:46:250 3532 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
20:46:46:265 3532 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
20:46:46:296 3532 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
20:46:46:312 3532 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:46:46:359 3532 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:46:46:375 3532 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:46:46:390 3532 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
20:46:46:421 3532 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:46:46:437 3532 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:46:46:453 3532 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
20:46:46:484 3532 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
20:46:46:515 3532 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
20:46:46:562 3532 RxFilter (0501074a2f29250932e34ca4a844a0f5) C:\WINDOWS\system32\DRIVERS\RxFilter.sys
20:46:46:625 3532 SABKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
20:46:46:687 3532 SahdIa32 (aaa04ca9a0b26127fc6b7f46a4df9059) C:\WINDOWS\system32\Drivers\SahdIa32.sys
20:46:46:703 3532 SaibIa32 (22828c861c0b738af83235c7603cd1ad) C:\WINDOWS\system32\Drivers\SaibIa32.sys
20:46:46:718 3532 SaibVd32 (d65272ab772dbd18832704a79f102fef) C:\WINDOWS\system32\Drivers\SaibVd32.sys
20:46:46:734 3532 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
20:46:46:765 3532 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
20:46:46:796 3532 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:46:46:828 3532 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
20:46:46:843 3532 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
20:46:46:859 3532 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
20:46:46:890 3532 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
20:46:46:906 3532 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
20:46:46:937 3532 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
20:46:46:953 3532 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
20:46:47:000 3532 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
20:46:47:031 3532 ssfs0bbc (a3cc244f1e043c2b7ae32899ff99a0a0) C:\WINDOWS\system32\DRIVERS\ssfs0bbc.sys
20:46:47:046 3532 sshrmd (e041026dafa17af2610afc4da8f4ea14) C:\WINDOWS\system32\DRIVERS\sshrmd.sys
20:46:47:062 3532 ssidrv (5a40b485825cc31b3a49bb4701b30d35) C:\WINDOWS\system32\DRIVERS\ssidrv.sys
20:46:47:093 3532 SSKBFD (8564bc9598be1705477b7fa61d657c2b) C:\WINDOWS\system32\Drivers\sskbfd.sys
20:46:47:140 3532 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
20:46:47:156 3532 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
20:46:47:171 3532 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
20:46:47:187 3532 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
20:46:47:203 3532 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
20:46:47:218 3532 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
20:46:47:234 3532 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
20:46:47:265 3532 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:46:47:296 3532 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
20:46:47:328 3532 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
20:46:47:359 3532 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
20:46:47:375 3532 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
20:46:47:421 3532 TVICHW32 (e266683fc95abdec17cd378564e1b54b) C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS
20:46:47:453 3532 UDFReadr (fd0b16f8828f360390135031d8924ccd) C:\WINDOWS\system32\drivers\UDFReadr.sys
20:46:47:484 3532 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
20:46:47:500 3532 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
20:46:47:546 3532 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
20:46:47:593 3532 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
20:46:47:625 3532 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:46:47:640 3532 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:46:47:656 3532 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:46:47:671 3532 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
20:46:47:687 3532 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:46:47:703 3532 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:46:47:718 3532 USRpdA (497f2190e87d58fd68e559e083796edc) C:\WINDOWS\system32\DRIVERS\USRpdA.sys
20:46:47:750 3532 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
20:46:47:781 3532 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
20:46:47:796 3532 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
20:46:47:812 3532 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
20:46:47:828 3532 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:46:47:859 3532 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
20:46:47:906 3532 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
20:46:47:968 3532 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
20:46:47:984 3532 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
20:46:48:000 3532
20:46:48:000 3532 Completed
20:46:48:000 3532
20:46:48:000 3532 Results:
20:46:48:000 3532 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
20:46:48:000 3532 File objects infected / cured / cured on reboot: 0 / 0 / 0
20:46:48:000 3532
20:46:48:000 3532 KLMD(ARK) unloaded successfully

blainegray
Novice
Novice

Status :
Online
Offline

Posts : 7
Joined : 2010-07-11
Gender : Male
OS : Windows XP SP3

View user profile

Back to top Go down

Re: Remove cdrom.sys Trojan.Patched

Post by Sneakyone on Sun Jul 18, 2010 2:12 am

Hi, Smile

Please run a free online scan with the [You must be registered and logged in to see this link.]
Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Status :
Online
Offline

Posts : 2707
Joined : 2010-01-10
Gender : Male
OS : Windows 7 Ultimate 64-bit

View user profile

Back to top Go down

Re: Remove cdrom.sys Trojan.Patched

Post by blainegray on Sun Jul 18, 2010 5:45 pm

Greetings
Here are the results of the ESET scan:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=e7062c52eb115e4581eb55db21579e4b
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-07-18 05:37:31
# local_time=2010-07-18 01:37:31 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1031 16777173 100 93 0 21373338 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=120163
# found=4
# cleaned=4
# scan_time=7263
C:\Documents and Settings\blainegray\Application Data\Sun\Java\Deployment\cache\6.0\4\436a0444-69bc1bed a variant of Java/TrojanDownloader.Agent.NAN trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\My Download Files\Dell\DellSupportSilentInstall.EXE probably a variant of Win32/Adware.Agent application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\user32.dll.vir.vir Win32/Pinit virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\atapi.sys.vir Win32/Olmarik.ZC trojan (cleaned - quarantined) 00000000000000000000000000000000 C

blainegray
Novice
Novice

Status :
Online
Offline

Posts : 7
Joined : 2010-07-11
Gender : Male
OS : Windows XP SP3

View user profile

Back to top Go down

Re: Remove cdrom.sys Trojan.Patched

Post by Sneakyone on Sun Jul 18, 2010 5:52 pm

Hi, Smile

Your computer is now clean. Now, time to remove the tools used, and update your computer to prevent vulnerability.

Updating System Restore
Now to get you off to a good start we will clean your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your restore points, but this is my method:
  • Select Start > All Programs > Accessories > System tools > System Restore.
  • On the dialogue box that appears select Create a Restore Point
  • Click NEXT
  • Enter a name e.g. Clean
  • Click CREATE.


You now have a clean restore point.

To get rid of the bad ones:
  • Select Start > All Programs > Accessories > System tools > Disk Cleanup.
  • In the Drop down box that appears select your main drive e.g. C
  • Click OK
  • The System will do a calculation of temporary/old files, and then display a dialogue box.
  • Select the More Options Tab.
  • At the bottom will be a System Restore box with a CLEANUP button click this
  • Accept the Warning and select OK again, the program will close and you are done.


========

Removing the tools
Now, to remove all of the tools we used and the files and folders they created, please do the following:

Download [You must be registered and logged in to see this link.] by OldTimer:
  • Save it to your Desktop.
  • Double click OTC.exe.
  • Click the CleanUp! button.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.
    Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.


============

Service Pack upgrade
Please consider upgrading to Windows XP SP3, because it includes all previously released updates. It also includes a small number of new functionalities. Some of the updates that Service Pack 3 provides, you may not have. It is now available via Windows Update.

More info about SP3: [You must be registered and logged in to see this link.]

=====

Update Programs
Please download the newest version of Adobe Acrobat Reader from [You must be registered and logged in to see this link.]

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs.
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.



Please download the newest version of Java from [You must be registered and logged in to see this link.].

Before installing: it is important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs.
Search in the list for all previous installed versions of Java (J2SE Runtime Environment). Please uninstall/remove each of them.

Once old versions are gone, please install the newest version.

=========

Here are some prevention tips I have provided:

1. Don't download files from untrusted websites or websites that seem suspious.

2. Don't use torrents they are a good way to get lots of malware.

3. Don't download and use cracks/warez/keygens they are illegal and are another good way to contract malware.

4. Disable autorun [You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.]

5. Always make sure you have the latest Windows updates. windowsupdate.microsoft.com

6. Don't ever click on the links inside of a popup.

7. Make sure you know what you install you can make sure it is not know for being a virus by just simply searching about it on google.

8. Use a Site Advisor so you don't go to sites that will infect you. [You must be registered and logged in to see this link.]

9. Also there are many holes and flaws in Internet Explorer I recommend using [You must be registered and logged in to see this link.] to keep you more safe.

10. Always keep your [You must be registered and logged in to see this link.] and Adobe updated.

11. Don't fall for the Scareware. What is Scareware? it is a website made to download a rogue Antivirus on your system that will scare you into buying their fake software due to false detections.

12. Always have a Firewall and a Antivirus.

Thanks for choosing GeekPolice, see [You must be registered and logged in to see this link.] if you would like to leave feedback or contribute to our site. Do you have any more questions?

For more information please visit [You must be registered and logged in to see this link.]


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Status :
Online
Offline

Posts : 2707
Joined : 2010-01-10
Gender : Male
OS : Windows 7 Ultimate 64-bit

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum