Hidden malware - Please help

Page 1 of 2 1, 2  Next

View previous topic View next topic Go down

Hidden malware - Please help

Post by furns on Thu 21 Jul 2011, 11:31 am

Gday,
A few weeks back my laptop became infected with some malware, my cpu was being maxed out by svchost.exe processes, I was constantly getting google search redirects (i use chrome) and a Just-in-time debugging window would constantly pop up.
I downloaded Malwarebytes and did a cleanup, then did a system scan with Zonealarm Extreme Security which found a number of trojans and it seemed to fix most things except the svchost issue.
Then the redirects and debugging window popups returned, I performed another cleanup which removed more trojans and again, however I am still getting svchost issues and I can bet that the other issues will return.
Also on rebooting my computer, it is quite slow compared to how it usually boots up and sometimes when I go to open programs they wont open. I can doubleclick them, the process opens in task manager, but then it sits at 0% cpu usage and just stays there.

I will attach my last MBAM log so you can see what was cleaned out


Malwarebytes' Anti-Malware 1.51.1.1800
[You must be registered and logged in to see this link.]

Database version: 7179

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

7/18/2011 3:46:54 PM
mbam-log-2011-07-18 (15-46-54).txt

Scan type: Full scan (C:\|)
Objects scanned: 370210
Time elapsed: 2 hour(s), 52 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\UU9W7W0EVIWEUA7WKSLCFU (Spyware.Passwords.XGen) -> Value: UU9W7W0EVIWEUA7WKSLCFU -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\89DGCM7LPJ (Trojan.FraudPack.Gen) -> Value: 89DGCM7LPJ -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{37CE2CFE-AB64-F6EE-84DD-B1201AA57077} (Trojan.ZbotR.Gen) -> Value: {37CE2CFE-AB64-F6EE-84DD-B1201AA57077} -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\process\fc78ba65341.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\Lvg.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\Lvi.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.
c:\WINDOWS\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\Tasks\{bbaeaeaf-1275-40e2-bd6c-bc8f88bd114a}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\Tasks\{810401e2-dde0-454e-b0e2-aa89c9e5967c}.job (Trojan.FraudPack) -> Quarantined and deleted successfully.

Thanks in advance for any help you guys can give me.

furns

Newbie Surfer
Newbie Surfer

Posts : 18
Joined : 2011-07-20
Operating System : xp

View user profile

Back to top Go down

Re: Hidden malware - Please help

Post by furns on Thu 21 Jul 2011, 11:36 am

here are OTL, MBR and Security check logs


OTL logfile created on: 7/21/2011 7:55:53 AM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Flickels\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 1.09 Gb Available Physical Memory | 58.25% Memory free
2.70 Gb Paging File | 1.80 Gb Available in Paging File | 66.76% Paging File free
Paging file location(s): C:\pagefile.sys 1000 1500 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.01 Gb Total Space | 1.12 Gb Free Space | 3.03% Space Free | Partition Type: NTFS
Drive F: | 73.24 Gb Total Space | 5.79 Gb Free Space | 7.90% Space Free | Partition Type: NTFS
Drive G: | 40.00 Gb Total Space | 26.20 Gb Free Space | 65.49% Space Free | Partition Type: NTFS
Drive H: | 73.06 Gb Total Space | 3.50 Gb Free Space | 4.80% Space Free | Partition Type: NTFS

Computer Name: GRANT | User Name: Flickels | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/20 23:09:05 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Flickels\My Documents\Downloads\OTL.com
PRC - [2011/06/11 02:26:00 | 002,424,192 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2011/03/22 04:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/08/29 02:54:52 | 002,434,568 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2010/08/29 02:53:14 | 001,039,360 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2010/08/27 19:34:02 | 000,493,032 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
PRC - [2010/08/27 19:34:00 | 000,730,600 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
PRC - [2009/08/21 18:15:32 | 000,900,816 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi.exe
PRC - [2009/07/29 01:09:50 | 000,190,024 | ---- | M] (Patchou) -- C:\Program Files\MessengerPlus! 3\MsgPlus.exe
PRC - [2008/08/14 10:14:20 | 000,200,704 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynToshiba.exe
PRC - [2008/04/14 10:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/11/26 07:07:16 | 000,352,256 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSHIBA Applet\THotkey.exe
PRC - [2005/11/11 04:24:50 | 000,073,728 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
PRC - [2005/08/11 04:15:50 | 000,035,328 | ---- | M] (TOSHIBA Corp.) -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
PRC - [2005/08/06 04:18:38 | 000,978,944 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2005/08/01 23:10:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2005/07/16 04:52:42 | 001,077,322 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
PRC - [2005/07/08 00:13:14 | 000,036,864 | ---- | M] () -- C:\WINDOWS\system32\acs.exe
PRC - [2005/06/01 15:00:12 | 000,282,624 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSMain.exe
PRC - [2005/06/01 14:59:58 | 000,045,056 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSBattM.exe
PRC - [2005/04/27 10:13:20 | 000,122,880 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
PRC - [2005/01/17 18:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2004/12/30 18:32:20 | 000,065,536 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
PRC - [2004/10/26 09:23:10 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
PRC - [2004/10/14 17:28:02 | 000,098,394 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2004/08/28 02:37:00 | 000,155,648 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\RAMASST.exe
PRC - [2004/08/28 02:33:00 | 000,110,592 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\DVDRAMSV.exe
PRC - [2004/05/21 00:30:02 | 000,074,240 | ---- | M] (Cypherix) -- C:\WINDOWS\system32\ssoftsrv.exe


========== Modules (SafeList) ==========

MOD - [2011/07/20 23:09:05 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Flickels\My Documents\Downloads\OTL.com
MOD - [2011/05/14 01:17:40 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll
MOD - [2011/05/14 01:12:34 | 000,554,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcp80.dll
MOD - [2010/08/27 19:34:08 | 000,640,488 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
MOD - [2010/08/27 19:33:58 | 000,562,664 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll
MOD - [2010/08/24 02:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009/07/29 01:09:53 | 000,058,952 | ---- | M] (Patchou) -- C:\Program Files\MessengerPlus! 3\MsgPlusLoader.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (nosGetPlusHelper) getPlus(R)
SRV - File not found [Auto | Stopped] -- -- (hpqddsvc)
SRV - File not found [On_Demand | Stopped] -- -- (hpqcxs08)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/12/08 14:31:06 | 000,628,736 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010/08/29 02:54:52 | 002,434,568 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2010/08/27 19:34:02 | 000,493,032 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV - [2005/08/11 04:15:50 | 000,035,328 | ---- | M] (TOSHIBA Corp.) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe -- (TAPPSRV)
SRV - [2005/07/08 00:13:14 | 000,036,864 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS)
SRV - [2005/01/17 18:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2004/08/28 02:33:00 | 000,110,592 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) [Auto | Running] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service)
SRV - [2004/05/21 00:30:02 | 000,074,240 | ---- | M] (Cypherix) [Auto | Running] -- C:\WINDOWS\System32\ssoftsrv.exe -- (ssoftservice)


========== Driver Services (SafeList) ==========

DRV - [2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/08/27 19:33:54 | 000,035,568 | ---- | M] (Check Point Software Technologies) [Kernel | On_Demand | Running] -- C:\Program Files\CheckPoint\ZAForceField\AK\icsak.sys -- (icsak)
DRV - [2010/08/27 19:33:54 | 000,026,352 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2010/07/30 14:16:44 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010/07/30 14:16:42 | 000,023,040 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010/07/30 14:16:38 | 000,018,048 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2010/06/09 19:16:12 | 000,528,128 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2010/05/11 04:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/03/18 19:02:08 | 000,037,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2010/03/18 19:01:52 | 000,038,864 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2010/03/18 19:01:12 | 000,010,448 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2010/02/18 04:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/10/21 12:04:22 | 000,028,160 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\libusb0.sys -- (libusb0)
DRV - [2009/10/12 18:15:30 | 000,317,072 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2009/10/12 18:15:26 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\kl1.sys -- (kl1)
DRV - [2009/08/05 21:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/06/17 22:20:34 | 000,012,648 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2009/03/27 01:16:28 | 000,012,672 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cpuz132_x32.sys -- (cpuz132)
DRV - [2009/03/25 06:29:52 | 000,130,432 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/02/27 14:31:28 | 000,021,504 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2005/11/16 10:40:24 | 000,043,264 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Tvs.sys -- (Tvs)
DRV - [2005/11/15 11:00:22 | 001,122,656 | R--- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/11/10 18:44:12 | 004,064,256 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005/10/21 08:03:42 | 000,006,144 | ---- | M] (Toshiba Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NBSMI.sys -- (TVALD)
DRV - [2005/09/12 19:08:30 | 000,468,736 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2005/08/04 07:10:18 | 001,273,344 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/08/01 23:10:00 | 000,092,700 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/08/01 23:10:00 | 000,087,004 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/08/01 23:10:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/08/01 23:10:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/08/01 23:10:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/08/01 23:10:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/08/01 23:10:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/07/08 03:03:34 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/07/08 03:02:56 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/06/02 05:33:00 | 000,102,384 | ---- | M] (Matsushita Electric Industrial Co.,Ltd.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\meiudf.sys -- (meiudf)
DRV - [2004/08/04 08:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/05/21 00:30:02 | 000,114,944 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ssoftnt4.sys -- (ssoftnt4)
DRV - [2003/09/19 19:47:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)
DRV - [2003/01/29 16:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\..\URLSearchHook: {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.4: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=2.5: C:\Program Files\Virtual Earth 3D\ File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Flickels\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Flickels\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2011/06/26 14:27:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

[2011/02/18 09:18:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/10/14 20:00:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/18 09:48:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010/11/12 17:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/06/26 12:46:29 | 000,436,434 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 192.168.2.2 HP001CC4496485
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 1001-search.info
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 15051 more lines...
O2 - BHO: (no name) - {06647158-359E-4D10-A8DE-E6145DA90BE9} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (ZoneAlarm Toolbar Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll ()
O3 - HKLM\..\Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - No CLSID value found.
O3 - HKLM\..\Toolbar: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {724D43A0-0D85-11D4-9908-00400523E39A} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {871F91FD-3A92-4988-A842-16AB2CFF5AF1} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BC4FFE41-DE9F-46FA-B455-AAD49B9F9938} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [MessengerPlus3] C:\Program Files\MessengerPlus! 3\MsgPlus.exe (Patchou)
O4 - HKLM..\Run: [NDSTray.exe] C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe (TOSHIBA)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TFncKy] C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [THotkey] C:\Program Files\TOSHIBA\TOSHIBA Applet\THotkey.exe (TOSHIBA)
O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe (Matsushita Electric Industrial Co., Ltd.)
O4 - Startup: C:\Documents and Settings\Flickels\Start Menu\Programs\Startup\Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe (Secunia)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0
O8 - Extra context menu item: Download all with Free Download Manager - C:\Program Files\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Download selected with Free Download Manager - C:\Program Files\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Download video with Free Download Manager - C:\Program Files\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Download with Free Download Manager - C:\Program Files\Free Download Manager\dllink.htm ()
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - File not found
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} [You must be registered and logged in to see this link.] (Facebook Photo Uploader 4 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_26)
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 211.29.152.116 198.142.0.51 211.29.132.12
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (EXPLORER.EXE) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Flickels\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Flickels\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/10/22 23:28:01 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/10/22 20:56:58 | 000,000,055 | ---- | M] () - C:\AUTOEXEC.SOL -- [ NTFS ]
O32 - AutoRun File - [2007/08/06 09:03:36 | 000,000,000 | ---- | M] () - G:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{4b475954-38df-11dd-b4ee-0016e30e88c5}\Shell - "" = AutoRun
O33 - MountPoints2\{4b475954-38df-11dd-b4ee-0016e30e88c5}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4b475954-38df-11dd-b4ee-0016e30e88c5}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{4b475955-38df-11dd-b4ee-0016e30e88c5}\Shell - "" = AutoRun
O33 - MountPoints2\{4b475955-38df-11dd-b4ee-0016e30e88c5}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4b475955-38df-11dd-b4ee-0016e30e88c5}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{5523884d-36e8-11dd-b4e8-0016e30e88c5}\Shell - "" = AutoRun
O33 - MountPoints2\{5523884d-36e8-11dd-b4e8-0016e30e88c5}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{5523884d-36e8-11dd-b4e8-0016e30e88c5}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{71220a29-d865-11dc-b48f-0016e30e88c5}\Shell - "" = AutoRun
O33 - MountPoints2\{71220a29-d865-11dc-b48f-0016e30e88c5}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{71220a29-d865-11dc-b48f-0016e30e88c5}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sys.exe
O33 - MountPoints2\{8b829280-3557-11dd-b4e4-0016e30e88c5}\Shell\AutoRun\command - "" = E:\wd_windows_tools\setup.exe
O33 - MountPoints2\{c49a3e12-3609-11dd-b4e6-0016e30e88c5}\Shell - "" = AutoRun
O33 - MountPoints2\{c49a3e12-3609-11dd-b4e6-0016e30e88c5}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c49a3e12-3609-11dd-b4e6-0016e30e88c5}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{f2d59f91-a7ad-11dd-b541-0016e30e88c5}\Shell - "" = AutoRun
O33 - MountPoints2\{f2d59f91-a7ad-11dd-b541-0016e30e88c5}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f2d59f91-a7ad-11dd-b541-0016e30e88c5}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

SafeBootMin: AppMgmt - File not found
SafeBootMin: AVG Anti-Spyware Driver - Driver
SafeBootMin: AVG Anti-Spyware Guard - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: AppMgmt - File not found
SafeBootNet: AVG Anti-Spyware Driver - Driver
SafeBootNet: AVG Anti-Spyware Guard - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: vsmon - C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.1.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.1.4
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {55ADC5F7-A848-4AE4-B8C2-E94FFCCB0DF7} -
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8B05E374-DEBD-BDE2-51B5-6862D76161CB} - Internet Explorer Version Update
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Reg Error: Value error.
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3fhg - C:\WINDOWS\System32\mp3fhg.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.VP60 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\WINDOWS\System32\yv12vfw.dll ([You must be registered and logged in to see this link.]

CREATERESTOREPOINT
Restore point Set: OTL Restore Point


========== Files/Folders - Created Within 30 Days ==========

[2011/07/18 17:21:40 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Flickels\Recent
[2011/07/15 18:51:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/07/13 06:35:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Flickels\Application Data\Obsu
[2011/07/13 06:35:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Flickels\Application Data\Gutar
[2011/07/01 11:08:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DVDVideoSoft
[2011/07/01 11:07:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Flickels\My Documents\DVDVideoSoft
[2011/07/01 11:07:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Flickels\Application Data\DVDVideoSoft
[2011/07/01 11:07:44 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
[2011/07/01 11:07:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
[2011/06/26 18:04:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Flickels\Application Data\Malwarebytes
[2011/06/26 18:04:04 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/06/26 18:04:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/06/26 18:04:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/06/26 18:03:54 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/06/26 18:03:53 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/06/26 14:02:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ZoneAlarm
[2011/06/26 14:02:50 | 000,128,016 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\kl1.sys
[2011/06/26 14:02:36 | 000,317,072 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2011/06/26 12:37:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/06/26 12:36:37 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/06/26 11:15:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/06/26 11:15:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/06/26 11:01:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2011/06/26 11:00:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/06/26 10:59:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/06/25 11:03:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Flickels\Application Data\SUPERAntiSpyware.com
[2011/06/25 11:03:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/06/25 11:03:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/06/25 11:03:23 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2005/11/29 08:01:22 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\DLLVGA.dll
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/21 07:14:04 | 000,000,938 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3104764887-2994076566-3931121267-1006Core.job
[2011/07/21 07:14:02 | 000,000,990 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3104764887-2994076566-3931121267-1006UA.job
[2011/07/20 23:16:22 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2011/07/20 23:02:28 | 000,000,144 | ---- | M] () -- C:\WINDOWS\System32\pdfl.dat
[2011/07/20 22:59:30 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/20 22:56:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/20 22:56:04 | 2011,402,240 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/20 21:59:05 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/07/20 08:41:23 | 000,000,127 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2011/07/18 03:00:04 | 000,000,262 | ---- | M] () -- C:\WINDOWS\tasks\Defrag.job
[2011/07/17 22:40:50 | 000,000,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/14 07:10:37 | 000,002,337 | ---- | M] () -- C:\Documents and Settings\Flickels\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/07/14 07:10:35 | 000,002,359 | ---- | M] () -- C:\Documents and Settings\Flickels\Desktop\Google Chrome.lnk
[2011/07/08 07:58:09 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/07/08 06:20:46 | 000,105,472 | ---- | M] () -- C:\Documents and Settings\Flickels\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/07/01 11:08:06 | 000,000,915 | ---- | M] () -- C:\Documents and Settings\Flickels\Desktop\DVDVideoSoft Free Studio.lnk
[2011/07/01 11:08:04 | 000,000,990 | ---- | M] () -- C:\Documents and Settings\Flickels\Desktop\Free Audio Converter.lnk
[2011/06/26 14:03:45 | 000,425,816 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2011/06/26 14:03:17 | 000,000,144 | ---- | M] () -- C:\WINDOWS\System32\lkfl.dat
[2011/06/26 14:03:16 | 000,000,080 | ---- | M] () -- C:\WINDOWS\System32\ibfl.dat
[2011/06/26 14:02:53 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Flickels\Desktop\ZoneAlarm Security.lnk
[2011/06/26 13:50:52 | 000,132,278 | ---- | M] () -- C:\Documents and Settings\Flickels\My Documents\cc_regbackup_20110626_135035.reg
[2011/06/26 12:46:29 | 000,436,434 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/06/26 12:37:22 | 000,000,982 | ---- | M] () -- C:\Documents and Settings\Flickels\Desktop\Spybot - Search & Destroy (for blind users).lnk
[2011/06/26 12:37:22 | 000,000,978 | ---- | M] () -- C:\Documents and Settings\Flickels\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/06/26 12:37:22 | 000,000,960 | ---- | M] () -- C:\Documents and Settings\Flickels\Desktop\Spybot - Search & Destroy.lnk
[2011/06/26 11:01:11 | 000,000,693 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/06/25 11:03:42 | 000,001,705 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/06/21 09:42:06 | 000,001,745 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/01 11:08:06 | 000,000,915 | ---- | C] () -- C:\Documents and Settings\Flickels\Desktop\DVDVideoSoft Free Studio.lnk
[2011/07/01 11:08:04 | 000,000,990 | ---- | C] () -- C:\Documents and Settings\Flickels\Desktop\Free Audio Converter.lnk
[2011/06/26 18:04:04 | 000,000,813 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/26 14:03:16 | 000,000,144 | ---- | C] () -- C:\WINDOWS\System32\pdfl.dat
[2011/06/26 14:03:16 | 000,000,144 | ---- | C] () -- C:\WINDOWS\System32\lkfl.dat
[2011/06/26 14:03:16 | 000,000,080 | ---- | C] () -- C:\WINDOWS\System32\ibfl.dat
[2011/06/26 14:02:53 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Flickels\Desktop\ZoneAlarm Security.lnk
[2011/06/26 13:50:47 | 000,132,278 | ---- | C] () -- C:\Documents and Settings\Flickels\My Documents\cc_regbackup_20110626_135035.reg
[2011/06/26 12:37:22 | 000,000,982 | ---- | C] () -- C:\Documents and Settings\Flickels\Desktop\Spybot - Search & Destroy (for blind users).lnk
[2011/06/26 12:37:22 | 000,000,978 | ---- | C] () -- C:\Documents and Settings\Flickels\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/06/26 12:37:22 | 000,000,960 | ---- | C] () -- C:\Documents and Settings\Flickels\Desktop\Spybot - Search & Destroy.lnk
[2011/06/26 11:01:11 | 000,000,693 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/06/25 11:03:42 | 000,001,705 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/06/25 10:39:00 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/21 09:42:05 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2011/06/21 09:42:05 | 000,001,745 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/02/28 10:49:00 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2011/02/28 10:48:57 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2011/02/28 10:48:44 | 000,810,496 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011/02/28 10:48:44 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011/02/28 10:48:42 | 000,080,896 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/02/06 10:54:08 | 000,003,623 | ---- | C] () -- C:\WINDOWS\System32\RDDlg.dat
[2010/12/27 00:37:01 | 000,180,496 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/12/27 00:36:59 | 000,295,742 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-3104764887-2994076566-3931121267-1006-0.dat
[2010/12/27 00:36:58 | 000,295,742 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2010/11/11 22:36:07 | 000,022,152 | ---- | C] () -- C:\WINDOWS\System32\driver-flasher-3.5.exe
[2010/04/14 10:12:42 | 000,006,656 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/11 15:21:39 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/01/18 19:14:16 | 000,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini
[2010/01/18 17:12:14 | 000,176,335 | ---- | C] () -- C:\WINDOWS\hpoins35.dat
[2010/01/18 17:12:14 | 000,001,062 | ---- | C] () -- C:\WINDOWS\hpomdl35.dat
[2009/11/26 15:29:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\COMPANIONAPP.INI
[2009/11/26 15:15:40 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Flickels\Application Data\$_hpcst$.hpc
[2009/09/27 03:24:26 | 000,063,608 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/07/27 20:10:33 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2009/07/27 20:09:30 | 000,796,048 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2009/03/03 12:18:04 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2008/12/31 16:04:42 | 000,691,560 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2008/12/31 16:04:42 | 000,528,744 | ---- | C] () -- C:\WINDOWS\System32\OGAVerify.exe
[2008/09/17 07:32:00 | 000,000,807 | ---- | C] () -- C:\WINDOWS\System32\content.ini
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/04/27 04:47:58 | 000,001,781 | ---- | C] () -- C:\WINDOWS\1234.exe
[2008/04/26 02:10:04 | 000,001,781 | ---- | C] () -- C:\WINDOWS\commands.exe
[2008/02/15 02:10:12 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2007/09/28 03:23:19 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\Flickels\Local Settings\Application Data\fusioncache.dat
[2007/09/28 02:28:07 | 000,000,160 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2007/09/28 02:26:20 | 000,000,734 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/09/19 13:25:27 | 000,000,090 | ---- | C] () -- C:\WINDOWS\pccillin.ini
[2007/05/29 12:44:18 | 000,921,088 | ---- | C] () -- C:\WINDOWS\MobileLock.exe
[2007/01/01 17:02:47 | 000,032,305 | ---- | C] () -- C:\WINDOWS\unvpeye.ini
[2006/07/15 22:48:11 | 000,000,952 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/07/06 08:18:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/07/06 08:16:41 | 000,002,951 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/06/18 17:58:57 | 000,105,472 | ---- | C] () -- C:\Documents and Settings\Flickels\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/06/17 13:03:08 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\CEE6BE99A1.sys
[2006/06/16 00:29:02 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2006/05/25 08:47:11 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2006/05/04 12:39:13 | 000,001,350 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/04/16 10:14:13 | 000,266,240 | ---- | C] () -- C:\WINDOWS\System32\ControlWZCS.exe
[2006/04/16 10:14:10 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\acs.exe
[2006/04/16 10:14:03 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\AegisI5.exe
[2006/04/16 10:13:47 | 000,270,336 | ---- | C] () -- C:\WINDOWS\System32\PlugPlayPCIDevice.exe
[2006/04/16 10:13:47 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\MFCFirstRemove.exe
[2005/11/29 08:10:54 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/11/29 08:01:22 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\TCtrlIO.dll
[2005/11/25 04:53:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2005/11/25 04:50:44 | 000,036,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\CSIIDecoder_kern_i386.sys
[2005/11/25 04:50:44 | 000,029,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys
[2005/11/25 04:50:03 | 000,000,216 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/11/25 04:48:41 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/11/25 04:48:41 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/11/25 04:48:41 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/11/25 04:48:41 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/11/25 04:48:41 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/11/25 04:48:41 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/11/24 15:19:28 | 000,000,140 | R--- | C] () -- C:\WINDOWS\System32\drivers\RTHDAEQ1.dat
[2005/11/24 15:19:23 | 000,000,140 | R--- | C] () -- C:\WINDOWS\System32\drivers\RTHDAEQ0.dat
[2005/11/24 15:19:20 | 000,135,168 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2005/11/24 15:19:20 | 000,040,960 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2005/11/24 15:18:38 | 000,010,165 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2005/11/24 15:18:38 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2005/11/24 15:18:37 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2005/11/24 15:18:37 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2005/11/24 14:16:31 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/11/24 13:29:12 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/11/24 13:27:49 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/11/24 13:23:57 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/11/24 12:11:45 | 000,001,153 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/11/24 12:11:32 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/11/24 12:11:31 | 000,506,640 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/11/24 12:11:31 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2005/11/24 12:11:31 | 000,088,514 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/11/24 12:11:31 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2005/11/24 12:11:30 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/11/24 12:11:30 | 000,004,631 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005/11/24 12:11:30 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/11/24 12:11:27 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2005/11/24 12:11:27 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2005/11/24 12:11:24 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2005/11/24 12:11:20 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2005/11/24 05:19:04 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/11/24 05:18:16 | 000,277,352 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/11/11 16:12:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/06/11 00:59:16 | 000,095,617 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2004/05/21 00:30:02 | 000,114,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\ssoftnt4.sys
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/07/06 15:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2000/08/10 16:09:08 | 000,053,248 | ---- | C] () -- C:\WINDOWS\rmvpeye.exe
[2000/07/28 20:48:12 | 000,102,400 | ---- | C] () -- C:\WINDOWS\japi.dll

========== Custom Scans ==========


< %APPDATA%\Microsoft\*.* >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %USERPROFILE%\Desktop\*.exe >

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\winn32\*.* >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >

< %ProgramFiles%\TinyProxy. >

< %systemroot%\system32\*.* /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.* /lockedfiles >


furns

Newbie Surfer
Newbie Surfer

Posts : 18
Joined : 2011-07-20
Operating System : xp

View user profile

Back to top Go down

Re: Hidden malware - Please help

Post by furns on Thu 21 Jul 2011, 11:46 am

< %PROGRAMFILES%\*. >
[2011/06/21 09:41:10 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2008/12/03 16:18:24 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2010/09/03 00:54:26 | 000,000,000 | ---D | M] -- C:\Program Files\Ashampoo
[2006/04/16 10:14:02 | 000,000,000 | ---D | M] -- C:\Program Files\Atheros
[2009/07/27 19:44:51 | 000,000,000 | ---D | M] -- C:\Program Files\ATI Technologies
[2010/04/25 17:42:22 | 000,000,000 | ---D | M] -- C:\Program Files\Audacity
[2009/09/05 00:14:55 | 000,000,000 | ---D | M] -- C:\Program Files\AudioShell
[2011/04/30 12:32:48 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2011/06/26 11:00:58 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner
[2009/12/12 11:10:48 | 000,000,000 | ---D | M] -- C:\Program Files\CheckPoint
[2011/07/01 11:07:44 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2005/11/24 13:23:45 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2009/07/30 20:36:22 | 000,000,000 | ---D | M] -- C:\Program Files\CPUID
[2010/12/25 09:08:53 | 000,000,000 | ---D | M] -- C:\Program Files\DIFX
[2011/07/01 11:18:03 | 000,000,000 | ---D | M] -- C:\Program Files\DivX
[2005/11/25 04:48:45 | 000,000,000 | ---D | M] -- C:\Program Files\DVD-RAM
[2011/07/01 11:07:44 | 000,000,000 | ---D | M] -- C:\Program Files\DVDVideoSoft
[2010/03/17 01:08:11 | 000,000,000 | ---D | M] -- C:\Program Files\FileZilla FTP Client
[2011/02/28 10:27:20 | 000,000,000 | ---D | M] -- C:\Program Files\Free Download Manager
[2011/06/05 13:22:32 | 000,000,000 | ---D | M] -- C:\Program Files\Garmin
[2010/12/25 09:09:12 | 000,000,000 | ---D | M] -- C:\Program Files\Garmin GPS Plugin
[2010/01/18 18:50:54 | 000,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard
[2010/09/30 17:55:45 | 000,000,000 | ---D | M] -- C:\Program Files\HP
[2011/06/15 20:54:53 | 000,000,000 | ---D | M] -- C:\Program Files\IncrediMail
[2011/02/18 09:21:02 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2011/06/16 01:39:11 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2005/11/25 04:50:27 | 000,000,000 | ---D | M] -- C:\Program Files\InterVideo
[2011/06/18 11:36:39 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2011/06/18 11:38:04 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2011/06/18 10:15:57 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2011/02/28 10:50:29 | 000,000,000 | ---D | M] -- C:\Program Files\K-Lite Codec Pack
[2010/04/25 17:45:25 | 000,000,000 | ---D | M] -- C:\Program Files\Kreatives.org
[2010/05/18 22:06:22 | 000,000,000 | ---D | M] -- C:\Program Files\Lame for Audacity
[2005/11/24 15:18:37 | 000,000,000 | ---D | M] -- C:\Program Files\ltmoh
[2010/11/11 22:36:07 | 000,000,000 | ---D | M] -- C:\Program Files\maemo
[2011/07/18 02:06:13 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/09/30 22:26:52 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2008/09/07 17:30:15 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger Plus! Live
[2009/07/29 01:10:09 | 000,000,000 | ---D | M] -- C:\Program Files\MessengerPlus! 3
[2009/07/28 11:08:41 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2010/09/29 02:29:15 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
[2007/08/03 03:01:26 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2005/11/24 13:26:06 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2009/07/30 19:05:10 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2009/11/11 16:11:08 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office Outlook Connector
[2011/06/16 08:16:53 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2009/07/28 11:05:57 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2009/07/28 11:06:58 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Sync Framework
[2006/05/01 20:00:55 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2009/07/30 20:26:19 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2010/12/25 09:47:28 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2010/08/13 03:07:30 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2011/02/18 09:18:37 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2010/03/21 15:20:50 | 000,000,000 | ---D | M] -- C:\Program Files\Mp3tag
[2009/07/28 11:44:45 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2009/07/30 18:01:27 | 000,000,000 | ---D | M] -- C:\Program Files\MSECache
[2005/11/24 13:22:46 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2005/11/24 13:22:57 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2006/10/15 03:03:15 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2009/10/25 02:30:18 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 6.0
[2009/10/07 16:42:53 | 000,000,000 | ---D | M] -- C:\Program Files\NCH Software
[2008/09/30 22:15:26 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2011/05/11 23:29:22 | 000,000,000 | ---D | M] -- C:\Program Files\Nokia
[2006/07/13 22:13:29 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2010/12/17 02:04:58 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2011/05/11 23:28:31 | 000,000,000 | ---D | M] -- C:\Program Files\PC Connectivity Solution
[2010/09/07 15:46:02 | 000,000,000 | ---D | M] -- C:\Program Files\PC User Audio Toolkit
[2011/06/15 20:55:40 | 000,000,000 | ---D | M] -- C:\Program Files\Photo Notifier and Animation Creator
[2011/01/24 14:00:30 | 000,000,000 | ---D | M] -- C:\Program Files\PS3 Media Server
[2010/12/26 23:46:31 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2005/11/24 15:17:46 | 000,000,000 | ---D | M] -- C:\Program Files\Realtek
[2009/07/28 11:44:28 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2010/03/17 20:10:24 | 000,000,000 | ---D | M] -- C:\Program Files\Secunia
[2008/01/09 19:46:33 | 000,000,000 | ---D | M] -- C:\Program Files\Siber Systems
[2010/04/11 15:20:33 | 000,000,000 | R--D | M] -- C:\Program Files\Skype
[2006/10/03 12:45:52 | 000,000,000 | ---D | M] -- C:\Program Files\SmartDraw 7
[2005/11/25 04:50:10 | 000,000,000 | ---D | M] -- C:\Program Files\Sonic
[2011/06/26 12:43:33 | 000,000,000 | ---D | M] -- C:\Program Files\Spybot - Search & Destroy
[2006/10/22 23:28:15 | 000,000,000 | ---D | M] -- C:\Program Files\SRN Micro
[2011/06/25 11:04:51 | 000,000,000 | ---D | M] -- C:\Program Files\SUPERAntiSpyware
[2005/11/24 15:17:36 | 000,000,000 | ---D | M] -- C:\Program Files\Synaptics
[2006/04/16 10:15:32 | 000,000,000 | ---D | M] -- C:\Program Files\TOSHIBA
[2005/11/24 13:28:52 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2011/03/28 17:47:23 | 000,000,000 | ---D | M] -- C:\Program Files\uTorrent
[2009/07/28 13:46:09 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Desktop Search
[2009/07/30 18:02:06 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Installer Clean Up
[2011/06/15 20:02:49 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2008/06/09 21:52:27 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live Favorites
[2009/07/28 11:03:32 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live SkyDrive
[2009/07/28 11:07:25 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live Toolbar
[2009/07/28 01:05:27 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2009/07/28 01:05:25 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2006/07/13 22:13:01 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2005/11/24 13:24:33 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2010/01/13 18:36:31 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2005/11/24 13:26:06 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
[2007/01/06 23:05:55 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!
[2009/07/28 16:17:22 | 000,000,000 | ---D | M] -- C:\Program Files\Zone Labs


< MD5 for: AGP440.SYS >
[2004/08/04 22:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/09/30 22:03:23 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/04 22:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys
[2008/09/30 22:03:23 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/14 04:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/14 04:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\dllcache\agp440.sys
[2008/04/14 04:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys


< MD5 for: ATAPI.SYS >
[2004/08/04 22:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/09/30 22:03:23 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/04 22:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2008/09/30 22:03:23 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/14 04:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/14 04:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/14 04:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: DISK.SYS >
[2004/08/04 22:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2008/09/30 22:03:23 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2004/08/04 22:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:disk.sys
[2008/09/30 22:03:23 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2008/04/14 04:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/14 04:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\dllcache\disk.sys
[2008/04/14 04:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: NETLOGON.DLL >
[2008/04/14 10:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 10:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-07-19 22:47:19

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Documents and Settings\Flickels\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/07/09 14:51:19 | 001,012,792 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\Flickels\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2011/07/09 14:51:19 | 001,012,792 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\Flickels\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2011/07/09 14:51:19 | 001,012,792 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\Flickels\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/07/09 14:51:19 | 001,012,792 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\Flickels\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/07/09 14:51:19 | 001,012,792 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/04/25 22:00:32 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/04/25 22:00:32 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/04/25 22:00:32 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2011/04/21 20:58:25 | 000,634,648 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Documents and Settings\Flickels\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/07/09 14:51:19 | 001,012,792 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\Flickels\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2011/07/09 14:51:19 | 001,012,792 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\Flickels\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2011/07/09 14:51:19 | 001,012,792 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\Flickels\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/07/09 14:51:19 | 001,012,792 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\Flickels\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/07/09 14:51:19 | 001,012,792 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/04/25 22:00:32 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/04/25 22:00:32 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/04/25 22:00:32 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2011/04/21 20:58:25 | 000,634,648 | ---- | M] (Microsoft Corporation)

========== Alternate Data Streams ==========

@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C980DA7D

< End of report >


OTL Extras logfile created on: 7/21/2011 7:55:53 AM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Flickels\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 1.09 Gb Available Physical Memory | 58.25% Memory free
2.70 Gb Paging File | 1.80 Gb Available in Paging File | 66.76% Paging File free
Paging file location(s): C:\pagefile.sys 1000 1500 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.01 Gb Total Space | 1.12 Gb Free Space | 3.03% Space Free | Partition Type: NTFS
Drive F: | 73.24 Gb Total Space | 5.79 Gb Free Space | 7.90% Space Free | Partition Type: NTFS
Drive G: | 40.00 Gb Total Space | 26.20 Gb Free Space | 65.49% Space Free | Partition Type: NTFS
Drive H: | 73.06 Gb Total Space | 3.50 Gb Free Space | 4.80% Space Free | Partition Type: NTFS

Computer Name: GRANT | User Name: Flickels | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" %*
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" %*
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"D:\setup\hpznui01.exe" = D:\setup\hpznui01.exe:*:Enabled:hpznui01.exe
"C:\Documents and Settings\Flickels\Local Settings\Temp\7zS1BC7\setup\hpznui01.exe" = C:\Documents and Settings\Flickels\Local Settings\Temp\7zS1BC7\setup\hpznui01.exe:*:Enabled:hpznui01.exe
"C:\Documents and Settings\Flickels\Local Settings\Temp\7zS40E7\setup\hpznui01.exe" = C:\Documents and Settings\Flickels\Local Settings\Temp\7zS40E7\setup\hpznui01.exe:*:Enabled:hpznui01.exe
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\{71C4F928-136A-4222-A191-310E081FB96B}\setup\hpznui01.exe" = C:\Program Files\HP\Digital Imaging\{71C4F928-136A-4222-A191-310E081FB96B}\setup\hpznui01.exe:*:Enabled:hpznui01.exe -- (Hewlett-Packard)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Documents and Settings\Flickels\Desktop\Music\paint shop pro Keygen.exe" = C:\Documents and Settings\Flickels\Desktop\Music\paint shop pro Keygen.exe:*:Enabled:paint shop pro Keygen
"C:\WINDOWS\system32\winctl32.exe" = C:\WINDOWS\system32\winctl32.exe:*:Enabled:winctl32
"C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe" = C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe:*:Enabled:ConfigFree SUMMIT Engine -- (TOSHIBA CORPORATION)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
"C:\Program Files\SRN Micro\SOLOCFG.EXE" = C:\Program Files\SRN Micro\SOLOCFG.EXE:*:Enabled:Solo Scheduler
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\WINDOWS\system32\rtcshare.exe" = C:\WINDOWS\system32\rtcshare.exe:*:Enabled:RTC App Sharing -- (Microsoft Corporation)
"C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe" = C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process
"C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe" = C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater
"D:\setup\HPZnet01.exe" = D:\setup\HPZnet01.exe:*:Enabled:hpznet01.exe
"D:\setup\HPONICIFS01.EXE" = D:\setup\HPONICIFS01.EXE:*:Enabled:hponicifs01.exe
"C:\WINDOWS\system32\bot.exe" = C:\WINDOWS\system32\bot.exe:*:Enabled:bot
"C:\Program Files\BearShare Applications\BearShare\BearShare.exe" = C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare
"C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe" = C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe:*:Enabled:Kaspersky AV Scanner
"C:0\Program Files\IncrediMail\bin\ImApp.exe" = C:0\Program Files\IncrediMail\bin\ImApp.exe:*:Enabled:IncrediMail
"C:0\Program Files\IncrediMail\bin\IncMail.exe" = C:0\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail
"C:\Program Files\IncrediMail\bin\ImApp.exe" = C:\Program Files\IncrediMail\bin\ImApp.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)
"C:\Program Files\IncrediMail\bin\IncMail.exe" = C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)
"C:\Program Files\IncrediMail\bin\ImpCnt.exe" = C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)
"D:\setup\hpznui01.exe" = D:\setup\hpznui01.exe:*:Enabled:hpznui01.exe
"C:\Documents and Settings\Flickels\Local Settings\Temp\7zS1BC7\setup\hpznui01.exe" = C:\Documents and Settings\Flickels\Local Settings\Temp\7zS1BC7\setup\hpznui01.exe:*:Enabled:hpznui01.exe
"C:\WINDOWS\system32\ZoneLabs\vsmon.exe" = C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Enabled:vsmon -- (Check Point Software Technologies LTD)
"C:\Documents and Settings\Flickels\Local Settings\Temp\7zS40E7\setup\hpznui01.exe" = C:\Documents and Settings\Flickels\Local Settings\Temp\7zS40E7\setup\hpznui01.exe:*:Enabled:hpznui01.exe
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\{71C4F928-136A-4222-A191-310E081FB96B}\setup\hpznui01.exe" = C:\Program Files\HP\Digital Imaging\{71C4F928-136A-4222-A191-310E081FB96B}\setup\hpznui01.exe:*:Enabled:hpznui01.exe -- (Hewlett-Packard)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{05832D65-6EDB-4D32-BA78-BCD0E2B91C02}" = Atheros Wireless LAN MiniPCI card Driver
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{097CDB1E-07C9-40F1-9972-F0F9F3A287E4}" = Network
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID Sign-in Assistant
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18DB3375-0649-4EA3-959A-44F1ACD278BA}" = IncrediMail
"{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java(TM) 6 Update 26
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator 2
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4216D328-0FE8-48B8-85B8-BD300E6F080F}" = Nokia Connectivity Cable Driver
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5D96E2B1-D9AC-46E0-9073-425C5F63E338}" = Touch and Launch
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{64212898-097F-4F3F-AECA-6D34A7EF82DF}" = TOSHIBA Zooming Utility
"{64DD71BC-3109-4C88-9AD3-D5422644B722}" = TOSHIBA Hotkey Utility
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69BE47C2-36FE-4397-8199-85D8EAE69982}" = TOSHIBA TouchPad ON/Off Utility
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71C4F928-136A-4222-A191-310E081FB96B}" = HP Photosmart C309a All-In-One Driver 14.0 Rel. 5
"{71D658CF-4E0D-4DA8-AA67-8C0B6F1C01FE}" = Atheros Client Utility
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar)
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar
"{788A0222-5690-4212-AA9C-C48FD0E1C9AE}" = Photo Notifier and Animation Creator
"{78C68CB9-3DF5-44F3-AB9D-FA305C5EB85C}" = TOSHIBA Utilities
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder
"{7E6066E6-8B5B-4100-B0FA-1D9E9B663CBA}" = iTunes
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{888F0154-4AAA-4719-BFAE-01C3066B8408}" = C309a
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8B12BA86-ADAC-4BA6-B441-FFC591087252}" = TOSHIBA Virtual Sound
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for TOSHIBA
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}" = DVD-RAM Driver
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}" = Highlight Viewer (Windows Live Toolbar)
"{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}" = TOSHIBA Controls
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.0)
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B148AB4B-C8FA-474B-B981-F2943C5B5BCD}" = OGA Notifier 1.7.0105.35.0
"{B1EE1CC5-6CED-4801-BFFF-8454F21A245A}" = Garmin Communicator Plugin
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{BBF08789-06CB-4D2F-9330-CD617AFDE528}" = Fax
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D17111CB-C992-42A9-9D56-C19395102AAA}" = Garmin WebUpdater
"{D4AEC53C-1720-41D9-B6D7-6A60DE62D444}" = PC Connectivity Solution
"{D92FF8EB-BD77-40AE-B68B-A6BFC6F8661D}" = Windows Live Family Safety
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{F38FD0E4-B991-462B-873D-F2115EADD093}" = Nokia PC Suite
"{FA0E7183-6B11-4899-B25F-2C490543967E}" = PS_AIO_05_C309_Software_Min
"{FE7E1DD7-EBCE-4696-ADE2-22BDBF2372DA}" = DocumentViewer
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"6DA48AFDE796708D5A4C9121A83E7617A63A9A15" = Windows Driver Package - Nokia Modem (10/07/2010 4.6)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"All ATI Software" = ATI - Software Uninstall Utility
"Ashampoo Burning Studio 2010 Advanced_is1" = Ashampoo Burning Studio 2010 Advanced
"Ashampoo Music Studio 2009_is1" = Ashampoo Music Studio 2009
"ATI Display Driver" = ATI Display Driver
"Audacity_is1" = Audacity 1.2.4
"AudioShell_is1" = AudioShell 1.3.5
"CCleaner" = CCleaner
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.52.1
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"E5372C32E8562C76C24DBA6525002B1031495F34" = Windows Driver Package - Nokia Modem (06/09/2010 7.01.0.8)
"FileZilla Client" = FileZilla Client 3.3.2
"Free Audio Converter_is1" = Free Audio Converter version 2.2.19.602
"Free Download Manager_is1" = Free Download Manager 3.0
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ie7" = Windows Internet Explorer 7
"IncrediMail" = IncrediMail 2.0
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 6.9.0
"KRISTAL Audio Engine" = KRISTAL Audio Engine
"LADSPA_plugins-win_is1" = LADSPA_plugins-win-0.4.15
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"Maemo Flasher 3.5_is1" = Maemo Flasher 3.5
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mp3tag" = Mp3tag v2.46a
"MsgPlus! Plugin" = Messenger Plus! 3
"Nokia PC Suite" = Nokia PC Suite
"PC Diagnostic Tool" = TOSHIBA PC Diagnostic Tool
"Photo Notifier and Animation Creator" = Photo Notifier and Animation Creator
"Power Saver" = TOSHIBA Power Saver
"PS3 Media Server" = PS3 Media Server
"Secunia PSI" = Secunia PSI
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"uTorrent" = µTorrent
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"ZoneAlarm Extreme Security" = ZoneAlarm Extreme Security

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/18/2011 7:32:50 AM | Computer Name = GRANT | Source = Windows Search Service | ID = 3083
Description = The protocol handler MDatastorePH.MDatastoreProtocol.1 cannot be loaded.
Error description: Class not registered .

Error - 7/18/2011 7:40:05 AM | Computer Name = GRANT | Source = Windows Search Service | ID = 3083
Description = The protocol handler MDatastorePH.MDatastoreProtocol.1 cannot be loaded.
Error description: Class not registered .

Error - 7/18/2011 7:47:18 AM | Computer Name = GRANT | Source = Windows Search Service | ID = 3083
Description = The protocol handler MDatastorePH.MDatastoreProtocol.1 cannot be loaded.
Error description: Class not registered .

Error - 7/18/2011 7:54:34 AM | Computer Name = GRANT | Source = Windows Search Service | ID = 3083
Description = The protocol handler MDatastorePH.MDatastoreProtocol.1 cannot be loaded.
Error description: Class not registered .

Error - 7/18/2011 8:01:47 AM | Computer Name = GRANT | Source = Windows Search Service | ID = 3083
Description = The protocol handler MDatastorePH.MDatastoreProtocol.1 cannot be loaded.
Error description: Class not registered .

Error - 7/18/2011 8:09:00 AM | Computer Name = GRANT | Source = Windows Search Service | ID = 3083
Description = The protocol handler MDatastorePH.MDatastoreProtocol.1 cannot be loaded.
Error description: Class not registered .

Error - 7/18/2011 8:16:12 AM | Computer Name = GRANT | Source = Windows Search Service | ID = 3083
Description = The protocol handler MDatastorePH.MDatastoreProtocol.1 cannot be loaded.
Error description: Class not registered .

Error - 7/18/2011 8:23:25 AM | Computer Name = GRANT | Source = Windows Search Service | ID = 3083
Description = The protocol handler MDatastorePH.MDatastoreProtocol.1 cannot be loaded.
Error description: Class not registered .

Error - 7/18/2011 8:30:28 AM | Computer Name = GRANT | Source = Windows Search Service | ID = 3083
Description = The protocol handler MDatastorePH.MDatastoreProtocol.1 cannot be loaded.
Error description: Class not registered .

Error - 7/18/2011 8:37:32 AM | Computer Name = GRANT | Source = Windows Search Service | ID = 3083
Description = The protocol handler MDatastorePH.MDatastoreProtocol.1 cannot be loaded.
Error description: Class not registered .

[ OSession Events ]
Error - 1/25/2010 6:36:23 PM | Computer Name = GRANT | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 62183
seconds with 360 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 7/19/2011 9:07:22 PM | Computer Name = GRANT | Source = Service Control Manager | ID = 7034
Description = The Network Location Awareness (NLA) service terminated unexpectedly.
It has done this 3 time(s).

Error - 7/19/2011 9:11:06 PM | Computer Name = GRANT | Source = Service Control Manager | ID = 7023
Description = The HP CUE DeviceDiscovery Service service terminated with the following
error: %%126

Error - 7/20/2011 12:15:09 AM | Computer Name = GRANT | Source = Service Control Manager | ID = 7023
Description = The HP CUE DeviceDiscovery Service service terminated with the following
error: %%126

Error - 7/20/2011 12:19:03 AM | Computer Name = GRANT | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service iPod Service
with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}

Error - 7/20/2011 12:19:04 AM | Computer Name = GRANT | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the iPod Service service
to connect.

Error - 7/20/2011 12:19:04 AM | Computer Name = GRANT | Source = Service Control Manager | ID = 7000
Description = The iPod Service service failed to start due to the following error:
%%1053

Error - 7/20/2011 2:27:20 AM | Computer Name = GRANT | Source = Service Control Manager | ID = 7023
Description = The HP CUE DeviceDiscovery Service service terminated with the following
error: %%126

Error - 7/20/2011 8:47:46 AM | Computer Name = GRANT | Source = Service Control Manager | ID = 7023
Description = The HP CUE DeviceDiscovery Service service terminated with the following
error: %%126

Error - 7/20/2011 8:53:20 AM | Computer Name = GRANT | Source = BROWSER | ID = 8032
Description = The browser service has failed to retrieve the backup list too many
times on transport \Device\NetBT_Tcpip_{2FAB0F7D-FFD9-4969-AD34-322C55628535}. The
backup browser is stopping.

Error - 7/20/2011 8:57:33 AM | Computer Name = GRANT | Source = Service Control Manager | ID = 7023
Description = The HP CUE DeviceDiscovery Service service terminated with the following
error: %%126


< End of report >


aswMBR version 0.9.7.777 Copyright(c) 2011 AVAST Software
Run date: 2011-07-20 23:13:46
-----------------------------
23:13:46.265 OS Version: Windows 5.1.2600 Service Pack 3
23:13:46.265 Number of processors: 1 586 0xD08
23:13:46.265 ComputerName: GRANT UserName:
23:13:54.390 Initialize success
23:20:21.421 AVAST engine defs: 11072000
23:24:08.625 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
23:24:08.625 Disk 0 Vendor: HTS541040G9SA00 MB2OC60D Size: 38154MB BusType: 3
23:24:08.625 Device \Driver\atapi -> DriverStartIo 8a77531b
23:24:10.625 Disk 0 MBR read successfully
23:24:10.625 Disk 0 MBR scan
23:24:10.718 Disk 0 TDL4@MBR code has been found
23:24:10.718 Disk 0 Windows XP default MBR code found via API
23:24:10.734 Disk 0 MBR hidden
23:24:10.734 Disk 0 MBR [TDL4] **ROOTKIT**
23:24:10.734 Disk 0 trace - called modules:
23:24:10.734 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8a7754d0]<<
23:24:10.734 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a7adab8]
23:24:10.750 3 CLASSPNP.SYS[f7657fd7] -> nt!IofCallDriver -> [0x8a7d3240]
23:24:10.781 \Driver\atapi[0x8a7c1808] -> IRP_MJ_CREATE -> 0x8a7754d0
23:24:14.140 AVAST engine scan C:\
01:31:48.390 Scan finished successfully
07:55:21.187 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Flickels\My Documents\MBR.dat"
07:55:21.203 The log file has been saved successfully to "C:\Documents and Settings\Flickels\My Documents\aswMBR.txt"


Results of screen317's Security Check version 0.99.17
Windows XP Service Pack 3
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
ZoneAlarm Extreme Security
```````````````````````````````
Anti-malware/Other Utilities Check:

MVPS Hosts File
Malwarebytes' Anti-Malware
CCleaner
Java(TM) 6 Update 26
Adobe Flash Player
Adobe Reader X (10.1.0)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Zone Labs ZoneAlarm zlclient.exe
``````````End of Log````````````

furns

Newbie Surfer
Newbie Surfer

Posts : 18
Joined : 2011-07-20
Operating System : xp

View user profile

Back to top Go down

Re: Hidden malware - Please help

Post by Belahzur on Thu 21 Jul 2011, 10:45 pm

Hello.

Please download TDSSKiller from here and save it to your Desktop.

  • Doubleclick TDSSKiller.exe to run the tool
  • Click the Start Scan button
  • After the scan has finished, click the Close button
  • Click the Report button and copy/paste the contents of it into your next reply
Note:It will also create a log in the C:\ directory.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Hidden malware - Please help

Post by furns on Fri 22 Jul 2011, 9:40 am

Here you go.
It found a rootkit but I skipped the removal

2011/07/22 08:34:06.0937 5468 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56
2011/07/22 08:34:07.0812 5468 ================================================================================
2011/07/22 08:34:07.0812 5468 SystemInfo:
2011/07/22 08:34:07.0812 5468
2011/07/22 08:34:07.0812 5468 OS Version: 5.1.2600 ServicePack: 3.0
2011/07/22 08:34:07.0812 5468 Product type: Workstation
2011/07/22 08:34:07.0812 5468 ComputerName: GRANT
2011/07/22 08:34:07.0812 5468 UserName: Flickels
2011/07/22 08:34:07.0812 5468 Windows directory: C:\WINDOWS
2011/07/22 08:34:07.0812 5468 System windows directory: C:\WINDOWS
2011/07/22 08:34:07.0812 5468 Processor architecture: Intel x86
2011/07/22 08:34:07.0812 5468 Number of processors: 1
2011/07/22 08:34:07.0812 5468 Page size: 0x1000
2011/07/22 08:34:07.0812 5468 Boot type: Normal boot
2011/07/22 08:34:07.0812 5468 ================================================================================
2011/07/22 08:34:23.0734 5468 Initialize success
2011/07/22 08:34:36.0562 1072 ================================================================================
2011/07/22 08:34:36.0562 1072 Scan started
2011/07/22 08:34:36.0562 1072 Mode: Manual;
2011/07/22 08:34:36.0562 1072 ================================================================================
2011/07/22 08:34:38.0484 1072 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/07/22 08:34:38.0562 1072 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/07/22 08:34:38.0671 1072 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/07/22 08:34:38.0781 1072 AegisP (2c5c22990156a1063e19ad162191dc1d) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2011/07/22 08:34:38.0875 1072 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
2011/07/22 08:34:38.0984 1072 AgereSoftModem (b3192376c7a3814b5341efc2202022f8) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
2011/07/22 08:34:39.0328 1072 AR5211 (f0a8370d570428e83d78593e9dfb2e5a) C:\WINDOWS\system32\DRIVERS\ar5211.sys
2011/07/22 08:34:39.0593 1072 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/07/22 08:34:39.0812 1072 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/07/22 08:34:39.0953 1072 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/07/22 08:34:40.0125 1072 ati2mtag (03621f7f968ff63713943405deb777f9) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/07/22 08:34:40.0250 1072 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/07/22 08:34:40.0328 1072 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/07/22 08:34:40.0406 1072 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/07/22 08:34:40.0500 1072 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/07/22 08:34:40.0562 1072 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/07/22 08:34:40.0671 1072 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/07/22 08:34:40.0750 1072 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/07/22 08:34:40.0828 1072 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/07/22 08:34:41.0125 1072 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/07/22 08:34:41.0343 1072 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/07/22 08:34:41.0625 1072 cpuz132 (097a0a4899b759a4f032bd464963b4be) C:\WINDOWS\system32\drivers\cpuz132_x32.sys
2011/07/22 08:34:41.0921 1072 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/07/22 08:34:42.0031 1072 DLABOIOM (efae981c8ba3dad4103a76bcb5955b07) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
2011/07/22 08:34:42.0312 1072 DLACDBHM (8d45ac148fd8c1a25204aeca1397fa7e) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
2011/07/22 08:34:42.0375 1072 DLADResN (3e34a0991efdaf8cfa97441c3a51fc81) C:\WINDOWS\system32\DLA\DLADResN.SYS
2011/07/22 08:34:42.0437 1072 DLAIFS_M (2aef49904bde7398d0f09b6a603738ef) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
2011/07/22 08:34:42.0500 1072 DLAOPIOM (46fa268a829384256179f4ccb6eb308f) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
2011/07/22 08:34:42.0562 1072 DLAPoolM (26e89839af248625a4e7c4cf5873375d) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
2011/07/22 08:34:42.0625 1072 DLARTL_N (94accf8f7b87fbeaa27266927319e6ba) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
2011/07/22 08:34:42.0687 1072 DLAUDFAM (5e914bd7f68dde3fb4bffe005162c1e6) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
2011/07/22 08:34:42.0750 1072 DLAUDF_M (8c3cfb22a7fb3be67e0c321fa10b8b50) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
2011/07/22 08:34:42.0859 1072 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/07/22 08:34:43.0187 1072 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/07/22 08:34:43.0312 1072 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/07/22 08:34:43.0578 1072 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/07/22 08:34:43.0781 1072 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/07/22 08:34:43.0859 1072 DRVMCDB (ab6c5c26fff9b3c456aeaf7e0093c2fe) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
2011/07/22 08:34:43.0937 1072 DRVNDDM (4a307ade1638d9358b6eb90076481cc6) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
2011/07/22 08:34:44.0062 1072 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/07/22 08:34:44.0265 1072 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/07/22 08:34:44.0328 1072 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/07/22 08:34:44.0437 1072 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/07/22 08:34:44.0515 1072 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/07/22 08:34:44.0625 1072 fssfltr (c6ee3a87fe609d3e1db9dbd072a248de) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
2011/07/22 08:34:44.0718 1072 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/07/22 08:34:44.0796 1072 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/07/22 08:34:44.0921 1072 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/07/22 08:34:45.0046 1072 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/07/22 08:34:45.0218 1072 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/07/22 08:34:45.0375 1072 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/07/22 08:34:45.0562 1072 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/07/22 08:34:45.0609 1072 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/07/22 08:34:45.0687 1072 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/07/22 08:34:45.0765 1072 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/07/22 08:34:46.0015 1072 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/07/22 08:34:46.0156 1072 icsak (66793a4cbe9b5aa07882e3f3622f4ffe) C:\Program Files\CheckPoint\ZAForceField\AK\icsak.sys
2011/07/22 08:34:46.0328 1072 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/07/22 08:34:46.0687 1072 IntcAzAudAddService (1a5b97b5bffde5742f4209f734c4faf0) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/07/22 08:34:47.0125 1072 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/07/22 08:34:47.0203 1072 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/07/22 08:34:47.0312 1072 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/07/22 08:34:47.0390 1072 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/07/22 08:34:47.0468 1072 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/07/22 08:34:47.0562 1072 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/07/22 08:34:47.0640 1072 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/07/22 08:34:47.0734 1072 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/07/22 08:34:47.0875 1072 ISWKL (f0dec1fdc2e67aedd8cc00b48eee0d43) C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
2011/07/22 08:34:47.0984 1072 Iviaspi (f59c3569a2f2c464bb78cb1bdcdca55e) C:\WINDOWS\system32\drivers\iviaspi.sys
2011/07/22 08:34:48.0125 1072 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/07/22 08:34:48.0187 1072 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/07/22 08:34:48.0281 1072 kl1 (7dd41b7ac1fbb1dbf20bb1f4e4fbe58c) C:\WINDOWS\system32\DRIVERS\kl1.sys
2011/07/22 08:34:48.0390 1072 KLIF (a11c971434468fa05815eec8228d63fd) C:\WINDOWS\system32\DRIVERS\klif.sys
2011/07/22 08:34:48.0484 1072 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/07/22 08:34:48.0593 1072 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/07/22 08:34:48.0703 1072 LBeepKE (ca63fe81705ad660e482bef210bf2c73) C:\WINDOWS\system32\Drivers\LBeepKE.sys
2011/07/22 08:34:48.0921 1072 LHidFilt (b68309f25c5787385da842eb5b496958) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
2011/07/22 08:34:49.0015 1072 libusb0 (03e12dbfacf1aeb86c553b0db488fb81) C:\WINDOWS\system32\drivers\libusb0.sys
2011/07/22 08:34:49.0125 1072 LMouFilt (63d3b1d3cd267fcc186a0146b80d453b) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
2011/07/22 08:34:49.0218 1072 MBAMProtector (eca00eed9ab95489007b0ef84c7149de) C:\WINDOWS\system32\drivers\mbam.sys
2011/07/22 08:34:49.0296 1072 meiudf (7efac183a25b30fb5d64cc9d484b1eb6) C:\WINDOWS\system32\Drivers\meiudf.sys
2011/07/22 08:34:49.0375 1072 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/07/22 08:34:49.0484 1072 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/07/22 08:34:49.0562 1072 motmodem (5023875a94b0766d98a62a72bc4cb055) C:\WINDOWS\system32\DRIVERS\motmodem.sys
2011/07/22 08:34:49.0687 1072 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/07/22 08:34:49.0812 1072 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/07/22 08:34:49.0890 1072 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/07/22 08:34:50.0000 1072 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/07/22 08:34:50.0140 1072 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/07/22 08:34:50.0250 1072 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/07/22 08:34:50.0375 1072 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/07/22 08:34:50.0484 1072 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/07/22 08:34:50.0562 1072 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/07/22 08:34:50.0640 1072 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/07/22 08:34:50.0734 1072 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/07/22 08:34:50.0812 1072 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2011/07/22 08:34:50.0890 1072 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/07/22 08:34:50.0984 1072 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/07/22 08:34:51.0062 1072 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/07/22 08:34:51.0140 1072 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/07/22 08:34:51.0234 1072 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/07/22 08:34:51.0328 1072 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/07/22 08:34:51.0500 1072 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/07/22 08:34:51.0562 1072 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/07/22 08:34:51.0671 1072 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/07/22 08:34:51.0750 1072 Netdevio (1265eb253ed4ebe4acb3bd5f548ff796) C:\WINDOWS\system32\DRIVERS\netdevio.sys
2011/07/22 08:34:51.0843 1072 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/07/22 08:34:51.0937 1072 nmwcd (48fb907b069524f2dc7ba62a0762850c) C:\WINDOWS\system32\drivers\ccdcmb.sys
2011/07/22 08:34:52.0015 1072 nmwcdc (2914ceb789964141ac6e22c6bc980c42) C:\WINDOWS\system32\drivers\ccdcmbo.sys
2011/07/22 08:34:52.0078 1072 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/07/22 08:34:52.0437 1072 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/07/22 08:34:52.0562 1072 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/07/22 08:34:52.0687 1072 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/07/22 08:34:52.0750 1072 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/07/22 08:34:52.0843 1072 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/07/22 08:34:52.0937 1072 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2011/07/22 08:34:53.0015 1072 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/07/22 08:34:53.0093 1072 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/07/22 08:34:53.0187 1072 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
2011/07/22 08:34:53.0250 1072 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/07/22 08:34:53.0359 1072 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/07/22 08:34:53.0453 1072 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2011/07/22 08:34:53.0750 1072 Pfc (444f122e68db44c0589227781f3c8b3f) C:\WINDOWS\system32\drivers\pfc.sys
2011/07/22 08:34:53.0812 1072 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/07/22 08:34:53.0875 1072 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/07/22 08:34:54.0015 1072 PSI (365622e1f0b6d5f9871d76e89bf0501a) C:\WINDOWS\system32\DRIVERS\psi_mf.sys
2011/07/22 08:34:54.0109 1072 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/07/22 08:34:54.0187 1072 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/07/22 08:34:54.0421 1072 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/07/22 08:34:54.0515 1072 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/07/22 08:34:54.0609 1072 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/07/22 08:34:54.0687 1072 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/07/22 08:34:54.0765 1072 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/07/22 08:34:54.0828 1072 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/07/22 08:34:54.0921 1072 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/07/22 08:34:55.0015 1072 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/07/22 08:34:55.0140 1072 RTL8023xp (cf84b1f0e8b14d4120aaf9cf35cbb265) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
2011/07/22 08:34:55.0250 1072 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
2011/07/22 08:34:55.0390 1072 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/07/22 08:34:55.0453 1072 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/07/22 08:34:55.0640 1072 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/07/22 08:34:55.0750 1072 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2011/07/22 08:34:55.0890 1072 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
2011/07/22 08:34:56.0000 1072 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/07/22 08:34:56.0140 1072 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/07/22 08:34:56.0250 1072 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/07/22 08:34:56.0453 1072 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/07/22 08:34:56.0578 1072 ssoftnt4 (4e64fac18de951413218a5bbe6831075) C:\WINDOWS\system32\Drivers\ssoftnt4.sys
2011/07/22 08:34:56.0750 1072 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
2011/07/22 08:34:56.0828 1072 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/07/22 08:34:56.0937 1072 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/07/22 08:34:57.0000 1072 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/07/22 08:34:57.0265 1072 SynTP (cfb41bf11ae95c26133bae3ec2e334bd) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2011/07/22 08:34:57.0375 1072 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/07/22 08:34:57.0515 1072 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/07/22 08:34:57.0609 1072 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/07/22 08:34:57.0734 1072 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/07/22 08:34:57.0812 1072 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/07/22 08:34:57.0968 1072 TVALD (676db15ddf2e0ff6ec03068dea428b8b) C:\WINDOWS\system32\DRIVERS\NBSMI.sys
2011/07/22 08:34:58.0031 1072 Tvs (12c836c7fe526d7b3239af82e4083be2) C:\WINDOWS\system32\DRIVERS\Tvs.sys
2011/07/22 08:34:58.0125 1072 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/07/22 08:34:58.0250 1072 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/07/22 08:34:58.0453 1072 upperdev (e526a166e6acafd0a9b3841d3941669e) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
2011/07/22 08:34:58.0609 1072 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/07/22 08:34:58.0671 1072 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/07/22 08:34:58.0765 1072 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/07/22 08:34:58.0859 1072 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/07/22 08:34:58.0968 1072 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/07/22 08:34:59.0031 1072 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/07/22 08:34:59.0109 1072 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/07/22 08:34:59.0187 1072 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/07/22 08:34:59.0265 1072 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\DRIVERS\usbser.sys
2011/07/22 08:34:59.0406 1072 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/07/22 08:34:59.0546 1072 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
2011/07/22 08:34:59.0625 1072 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/07/22 08:34:59.0718 1072 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/07/22 08:34:59.0828 1072 vsdatant (7f10c6c385a03f40b07d682bfaa07e2f) C:\WINDOWS\system32\vsdatant.sys
2011/07/22 08:35:00.0015 1072 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/07/22 08:35:00.0140 1072 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2011/07/22 08:35:00.0421 1072 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/07/22 08:35:00.0640 1072 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
2011/07/22 08:35:00.0765 1072 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/07/22 08:35:00.0875 1072 WudfPf (6ff66513d372d479ef1810223c8d20ce) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/07/22 08:35:00.0984 1072 MBR (0x1B8) (2460cf20f76386c3747bee6cabcdbb99) \Device\Harddisk0\DR0
2011/07/22 08:35:01.0000 1072 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/07/22 08:35:01.0031 1072 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR3
2011/07/22 08:35:01.0531 1072 Boot (0x1200) (cb4089a05a9a17083b07cc6c58af5a5f) \Device\Harddisk0\DR0\Partition0
2011/07/22 08:35:01.0562 1072 Boot (0x1200) (4ee1eef8c645c4675e1c2671a3b5fcf5) \Device\Harddisk1\DR3\Partition0
2011/07/22 08:35:01.0578 1072 Boot (0x1200) (d4b5cbcdced9625338764d2436769d2a) \Device\Harddisk1\DR3\Partition1
2011/07/22 08:35:01.0625 1072 Boot (0x1200) (ecf24dcd730d3b0ebd16665985ce2f29) \Device\Harddisk1\DR3\Partition2
2011/07/22 08:35:01.0625 1072 ================================================================================
2011/07/22 08:35:01.0625 1072 Scan finished
2011/07/22 08:35:01.0625 1072 ================================================================================
2011/07/22 08:35:01.0656 0416 Detected object count: 1
2011/07/22 08:35:01.0656 0416 Actual detected object count: 1
2011/07/22 08:38:31.0531 0416 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Skip

furns

Newbie Surfer
Newbie Surfer

Posts : 18
Joined : 2011-07-20
Operating System : xp

View user profile

Back to top Go down

Re: Hidden malware - Please help

Post by Belahzur on Sun 24 Jul 2011, 7:34 am

Hello.
Did you choose to skip removing the TDL4 infection when TDSSKiller ran? please select it to heal it.

Run TDSSKiller again.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Hidden malware - Please help

Post by furns on Sun 24 Jul 2011, 1:59 pm

I wasnt sure if TDSS returned false positive results, hence why I skipped.
I ran it again and it cleaned the TDL4 on reboot.
Have rescanned with TDSS and it found no infections

2011/07/24 12:54:12.0750 1816 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56
2011/07/24 12:54:13.0656 1816 ================================================================================
2011/07/24 12:54:13.0656 1816 SystemInfo:
2011/07/24 12:54:13.0671 1816
2011/07/24 12:54:13.0671 1816 OS Version: 5.1.2600 ServicePack: 3.0
2011/07/24 12:54:13.0671 1816 Product type: Workstation
2011/07/24 12:54:13.0671 1816 ComputerName: GRANT
2011/07/24 12:54:13.0671 1816 UserName: Flickels
2011/07/24 12:54:13.0671 1816 Windows directory: C:\WINDOWS
2011/07/24 12:54:13.0671 1816 System windows directory: C:\WINDOWS
2011/07/24 12:54:13.0671 1816 Processor architecture: Intel x86
2011/07/24 12:54:13.0671 1816 Number of processors: 1
2011/07/24 12:54:13.0671 1816 Page size: 0x1000
2011/07/24 12:54:13.0671 1816 Boot type: Normal boot
2011/07/24 12:54:13.0671 1816 ================================================================================
2011/07/24 12:54:16.0265 1816 Initialize success
2011/07/24 12:54:49.0125 5464 ================================================================================
2011/07/24 12:54:49.0125 5464 Scan started
2011/07/24 12:54:49.0125 5464 Mode: Manual;
2011/07/24 12:54:49.0125 5464 ================================================================================
2011/07/24 12:54:50.0734 5464 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/07/24 12:54:50.0796 5464 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/07/24 12:54:50.0937 5464 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/07/24 12:54:51.0031 5464 AegisP (2c5c22990156a1063e19ad162191dc1d) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2011/07/24 12:54:51.0125 5464 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
2011/07/24 12:54:51.0375 5464 AgereSoftModem (b3192376c7a3814b5341efc2202022f8) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
2011/07/24 12:54:52.0109 5464 AR5211 (f0a8370d570428e83d78593e9dfb2e5a) C:\WINDOWS\system32\DRIVERS\ar5211.sys
2011/07/24 12:54:52.0218 5464 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/07/24 12:54:52.0437 5464 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/07/24 12:54:52.0515 5464 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/07/24 12:54:52.0906 5464 ati2mtag (03621f7f968ff63713943405deb777f9) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/07/24 12:54:53.0031 5464 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/07/24 12:54:53.0140 5464 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/07/24 12:54:53.0203 5464 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/07/24 12:54:53.0312 5464 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/07/24 12:54:53.0390 5464 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/07/24 12:54:53.0515 5464 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/07/24 12:54:53.0640 5464 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/07/24 12:54:53.0812 5464 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/07/24 12:54:53.0984 5464 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/07/24 12:54:54.0078 5464 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/07/24 12:54:54.0250 5464 cpuz132 (097a0a4899b759a4f032bd464963b4be) C:\WINDOWS\system32\drivers\cpuz132_x32.sys
2011/07/24 12:54:54.0406 5464 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/07/24 12:54:54.0515 5464 DLABOIOM (efae981c8ba3dad4103a76bcb5955b07) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
2011/07/24 12:54:54.0578 5464 DLACDBHM (8d45ac148fd8c1a25204aeca1397fa7e) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
2011/07/24 12:54:54.0640 5464 DLADResN (3e34a0991efdaf8cfa97441c3a51fc81) C:\WINDOWS\system32\DLA\DLADResN.SYS
2011/07/24 12:54:54.0703 5464 DLAIFS_M (2aef49904bde7398d0f09b6a603738ef) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
2011/07/24 12:54:54.0750 5464 DLAOPIOM (46fa268a829384256179f4ccb6eb308f) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
2011/07/24 12:54:54.0812 5464 DLAPoolM (26e89839af248625a4e7c4cf5873375d) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
2011/07/24 12:54:54.0890 5464 DLARTL_N (94accf8f7b87fbeaa27266927319e6ba) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
2011/07/24 12:54:54.0984 5464 DLAUDFAM (5e914bd7f68dde3fb4bffe005162c1e6) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
2011/07/24 12:54:55.0062 5464 DLAUDF_M (8c3cfb22a7fb3be67e0c321fa10b8b50) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
2011/07/24 12:54:55.0171 5464 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/07/24 12:54:55.0437 5464 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/07/24 12:54:55.0562 5464 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/07/24 12:54:55.0640 5464 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/07/24 12:54:55.0750 5464 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/07/24 12:54:55.0828 5464 DRVMCDB (ab6c5c26fff9b3c456aeaf7e0093c2fe) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
2011/07/24 12:54:55.0921 5464 DRVNDDM (4a307ade1638d9358b6eb90076481cc6) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
2011/07/24 12:54:56.0062 5464 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/07/24 12:54:56.0156 5464 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/07/24 12:54:56.0250 5464 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/07/24 12:54:56.0312 5464 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/07/24 12:54:56.0390 5464 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/07/24 12:54:56.0515 5464 fssfltr (c6ee3a87fe609d3e1db9dbd072a248de) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
2011/07/24 12:54:56.0718 5464 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/07/24 12:54:56.0812 5464 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/07/24 12:54:56.0890 5464 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/07/24 12:54:56.0984 5464 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/07/24 12:54:57.0093 5464 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/07/24 12:54:57.0171 5464 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/07/24 12:54:57.0375 5464 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/07/24 12:54:57.0437 5464 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/07/24 12:54:57.0500 5464 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/07/24 12:54:57.0593 5464 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/07/24 12:54:57.0953 5464 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/07/24 12:54:58.0125 5464 icsak (66793a4cbe9b5aa07882e3f3622f4ffe) C:\Program Files\CheckPoint\ZAForceField\AK\icsak.sys
2011/07/24 12:54:58.0234 5464 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/07/24 12:54:58.0578 5464 IntcAzAudAddService (1a5b97b5bffde5742f4209f734c4faf0) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/07/24 12:54:58.0937 5464 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/07/24 12:54:59.0031 5464 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/07/24 12:54:59.0140 5464 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/07/24 12:54:59.0234 5464 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/07/24 12:54:59.0312 5464 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/07/24 12:54:59.0406 5464 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/07/24 12:54:59.0484 5464 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/07/24 12:54:59.0562 5464 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/07/24 12:54:59.0703 5464 ISWKL (f0dec1fdc2e67aedd8cc00b48eee0d43) C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
2011/07/24 12:54:59.0796 5464 Iviaspi (f59c3569a2f2c464bb78cb1bdcdca55e) C:\WINDOWS\system32\drivers\iviaspi.sys
2011/07/24 12:54:59.0953 5464 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/07/24 12:55:00.0046 5464 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/07/24 12:55:00.0156 5464 kl1 (7dd41b7ac1fbb1dbf20bb1f4e4fbe58c) C:\WINDOWS\system32\DRIVERS\kl1.sys
2011/07/24 12:55:00.0281 5464 KLIF (a11c971434468fa05815eec8228d63fd) C:\WINDOWS\system32\DRIVERS\klif.sys
2011/07/24 12:55:00.0390 5464 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/07/24 12:55:00.0515 5464 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/07/24 12:55:00.0703 5464 LBeepKE (ca63fe81705ad660e482bef210bf2c73) C:\WINDOWS\system32\Drivers\LBeepKE.sys
2011/07/24 12:55:00.0859 5464 LHidFilt (b68309f25c5787385da842eb5b496958) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
2011/07/24 12:55:00.0953 5464 libusb0 (03e12dbfacf1aeb86c553b0db488fb81) C:\WINDOWS\system32\drivers\libusb0.sys
2011/07/24 12:55:01.0046 5464 LMouFilt (63d3b1d3cd267fcc186a0146b80d453b) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
2011/07/24 12:55:01.0156 5464 MBAMProtector (eca00eed9ab95489007b0ef84c7149de) C:\WINDOWS\system32\drivers\mbam.sys
2011/07/24 12:55:01.0250 5464 meiudf (7efac183a25b30fb5d64cc9d484b1eb6) C:\WINDOWS\system32\Drivers\meiudf.sys
2011/07/24 12:55:01.0328 5464 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/07/24 12:55:01.0437 5464 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/07/24 12:55:01.0515 5464 motmodem (5023875a94b0766d98a62a72bc4cb055) C:\WINDOWS\system32\DRIVERS\motmodem.sys
2011/07/24 12:55:01.0593 5464 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/07/24 12:55:01.0734 5464 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/07/24 12:55:01.0859 5464 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/07/24 12:55:02.0000 5464 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/07/24 12:55:02.0125 5464 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/07/24 12:55:02.0234 5464 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/07/24 12:55:02.0359 5464 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/07/24 12:55:02.0468 5464 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/07/24 12:55:02.0546 5464 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/07/24 12:55:02.0640 5464 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/07/24 12:55:02.0703 5464 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/07/24 12:55:02.0781 5464 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2011/07/24 12:55:02.0859 5464 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/07/24 12:55:02.0984 5464 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/07/24 12:55:03.0046 5464 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/07/24 12:55:03.0140 5464 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/07/24 12:55:03.0218 5464 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/07/24 12:55:03.0343 5464 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/07/24 12:55:03.0468 5464 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/07/24 12:55:03.0578 5464 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/07/24 12:55:03.0671 5464 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/07/24 12:55:03.0750 5464 Netdevio (1265eb253ed4ebe4acb3bd5f548ff796) C:\WINDOWS\system32\DRIVERS\netdevio.sys
2011/07/24 12:55:03.0859 5464 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/07/24 12:55:03.0984 5464 nmwcd (48fb907b069524f2dc7ba62a0762850c) C:\WINDOWS\system32\drivers\ccdcmb.sys
2011/07/24 12:55:04.0046 5464 nmwcdc (2914ceb789964141ac6e22c6bc980c42) C:\WINDOWS\system32\drivers\ccdcmbo.sys
2011/07/24 12:55:04.0109 5464 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/07/24 12:55:04.0281 5464 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/07/24 12:55:04.0468 5464 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/07/24 12:55:04.0562 5464 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/07/24 12:55:04.0609 5464 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/07/24 12:55:04.0687 5464 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/07/24 12:55:04.0812 5464 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2011/07/24 12:55:04.0875 5464 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/07/24 12:55:04.0968 5464 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/07/24 12:55:05.0078 5464 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
2011/07/24 12:55:05.0156 5464 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/07/24 12:55:05.0250 5464 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/07/24 12:55:05.0328 5464 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2011/07/24 12:55:05.0687 5464 Pfc (444f122e68db44c0589227781f3c8b3f) C:\WINDOWS\system32\drivers\pfc.sys
2011/07/24 12:55:05.0781 5464 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/07/24 12:55:05.0859 5464 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/07/24 12:55:05.0953 5464 PSI (365622e1f0b6d5f9871d76e89bf0501a) C:\WINDOWS\system32\DRIVERS\psi_mf.sys
2011/07/24 12:55:06.0156 5464 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/07/24 12:55:06.0234 5464 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/07/24 12:55:06.0515 5464 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/07/24 12:55:06.0593 5464 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/07/24 12:55:06.0656 5464 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/07/24 12:55:06.0734 5464 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/07/24 12:55:06.0796 5464 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/07/24 12:55:06.0859 5464 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/07/24 12:55:06.0953 5464 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/07/24 12:55:07.0046 5464 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/07/24 12:55:07.0187 5464 RTL8023xp (cf84b1f0e8b14d4120aaf9cf35cbb265) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
2011/07/24 12:55:07.0281 5464 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
2011/07/24 12:55:07.0453 5464 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/07/24 12:55:07.0484 5464 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/07/24 12:55:07.0734 5464 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/07/24 12:55:07.0859 5464 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2011/07/24 12:55:07.0984 5464 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
2011/07/24 12:55:08.0109 5464 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/07/24 12:55:08.0265 5464 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/07/24 12:55:08.0343 5464 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/07/24 12:55:08.0578 5464 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/07/24 12:55:08.0718 5464 ssoftnt4 (4e64fac18de951413218a5bbe6831075) C:\WINDOWS\system32\Drivers\ssoftnt4.sys
2011/07/24 12:55:08.0875 5464 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
2011/07/24 12:55:09.0000 5464 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/07/24 12:55:09.0140 5464 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/07/24 12:55:09.0218 5464 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/07/24 12:55:09.0484 5464 SynTP (cfb41bf11ae95c26133bae3ec2e334bd) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2011/07/24 12:55:09.0562 5464 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/07/24 12:55:09.0703 5464 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/07/24 12:55:09.0812 5464 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/07/24 12:55:09.0890 5464 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/07/24 12:55:10.0109 5464 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/07/24 12:55:10.0328 5464 TVALD (676db15ddf2e0ff6ec03068dea428b8b) C:\WINDOWS\system32\DRIVERS\NBSMI.sys
2011/07/24 12:55:10.0390 5464 Tvs (12c836c7fe526d7b3239af82e4083be2) C:\WINDOWS\system32\DRIVERS\Tvs.sys
2011/07/24 12:55:10.0468 5464 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/07/24 12:55:10.0609 5464 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/07/24 12:55:10.0765 5464 upperdev (e526a166e6acafd0a9b3841d3941669e) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
2011/07/24 12:55:10.0921 5464 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/07/24 12:55:11.0062 5464 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/07/24 12:55:11.0171 5464 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/07/24 12:55:11.0250 5464 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/07/24 12:55:11.0359 5464 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/07/24 12:55:11.0421 5464 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/07/24 12:55:11.0515 5464 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/07/24 12:55:11.0593 5464 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/07/24 12:55:11.0687 5464 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\DRIVERS\usbser.sys
2011/07/24 12:55:11.0781 5464 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/07/24 12:55:11.0937 5464 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
2011/07/24 12:55:12.0031 5464 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/07/24 12:55:12.0171 5464 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/07/24 12:55:12.0296 5464 vsdatant (7f10c6c385a03f40b07d682bfaa07e2f) C:\WINDOWS\system32\vsdatant.sys
2011/07/24 12:55:12.0484 5464 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/07/24 12:55:12.0703 5464 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2011/07/24 12:55:12.0859 5464 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/07/24 12:55:13.0062 5464 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
2011/07/24 12:55:13.0187 5464 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/07/24 12:55:13.0296 5464 WudfPf (6ff66513d372d479ef1810223c8d20ce) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/07/24 12:55:13.0437 5464 MBR (0x1B8) (09ce7397af23d4c0b331b89d0297cc7e) \Device\Harddisk0\DR0
2011/07/24 12:55:13.0718 5464 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR3
2011/07/24 12:55:14.0203 5464 Boot (0x1200) (cb4089a05a9a17083b07cc6c58af5a5f) \Device\Harddisk0\DR0\Partition0
2011/07/24 12:55:14.0218 5464 Boot (0x1200) (4ee1eef8c645c4675e1c2671a3b5fcf5) \Device\Harddisk1\DR3\Partition0
2011/07/24 12:55:14.0250 5464 Boot (0x1200) (d4b5cbcdced9625338764d2436769d2a) \Device\Harddisk1\DR3\Partition1
2011/07/24 12:55:14.0312 5464 Boot (0x1200) (ecf24dcd730d3b0ebd16665985ce2f29) \Device\Harddisk1\DR3\Partition2
2011/07/24 12:55:14.0328 5464 ================================================================================
2011/07/24 12:55:14.0328 5464 Scan finished
2011/07/24 12:55:14.0328 5464 ================================================================================
2011/07/24 12:55:14.0343 1224 Detected object count: 0
2011/07/24 12:55:14.0343 1224 Actual detected object count: 0

Is there anything else we need to do to make sure there is nothing else hiding anywhere or is that sorted it all?

furns

Newbie Surfer
Newbie Surfer

Posts : 18
Joined : 2011-07-20
Operating System : xp

View user profile

Back to top Go down

Re: Hidden malware - Please help

Post by Belahzur on Wed 27 Jul 2011, 12:23 pm

Re-Run aswMBR


  • Click Scan
  • On completion of the scan, click the FIX button,
  • There is a slight pause after clicking the 'Fix' button.
  • Wait for the tool to report 'Infection fixed successfully', now reboot the machine.
  • Rebooting the machine prematurely, before seeing this line will result in an incomplete fix.

    Note:After the 'Infection fixed successfully' message appears, the machine may became unresponsive. You may have to do a hard boot of your machine. That may be a side effect from the fix. All will be well after the reboot.

  • Save the log as before and post in your next reply.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Hidden malware - Please help

Post by furns on Thu 28 Jul 2011, 5:58 pm

aswMBR version 0.9.7.777 Copyright(c) 2011 AVAST Software
Run date: 2011-07-20 23:13:46
-----------------------------
23:13:46.265 OS Version: Windows 5.1.2600 Service Pack 3
23:13:46.265 Number of processors: 1 586 0xD08
23:13:46.265 ComputerName: GRANT UserName:
23:13:54.390 Initialize success
23:20:21.421 AVAST engine defs: 11072000
23:24:08.625 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
23:24:08.625 Disk 0 Vendor: HTS541040G9SA00 MB2OC60D Size: 38154MB BusType: 3
23:24:08.625 Device \Driver\atapi -> DriverStartIo 8a77531b
23:24:10.625 Disk 0 MBR read successfully
23:24:10.625 Disk 0 MBR scan
23:24:10.718 Disk 0 TDL4@MBR code has been found
23:24:10.718 Disk 0 Windows XP default MBR code found via API
23:24:10.734 Disk 0 MBR hidden
23:24:10.734 Disk 0 MBR [TDL4] **ROOTKIT**
23:24:10.734 Disk 0 trace - called modules:
23:24:10.734 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8a7754d0]<<
23:24:10.734 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a7adab8]
23:24:10.750 3 CLASSPNP.SYS[f7657fd7] -> nt!IofCallDriver -> [0x8a7d3240]
23:24:10.781 \Driver\atapi[0x8a7c1808] -> IRP_MJ_CREATE -> 0x8a7754d0
23:24:14.140 AVAST engine scan C:\
01:31:48.390 Scan finished successfully
07:55:21.187 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Flickels\My Documents\MBR.dat"
07:55:21.203 The log file has been saved successfully to "C:\Documents and Settings\Flickels\My Documents\aswMBR.txt"

It didnt find anything to be able to use the Fix button, but it did say it found a TDL4 Rootkit infection. Am I fixing the MBR?

furns

Newbie Surfer
Newbie Surfer

Posts : 18
Joined : 2011-07-20
Operating System : xp

View user profile

Back to top Go down

Re: Hidden malware - Please help

Post by Sneakyone on Sat 30 Jul 2011, 5:30 pm

Hi,

You have to click the Fix MBR button.


I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: Hidden malware - Please help

Post by furns on Wed 03 Aug 2011, 11:25 am

Done

aswMBR version 0.9.7.777 Copyright(c) 2011 AVAST Software
Run date: 2011-08-03 09:01:06
-----------------------------
09:01:06.115 OS Version: Windows 5.1.2600 Service Pack 3
09:01:06.115 Number of processors: 1 586 0xD08
09:01:06.115 ComputerName: GRANT UserName:
09:01:07.224 Initialize success
09:07:45.396 AVAST engine defs: 11080201
09:42:22.662 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
09:42:22.662 Disk 0 Vendor: HTS541040G9SA00 MB2OC60D Size: 38154MB BusType: 3
09:42:22.693 Disk 0 MBR read successfully
09:42:22.693 Disk 0 MBR scan
09:42:23.318 Disk 0 Windows XP default MBR code
09:42:23.334 Disk 0 scanning sectors +78140160
09:42:24.052 Disk 0 scanning C:\WINDOWS\system32\drivers
09:42:54.865 Service scanning
09:42:56.552 Disk 0 trace - called modules:
09:42:56.568 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
09:42:56.568 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a792ab8]
09:42:56.568 3 CLASSPNP.SYS[f7657fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a7b9d98]
09:42:57.068 AVAST engine scan C:\WINDOWS
09:43:10.005 AVAST engine scan C:\WINDOWS\system32
09:47:00.990 AVAST engine scan C:\WINDOWS\system32\drivers
09:47:31.021 AVAST engine scan C:\Documents and Settings\Flickels
09:59:42.521 AVAST engine scan C:\Documents and Settings\All Users
10:04:28.505 Scan finished successfully
10:20:42.849 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Flickels\My Documents\Downloads\MBR.dat"
10:20:42.927 The log file has been saved successfully to "C:\Documents and Settings\Flickels\My Documents\Downloads\aswMBR.txt"
10:24:09.755 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Flickels\My Documents\Downloads\MBR.dat"
10:24:09.771 The log file has been saved successfully to "C:\Documents and Settings\Flickels\My Documents\Downloads\aswMBR.txt"


furns

Newbie Surfer
Newbie Surfer

Posts : 18
Joined : 2011-07-20
Operating System : xp

View user profile

Back to top Go down

Re: Hidden malware - Please help

Post by Sneakyone on Wed 03 Aug 2011, 4:00 pm

Hi,

Please download ComboFix from BleepingComputer.com

Alternate link: GeeksToGo.com

Alternate link: Forospyware.com

Rename ComboFix.exe to commy.exe before you save it to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
  • Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console


Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.


I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: Hidden malware - Please help

Post by furns on Thu 04 Aug 2011, 11:45 am

I have tried to run this program twice, the first time it installed the recovery console program then after that I have left it run, but then the scan window opens, says it is scanning but then it just sits there and freezes the computer.
I cant open task manager, I cant close the program, the only way I can crash the program is a hard reset.

furns

Newbie Surfer
Newbie Surfer

Posts : 18
Joined : 2011-07-20
Operating System : xp

View user profile

Back to top Go down

Re: Hidden malware - Please help

Post by Sneakyone on Thu 04 Aug 2011, 4:44 pm

Hi,

Could you please run it in Safe Mode?


I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: Hidden malware - Please help

Post by furns on Fri 05 Aug 2011, 12:40 pm

tried in safe mode logged in as administrator
same result
ran scan, left it overnight, came back this morning and still sitting there saying "this scan usually takes 10 minutes, although major infections may easily double this time"......
never shows that the scan is progressing or finished

furns

Newbie Surfer
Newbie Surfer

Posts : 18
Joined : 2011-07-20
Operating System : xp

View user profile

Back to top Go down

Re: Hidden malware - Please help

Post by Sneakyone on Fri 05 Aug 2011, 5:09 pm

Hi,

Please download Malwarebytes Anti-Malware from Here.


Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: Hidden malware - Please help

Post by furns on Sat 06 Aug 2011, 9:56 pm

MBAM scanned - nothing found.
Still havent been able to get Combofix to work however

furns

Newbie Surfer
Newbie Surfer

Posts : 18
Joined : 2011-07-20
Operating System : xp

View user profile

Back to top Go down

Re: Hidden malware - Please help

Post by Sneakyone on Sun 07 Aug 2011, 5:17 pm

Hi,

Please download aswMBR from here


  • Save aswMBR.exe to your Desktop
  • Double click aswMBR.exe to run it
  • Click the Scan button to start the scan as illustrated below




Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives


  • Once the scan finishes click Save log to save the log to your Desktop


  • Copy and paste the contents of aswMBR.txt back here for review


I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: Hidden malware - Please help

Post by furns on Mon 08 Aug 2011, 1:13 am

aswMBR version 0.9.7.777 Copyright(c) 2011 AVAST Software
Run date: 2011-08-07 17:21:04
-----------------------------
17:21:04.796 OS Version: Windows 5.1.2600 Service Pack 3
17:21:04.796 Number of processors: 1 586 0xD08
17:21:04.796 ComputerName: GRANT UserName:
17:21:10.937 Initialize success
17:48:05.968 AVAST engine defs: 11080601
22:03:50.437 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
22:03:50.437 Disk 0 Vendor: HTS541040G9SA00 MB2OC60D Size: 38154MB BusType: 3
22:03:50.468 Disk 0 MBR read successfully
22:03:50.468 Disk 0 MBR scan
22:03:51.250 Disk 0 Windows XP default MBR code
22:03:51.250 Disk 0 scanning sectors +78140160
22:03:52.031 Disk 0 scanning C:\WINDOWS\system32\drivers
22:04:37.500 Service scanning
22:04:39.328 Disk 0 trace - called modules:
22:04:39.359 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
22:04:39.359 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a7f2968]
22:04:39.359 3 CLASSPNP.SYS[f7657fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a807b00]
22:04:40.062 AVAST engine scan C:\WINDOWS
22:05:00.734 AVAST engine scan C:\WINDOWS\system32
22:09:24.265 AVAST engine scan C:\WINDOWS\system32\drivers
22:09:55.968 AVAST engine scan C:\Documents and Settings\Flickels
22:21:26.265 AVAST engine scan C:\Documents and Settings\All Users
22:25:22.984 Scan finished successfully
00:00:44.953 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Flickels\My Documents\Downloads\MBR.dat"
00:00:44.953 The log file has been saved successfully to "C:\Documents and Settings\Flickels\My Documents\Downloads\aswMBR.txt"


furns

Newbie Surfer
Newbie Surfer

Posts : 18
Joined : 2011-07-20
Operating System : xp

View user profile

Back to top Go down

Re: Hidden malware - Please help

Post by furns on Mon 08 Aug 2011, 1:15 am

We cleaned a TDL4 rootkit on the first page.......
at least there are no reinfections

furns

Newbie Surfer
Newbie Surfer

Posts : 18
Joined : 2011-07-20
Operating System : xp

View user profile

Back to top Go down

Re: Hidden malware - Please help

Post by Sneakyone on Mon 08 Aug 2011, 3:13 pm

Hi,

Could you please re-run OTL?


I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: Hidden malware - Please help

Post by furns on Mon 08 Aug 2011, 4:42 pm

OTL logfile created on: 8/8/2011 3:20:30 PM - Run 2
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Flickels\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 53.29% Memory free
2.70 Gb Paging File | 1.24 Gb Available in Paging File | 45.84% Paging File free
Paging file location(s): C:\pagefile.sys 1000 1500 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.01 Gb Total Space | 0.39 Gb Free Space | 1.05% Space Free |
OTL Report
Partition Type: NTFS
Drive F: | 73.24 Gb Total Space | 5.78 Gb Free Space | 7.90% Space Free | Partition Type: NTFS
Drive G: | 40.00 Gb Total Space | 26.20 Gb Free Space | 65.49% Space Free | Partition Type: NTFS
Drive H: | 73.06 Gb Total Space | 3.50 Gb Free Space | 4.80% Space Free | Partition Type: NTFS

Computer Name: GRANT | User Name: Flickels | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/04 12:00:00 | 000,366,024 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files\IncrediMail\bin\IncMail.exe
PRC - [2011/08/04 12:00:00 | 000,263,624 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files\IncrediMail\bin\ImApp.exe
PRC - [2011/07/20 23:09:05 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Flickels\My Documents\Downloads\OTL.com
PRC - [2011/06/11 02:26:00 | 002,424,192 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2011/03/22 04:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/08/29 02:54:52 | 002,434,568 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2010/08/29 02:53:14 | 001,039,360 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2010/08/27 19:34:02 | 000,493,032 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
PRC - [2010/08/27 19:34:00 | 000,730,600 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
PRC - [2009/07/29 01:09:50 | 000,190,024 | ---- | M] (Patchou) -- C:\Program Files\MessengerPlus! 3\MsgPlus.exe
PRC - [2008/08/14 10:14:20 | 000,200,704 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynToshiba.exe
PRC - [2008/04/14 10:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/11/26 07:07:16 | 000,352,256 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSHIBA Applet\THotkey.exe
PRC - [2005/11/11 04:24:50 | 000,073,728 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
PRC - [2005/08/11 04:15:50 | 000,035,328 | ---- | M] (TOSHIBA Corp.) -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
PRC - [2005/08/06 04:18:38 | 000,978,944 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2005/08/01 23:10:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2005/07/16 04:52:42 | 001,077,322 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
PRC - [2005/07/08 00:13:14 | 000,036,864 | ---- | M] () -- C:\WINDOWS\system32\acs.exe
PRC - [2005/06/01 15:00:12 | 000,282,624 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSMain.exe
PRC - [2005/06/01 14:59:58 | 000,045,056 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSBattM.exe
PRC - [2005/04/27 10:13:20 | 000,122,880 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
PRC - [2005/01/17 18:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2004/12/30 18:32:20 | 000,065,536 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
PRC - [2004/10/26 09:23:10 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
PRC - [2004/10/14 17:28:02 | 000,098,394 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2004/08/28 02:37:00 | 000,155,648 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\RAMASST.exe
PRC - [2004/08/28 02:33:00 | 000,110,592 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\DVDRAMSV.exe
PRC - [2004/05/21 00:30:02 | 000,074,240 | ---- | M] (Cypherix) -- C:\WINDOWS\system32\ssoftsrv.exe


========== Modules (SafeList) ==========

MOD - [2011/07/20 23:09:05 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Flickels\My Documents\Downloads\OTL.com
MOD - [2011/05/14 01:17:40 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll
MOD - [2011/05/14 01:12:34 | 000,554,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcp80.dll
MOD - [2010/08/27 19:34:08 | 000,640,488 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
MOD - [2010/08/27 19:33:58 | 000,562,664 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll
MOD - [2010/08/24 02:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009/07/29 01:09:53 | 000,058,952 | ---- | M] (Patchou) -- C:\Program Files\MessengerPlus! 3\MsgPlusLoader.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (wuauserv)
SRV - File not found [Auto | Stopped] -- -- (PEVSystemStart)
SRV - File not found [On_Demand | Stopped] -- -- (nosGetPlusHelper) getPlus(R)
SRV - File not found [Auto | Stopped] -- -- (hpqddsvc)
SRV - File not found [On_Demand | Stopped] -- -- (hpqcxs08)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/12/08 14:31:06 | 000,628,736 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010/08/29 02:54:52 | 002,434,568 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2010/08/27 19:34:02 | 000,493,032 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV - [2005/08/11 04:15:50 | 000,035,328 | ---- | M] (TOSHIBA Corp.) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe -- (TAPPSRV)
SRV - [2005/07/08 00:13:14 | 000,036,864 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS)
SRV - [2005/01/17 18:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2004/08/28 02:33:00 | 000,110,592 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) [Auto | Running] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service)
SRV - [2004/05/21 00:30:02 | 000,074,240 | ---- | M] (Cypherix) [Auto | Running] -- C:\WINDOWS\System32\ssoftsrv.exe -- (ssoftservice)


========== Driver Services (SafeList) ==========

DRV - [2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | Disabled | Stop_Pending] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/08/27 19:33:54 | 000,035,568 | ---- | M] (Check Point Software Technologies) [Kernel | On_Demand | Running] -- C:\Program Files\CheckPoint\ZAForceField\AK\icsak.sys -- (icsak)
DRV - [2010/08/27 19:33:54 | 000,026,352 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2010/07/30 14:16:44 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010/07/30 14:16:42 | 000,023,040 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010/07/30 14:16:38 | 000,018,048 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2010/06/09 19:16:12 | 000,528,128 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2010/05/11 04:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/03/18 19:02:08 | 000,037,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2010/03/18 19:01:52 | 000,038,864 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2010/03/18 19:01:12 | 000,010,448 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2010/02/18 04:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/10/21 12:04:22 | 000,028,160 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\libusb0.sys -- (libusb0)
DRV - [2009/10/12 18:15:30 | 000,317,072 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2009/10/12 18:15:26 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\kl1.sys -- (kl1)
DRV - [2009/08/05 21:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/06/17 22:20:34 | 000,012,648 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2009/03/27 01:16:28 | 000,012,672 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cpuz132_x32.sys -- (cpuz132)
DRV - [2009/03/25 06:29:52 | 000,130,432 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/02/27 14:31:28 | 000,021,504 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2005/11/16 10:40:24 | 000,043,264 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Tvs.sys -- (Tvs)
DRV - [2005/11/15 11:00:22 | 001,122,656 | R--- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/11/10 18:44:12 | 004,064,256 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005/10/21 08:03:42 | 000,006,144 | ---- | M] (Toshiba Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NBSMI.sys -- (TVALD)
DRV - [2005/09/12 19:08:30 | 000,468,736 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2005/08/04 07:10:18 | 001,273,344 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/08/01 23:10:00 | 000,092,700 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/08/01 23:10:00 | 000,087,004 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/08/01 23:10:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/08/01 23:10:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/08/01 23:10:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/08/01 23:10:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/08/01 23:10:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/07/08 03:03:34 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/07/08 03:02:56 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/06/02 05:33:00 | 000,102,384 | ---- | M] (Matsushita Electric Industrial Co.,Ltd.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\meiudf.sys -- (meiudf)
DRV - [2004/08/04 08:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/05/21 00:30:02 | 000,114,944 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ssoftnt4.sys -- (ssoftnt4)
DRV - [2003/09/19 19:47:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)
DRV - [2003/01/29 16:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\..\URLSearchHook: {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.4: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=2.5: C:\Program Files\Virtual Earth 3D\ File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Flickels\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Flickels\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2011/06/26 14:27:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

[2011/02/18 09:18:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/10/14 20:00:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/18 09:48:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010/11/12 17:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/06/26 12:46:29 | 000,436,434 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 192.168.2.2 HP001CC4496485
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 1001-search.info
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 15051 more lines...
O2 - BHO: (no name) - {06647158-359E-4D10-A8DE-E6145DA90BE9} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (ZoneAlarm Toolbar Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll ()
O3 - HKLM\..\Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - No CLSID value found.
O3 - HKLM\..\Toolbar: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {724D43A0-0D85-11D4-9908-00400523E39A} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {871F91FD-3A92-4988-A842-16AB2CFF5AF1} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BC4FFE41-DE9F-46FA-B455-AAD49B9F9938} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [MessengerPlus3] C:\Program Files\MessengerPlus! 3\MsgPlus.exe (Patchou)
O4 - HKLM..\Run: [NDSTray.exe] C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe (TOSHIBA)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TFncKy] C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [THotkey] C:\Program Files\TOSHIBA\TOSHIBA Applet\THotkey.exe (TOSHIBA)
O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe (Matsushita Electric Industrial Co., Ltd.)
O4 - Startup: C:\Documents and Settings\Flickels\Start Menu\Programs\Startup\Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe (Secunia)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: Download all with Free Download Manager - C:\Program Files\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Download selected with Free Download Manager - C:\Program Files\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Download video with Free Download Manager - C:\Program Files\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Download with Free Download Manager - C:\Program Files\Free Download Manager\dllink.htm ()
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - File not found
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} [You must be registered and logged in to see this link.] (Facebook Photo Uploader 4 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_26)
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 211.29.152.116 198.142.0.51 211.29.132.12
O20 - HKLM Winlogon: Shell - (EXPLORER.EXE) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Flickels\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Flickels\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/10/22 23:28:01 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/10/22 20:56:58 | 000,000,055 | ---- | M] () - C:\AUTOEXEC.SOL -- [ NTFS ]
O32 - AutoRun File - [2007/08/06 09:03:36 | 000,000,000 | ---- | M] () - G:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{4b475954-38df-11dd-b4ee-0016e30e88c5}\Shell - "" = AutoRun
O33 - MountPoints2\{4b475954-38df-11dd-b4ee-0016e30e88c5}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4b475954-38df-11dd-b4ee-0016e30e88c5}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{4b475955-38df-11dd-b4ee-0016e30e88c5}\Shell - "" = AutoRun
O33 - MountPoints2\{4b475955-38df-11dd-b4ee-0016e30e88c5}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4b475955-38df-11dd-b4ee-0016e30e88c5}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{5523884d-36e8-11dd-b4e8-0016e30e88c5}\Shell - "" = AutoRun
O33 - MountPoints2\{5523884d-36e8-11dd-b4e8-0016e30e88c5}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{5523884d-36e8-11dd-b4e8-0016e30e88c5}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{71220a29-d865-11dc-b48f-0016e30e88c5}\Shell - "" = AutoRun
O33 - MountPoints2\{71220a29-d865-11dc-b48f-0016e30e88c5}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{71220a29-d865-11dc-b48f-0016e30e88c5}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sys.exe
O33 - MountPoints2\{8b829280-3557-11dd-b4e4-0016e30e88c5}\Shell\AutoRun\command - "" = E:\wd_windows_tools\setup.exe
O33 - MountPoints2\{c49a3e12-3609-11dd-b4e6-0016e30e88c5}\Shell - "" = AutoRun
O33 - MountPoints2\{c49a3e12-3609-11dd-b4e6-0016e30e88c5}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c49a3e12-3609-11dd-b4e6-0016e30e88c5}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{f2d59f91-a7ad-11dd-b541-0016e30e88c5}\Shell - "" = AutoRun
O33 - MountPoints2\{f2d59f91-a7ad-11dd-b541-0016e30e88c5}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f2d59f91-a7ad-11dd-b541-0016e30e88c5}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: wuauserv - File not found

MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

SafeBootMin: AppMgmt - File not found
SafeBootMin: AVG Anti-Spyware Driver - Driver
SafeBootMin: AVG Anti-Spyware Guard - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - File not found
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: AppMgmt - File not found
SafeBootNet: AVG Anti-Spyware Driver - Driver
SafeBootNet: AVG Anti-Spyware Guard - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PEVSystemStart - File not found
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: procexp90.Sys - Driver
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: vsmon - C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.1.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.1.4
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {55ADC5F7-A848-4AE4-B8C2-E94FFCCB0DF7} -
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8B05E374-DEBD-BDE2-51B5-6862D76161CB} - Internet Explorer Version Update
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Reg Error: Value error.
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3fhg - C:\WINDOWS\System32\mp3fhg.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.VP60 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\WINDOWS\System32\yv12vfw.dll ([You must be registered and logged in to see this link.]

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/08/07 00:50:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\PMS
[2011/08/06 10:50:17 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Flickels\Recent
[2011/08/04 21:40:05 | 000,000,000 | --SD | C] -- C:\commy
[2011/08/03 15:33:58 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/08/03 15:27:24 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/08/03 15:27:24 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/08/03 15:27:24 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/08/03 15:27:24 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/08/03 15:26:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/08/03 15:26:08 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/08/03 15:23:56 | 004,161,545 | R--- | C] (Swearware) -- C:\Documents and Settings\Flickels\Desktop\commy.exe
[2011/08/03 11:11:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2011/08/03 10:58:58 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/07/29 11:00:07 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/07/29 10:51:07 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/07/29 09:15:30 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/07/25 12:24:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Flickels\Application Data\#ISW.FS#
[2011/07/25 11:59:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Defraggler
[2011/07/25 11:59:45 | 000,000,000 | ---D | C] -- C:\Program Files\Defraggler
[2011/07/22 07:58:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Apple
[2011/07/15 18:51:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/07/13 06:35:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Flickels\Application Data\Obsu
[2011/07/13 06:35:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Flickels\Application Data\Gutar
[2011/07/12 11:20:54 | 000,083,816 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\dns-sd.exe
[2011/07/12 11:20:54 | 000,073,064 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\dnssd.dll
[2005/11/29 08:01:22 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\DLLVGA.dll
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/08 15:19:02 | 000,000,990 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3104764887-2994076566-3931121267-1006UA.job
[2011/08/08 11:08:20 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2011/08/08 03:00:00 | 000,000,262 | ---- | M] () -- C:\WINDOWS\tasks\Defrag.job
[2011/08/08 00:53:10 | 000,110,080 | ---- | M] () -- C:\Documents and Settings\Flickels\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/07 19:19:02 | 000,000,938 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3104764887-2994076566-3931121267-1006Core.job
[2011/08/07 00:50:03 | 000,000,730 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PS3 Media Server.lnk
[2011/08/05 10:57:44 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/08/05 10:51:18 | 000,000,144 | ---- | M] () -- C:\WINDOWS\System32\pdfl.dat
[2011/08/05 10:46:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/08/05 10:46:54 | 2011,418,624 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/04 12:01:21 | 000,001,761 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\IncrediMail.lnk
[2011/08/04 12:01:21 | 000,001,747 | ---- | M] () -- C:\Documents and Settings\Flickels\Application Data\Microsoft\Internet Explorer\Quick Launch\IncrediMail 2.0.lnk
[2011/08/03 15:34:05 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/08/03 15:24:21 | 004,161,545 | R--- | M] (Swearware) -- C:\Documents and Settings\Flickels\Desktop\commy.exe
[2011/08/03 11:11:54 | 000,001,878 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/08/03 10:58:58 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/08/03 10:48:16 | 000,000,693 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/08/03 07:25:56 | 000,002,337 | ---- | M] () -- C:\Documents and Settings\Flickels\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/08/03 07:25:53 | 000,002,359 | ---- | M] () -- C:\Documents and Settings\Flickels\Desktop\Google Chrome.lnk
[2011/08/02 14:55:10 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/07/29 11:02:51 | 000,001,553 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/07/25 11:59:48 | 000,001,595 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Defraggler.lnk
[2011/07/25 11:56:58 | 000,019,690 | ---- | M] () -- C:\Documents and Settings\Flickels\My Documents\cc__regbackup_20110725_115634.reg
[2011/07/24 12:38:11 | 000,277,352 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/20 21:59:05 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/07/20 08:41:23 | 000,000,127 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2011/07/17 22:40:50 | 000,000,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/12 11:20:54 | 000,083,816 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\dns-sd.exe
[2011/07/12 11:20:54 | 000,073,064 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\dnssd.dll
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/05 10:46:53 | 2011,418,624 | -HS- | C] () -- C:\hiberfil.sys
[2011/08/03 15:34:05 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/08/03 15:34:00 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/08/03 15:27:24 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/08/03 15:27:24 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/08/03 15:27:24 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/08/03 15:27:24 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/08/03 15:27:24 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/08/03 11:11:54 | 000,001,878 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/07/29 11:02:51 | 000,001,553 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/07/29 09:15:39 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/07/29 09:15:32 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2011/07/25 11:59:47 | 000,001,595 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Defraggler.lnk
[2011/07/25 11:56:53 | 000,019,690 | ---- | C] () -- C:\Documents and Settings\Flickels\My Documents\cc__regbackup_20110725_115634.reg
[2011/06/26 14:03:16 | 000,000,144 | ---- | C] () -- C:\WINDOWS\System32\pdfl.dat
[2011/06/26 14:03:16 | 000,000,144 | ---- | C] () -- C:\WINDOWS\System32\lkfl.dat
[2011/06/26 14:03:16 | 000,000,080 | ---- | C] () -- C:\WINDOWS\System32\ibfl.dat
[2011/06/25 10:39:00 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/02/28 10:49:00 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2011/02/28 10:48:57 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2011/02/28 10:48:44 | 000,810,496 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011/02/28 10:48:44 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011/02/28 10:48:42 | 000,080,896 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/02/06 10:54:08 | 000,003,623 | ---- | C] () -- C:\WINDOWS\System32\RDDlg.dat
[2010/12/27 00:37:01 | 000,180,496 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/12/27 00:36:59 | 000,295,742 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-3104764887-2994076566-3931121267-1006-0.dat
[2010/12/27 00:36:58 | 000,295,742 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2010/11/11 22:36:07 | 000,022,152 | ---- | C] () -- C:\WINDOWS\System32\driver-flasher-3.5.exe
[2010/04/14 10:12:42 | 000,006,656 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/11 15:21:39 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/01/18 19:14:16 | 000,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini
[2010/01/18 17:12:14 | 000,176,335 | ---- | C] () -- C:\WINDOWS\hpoins35.dat
[2010/01/18 17:12:14 | 000,001,062 | ---- | C] () -- C:\WINDOWS\hpomdl35.dat
[2009/11/26 15:29:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\COMPANIONAPP.INI
[2009/11/26 15:15:40 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Flickels\Application Data\$_hpcst$.hpc
[2009/09/27 03:24:26 | 000,063,608 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/07/27 20:10:33 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2009/07/27 20:09:30 | 000,796,048 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2009/03/03 12:18:04 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2008/12/31 16:04:42 | 000,691,560 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2008/12/31 16:04:42 | 000,528,744 | ---- | C] () -- C:\WINDOWS\System32\OGAVerify.exe
[2008/09/17 07:32:00 | 000,000,807 | ---- | C] () -- C:\WINDOWS\System32\content.ini
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/04/27 04:47:58 | 000,001,781 | ---- | C] () -- C:\WINDOWS\1234.exe
[2008/04/26 02:10:04 | 000,001,781 | ---- | C] () -- C:\WINDOWS\commands.exe
[2008/02/15 02:10:12 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2007/09/28 03:23:19 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\Flickels\Local Settings\Application Data\fusioncache.dat
[2007/09/28 02:28:07 | 000,000,160 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2007/09/28 02:26:20 | 000,000,734 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/09/19 13:25:27 | 000,000,090 | ---- | C] () -- C:\WINDOWS\pccillin.ini
[2007/05/29 12:44:18 | 000,921,088 | ---- | C] () -- C:\WINDOWS\MobileLock.exe
[2007/01/01 17:02:47 | 000,032,305 | ---- | C] () -- C:\WINDOWS\unvpeye.ini
[2006/07/15 22:48:11 | 000,000,952 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/07/06 08:18:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/07/06 08:16:41 | 000,002,951 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/06/18 17:58:57 | 000,110,080 | ---- | C] () -- C:\Documents and Settings\Flickels\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/06/17 13:03:08 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\CEE6BE99A1.sys
[2006/06/16 00:29:02 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2006/05/25 08:47:11 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2006/05/04 12:39:13 | 000,001,350 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/04/16 10:14:13 | 000,266,240 | ---- | C] () -- C:\WINDOWS\System32\ControlWZCS.exe
[2006/04/16 10:14:10 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\acs.exe
[2006/04/16 10:14:03 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\AegisI5.exe
[2006/04/16 10:13:47 | 000,270,336 | ---- | C] () -- C:\WINDOWS\System32\PlugPlayPCIDevice.exe
[2006/04/16 10:13:47 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\MFCFirstRemove.exe
[2005/11/29 08:10:54 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/11/29 08:01:22 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\TCtrlIO.dll
[2005/11/25 04:53:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2005/11/25 04:50:44 | 000,036,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\CSIIDecoder_kern_i386.sys
[2005/11/25 04:50:44 | 000,029,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys
[2005/11/25 04:50:03 | 000,000,216 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/11/25 04:48:41 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/11/25 04:48:41 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/11/25 04:48:41 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/11/25 04:48:41 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/11/25 04:48:41 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/11/25 04:48:41 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/11/24 15:19:28 | 000,000,140 | R--- | C] () -- C:\WINDOWS\System32\drivers\RTHDAEQ1.dat
[2005/11/24 15:19:23 | 000,000,140 | R--- | C] () -- C:\WINDOWS\System32\drivers\RTHDAEQ0.dat
[2005/11/24 15:19:20 | 000,135,168 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2005/11/24 15:19:20 | 000,040,960 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2005/11/24 15:18:38 | 000,010,165 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2005/11/24 15:18:38 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2005/11/24 15:18:37 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2005/11/24 15:18:37 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2005/11/24 14:16:31 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/11/24 13:29:12 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/11/24 13:27:49 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/11/24 13:23:57 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/11/24 12:11:45 | 000,001,153 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/11/24 12:11:32 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/11/24 12:11:31 | 000,506,640 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/11/24 12:11:31 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2005/11/24 12:11:31 | 000,088,514 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/11/24 12:11:31 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2005/11/24 12:11:30 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/11/24 12:11:30 | 000,004,631 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005/11/24 12:11:30 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/11/24 12:11:27 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2005/11/24 12:11:27 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2005/11/24 12:11:24 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2005/11/24 12:11:20 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2005/11/24 05:19:04 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/11/24 05:18:16 | 000,277,352 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/11/11 16:12:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/06/11 00:59:16 | 000,095,617 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2004/05/21 00:30:02 | 000,114,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\ssoftnt4.sys
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/07/06 15:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2000/08/10 16:09:08 | 000,053,248 | ---- | C] () -- C:\WINDOWS\rmvpeye.exe
[2000/07/28 20:48:12 | 000,102,400 | ---- | C] () -- C:\WINDOWS\japi.dll


furns

Newbie Surfer
Newbie Surfer

Posts : 18
Joined : 2011-07-20
Operating System : xp

View user profile

Back to top Go down

Re: Hidden malware - Please help

Post by furns on Mon 08 Aug 2011, 4:42 pm

========== Custom Scans ==========


< %APPDATA%\Microsoft\*.* >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %USERPROFILE%\Desktop\*.exe >
[2011/08/03 15:24:21 | 004,161,545 | R--- | M] (Swearware) -- C:\Documents and Settings\Flickels\Desktop\commy.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\winn32\*.* >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >

< %ProgramFiles%\TinyProxy. >

< %systemroot%\system32\*.* /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.* /lockedfiles >

< %PROGRAMFILES%\*. >
[2011/06/21 09:41:10 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2011/07/29 09:15:31 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2010/09/03 00:54:26 | 000,000,000 | ---D | M] -- C:\Program Files\Ashampoo
[2006/04/16 10:14:02 | 000,000,000 | ---D | M] -- C:\Program Files\Atheros
[2009/07/27 19:44:51 | 000,000,000 | ---D | M] -- C:\Program Files\ATI Technologies
[2010/04/25 17:42:22 | 000,000,000 | ---D | M] -- C:\Program Files\Audacity
[2009/09/05 00:14:55 | 000,000,000 | ---D | M] -- C:\Program Files\AudioShell
[2011/07/29 10:51:09 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2011/08/03 10:48:10 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner
[2009/12/12 11:10:48 | 000,000,000 | ---D | M] -- C:\Program Files\CheckPoint
[2011/08/03 11:11:20 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2005/11/24 13:23:45 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2009/07/30 20:36:22 | 000,000,000 | ---D | M] -- C:\Program Files\CPUID
[2011/07/25 11:59:55 | 000,000,000 | ---D | M] -- C:\Program Files\Defraggler
[2010/12/25 09:08:53 | 000,000,000 | ---D | M] -- C:\Program Files\DIFX
[2011/07/01 11:18:03 | 000,000,000 | ---D | M] -- C:\Program Files\DivX
[2005/11/25 04:48:45 | 000,000,000 | ---D | M] -- C:\Program Files\DVD-RAM
[2011/07/01 11:07:44 | 000,000,000 | ---D | M] -- C:\Program Files\DVDVideoSoft
[2010/03/17 01:08:11 | 000,000,000 | ---D | M] -- C:\Program Files\FileZilla FTP Client
[2011/02/28 10:27:20 | 000,000,000 | ---D | M] -- C:\Program Files\Free Download Manager
[2011/06/05 13:22:32 | 000,000,000 | ---D | M] -- C:\Program Files\Garmin
[2010/12/25 09:09:12 | 000,000,000 | ---D | M] -- C:\Program Files\Garmin GPS Plugin
[2010/01/18 18:50:54 | 000,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard
[2010/09/30 17:55:45 | 000,000,000 | ---D | M] -- C:\Program Files\HP
[2011/08/04 12:02:52 | 000,000,000 | ---D | M] -- C:\Program Files\IncrediMail
[2011/02/18 09:21:02 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2011/06/16 01:39:11 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2005/11/25 04:50:27 | 000,000,000 | ---D | M] -- C:\Program Files\InterVideo
[2011/07/29 11:00:14 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2011/07/29 11:02:47 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2011/06/18 10:15:57 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2011/02/28 10:50:29 | 000,000,000 | ---D | M] -- C:\Program Files\K-Lite Codec Pack
[2010/04/25 17:45:25 | 000,000,000 | ---D | M] -- C:\Program Files\Kreatives.org
[2010/05/18 22:06:22 | 000,000,000 | ---D | M] -- C:\Program Files\Lame for Audacity
[2005/11/24 15:18:37 | 000,000,000 | ---D | M] -- C:\Program Files\ltmoh
[2010/11/11 22:36:07 | 000,000,000 | ---D | M] -- C:\Program Files\maemo
[2011/07/18 02:06:13 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/09/30 22:26:52 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2008/09/07 17:30:15 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger Plus! Live
[2009/07/29 01:10:09 | 000,000,000 | ---D | M] -- C:\Program Files\MessengerPlus! 3
[2009/07/28 11:08:41 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2010/09/29 02:29:15 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
[2007/08/03 03:01:26 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2005/11/24 13:26:06 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2011/08/03 14:48:51 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2009/11/11 16:11:08 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office Outlook Connector
[2011/06/16 08:16:53 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2009/07/28 11:05:57 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2009/07/28 11:06:58 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Sync Framework
[2006/05/01 20:00:55 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2009/07/30 20:26:19 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2010/12/25 09:47:28 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2010/08/13 03:07:30 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2011/02/18 09:18:37 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2010/03/21 15:20:50 | 000,000,000 | ---D | M] -- C:\Program Files\Mp3tag
[2009/07/28 11:44:45 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2009/07/30 18:01:27 | 000,000,000 | ---D | M] -- C:\Program Files\MSECache
[2005/11/24 13:22:46 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2005/11/24 13:22:57 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2006/10/15 03:03:15 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2009/10/25 02:30:18 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 6.0
[2009/10/07 16:42:53 | 000,000,000 | ---D | M] -- C:\Program Files\NCH Software
[2008/09/30 22:15:26 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2011/05/11 23:29:22 | 000,000,000 | ---D | M] -- C:\Program Files\Nokia
[2006/07/13 22:13:29 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2010/12/17 02:04:58 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2011/05/11 23:28:31 | 000,000,000 | ---D | M] -- C:\Program Files\PC Connectivity Solution
[2010/09/07 15:46:02 | 000,000,000 | ---D | M] -- C:\Program Files\PC User Audio Toolkit
[2011/06/15 20:55:40 | 000,000,000 | ---D | M] -- C:\Program Files\Photo Notifier and Animation Creator
[2011/08/07 00:51:50 | 000,000,000 | ---D | M] -- C:\Program Files\PS3 Media Server
[2010/12/26 23:46:31 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2005/11/24 15:17:46 | 000,000,000 | ---D | M] -- C:\Program Files\Realtek
[2009/07/28 11:44:28 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2010/03/17 20:10:24 | 000,000,000 | ---D | M] -- C:\Program Files\Secunia
[2008/01/09 19:46:33 | 000,000,000 | ---D | M] -- C:\Program Files\Siber Systems
[2011/08/03 11:11:53 | 000,000,000 | R--D | M] -- C:\Program Files\Skype
[2006/10/03 12:45:52 | 000,000,000 | ---D | M] -- C:\Program Files\SmartDraw 7
[2005/11/25 04:50:10 | 000,000,000 | ---D | M] -- C:\Program Files\Sonic
[2011/06/26 12:43:33 | 000,000,000 | ---D | M] -- C:\Program Files\Spybot - Search & Destroy
[2006/10/22 23:28:15 | 000,000,000 | ---D | M] -- C:\Program Files\SRN Micro
[2011/06/25 11:04:51 | 000,000,000 | ---D | M] -- C:\Program Files\SUPERAntiSpyware
[2005/11/24 15:17:36 | 000,000,000 | ---D | M] -- C:\Program Files\Synaptics
[2006/04/16 10:15:32 | 000,000,000 | ---D | M] -- C:\Program Files\TOSHIBA
[2005/11/24 13:28:52 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2011/03/28 17:47:23 | 000,000,000 | ---D | M] -- C:\Program Files\uTorrent
[2009/07/28 13:46:09 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Desktop Search
[2009/07/30 18:02:06 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Installer Clean Up
[2011/06/15 20:02:49 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2008/06/09 21:52:27 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live Favorites
[2009/07/28 11:03:32 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live SkyDrive
[2009/07/28 11:07:25 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live Toolbar
[2009/07/28 01:05:27 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2009/07/28 01:05:25 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2006/07/13 22:13:01 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2005/11/24 13:24:33 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2011/08/03 11:06:00 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2005/11/24 13:26:06 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
[2007/01/06 23:05:55 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!
[2009/07/28 16:17:22 | 000,000,000 | ---D | M] -- C:\Program Files\Zone Labs


< MD5 for: AGP440.SYS >
[2004/08/04 22:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/09/30 22:03:23 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/04 22:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys
[2008/09/30 22:03:23 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/14 04:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/14 04:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\dllcache\agp440.sys
[2008/04/14 04:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 22:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/09/30 22:03:23 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/04 22:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2008/09/30 22:03:23 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/14 04:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/14 04:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/14 04:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: DISK.SYS >
[2004/08/04 22:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2008/09/30 22:03:23 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2004/08/04 22:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:disk.sys
[2008/09/30 22:03:23 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2008/04/14 04:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/14 04:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\dllcache\disk.sys
[2008/04/14 04:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: NETLOGON.DLL >
[2008/04/14 10:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 10:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-08-03 04:48:54

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Documents and Settings\Flickels\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/07/27 18:03:22 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\Flickels\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2011/07/27 18:03:22 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\Flickels\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2011/07/27 18:03:22 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\Flickels\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/07/27 18:03:22 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\Flickels\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/07/27 18:03:22 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/04/25 22:00:32 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/04/25 22:00:32 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/04/25 22:00:32 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2011/04/21 20:58:25 | 000,634,648 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Documents and Settings\Flickels\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/07/27 18:03:22 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\Flickels\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2011/07/27 18:03:22 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\Flickels\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2011/07/27 18:03:22 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\Flickels\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/07/27 18:03:22 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\Flickels\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/07/27 18:03:22 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/04/25 22:00:32 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/04/25 22:00:32 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/04/25 22:00:32 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2011/04/21 20:58:25 | 000,634,648 | ---- | M] (Microsoft Corporation)

========== Alternate Data Streams ==========

@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C980DA7D

< End of report >

Extras Log


OTL Extras logfile created on: 8/8/2011 3:20:30 PM - Run 2
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Flickels\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 53.29% Memory free
2.70 Gb Paging File | 1.24 Gb Available in Paging File | 45.84% Paging File free
Paging file location(s): C:\pagefile.sys 1000 1500 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.01 Gb Total Space | 0.39 Gb Free Space | 1.05% Space Free | Partition Type: NTFS
Drive F: | 73.24 Gb Total Space | 5.78 Gb Free Space | 7.90% Space Free | Partition Type: NTFS
Drive G: | 40.00 Gb Total Space | 26.20 Gb Free Space | 65.49% Space Free | Partition Type: NTFS
Drive H: | 73.06 Gb Total Space | 3.50 Gb Free Space | 4.80% Space Free | Partition Type: NTFS

Computer Name: GRANT | User Name: Flickels | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" %*
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" %*
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"D:\setup\hpznui01.exe" = D:\setup\hpznui01.exe:*:Enabled:hpznui01.exe
"C:\Documents and Settings\Flickels\Local Settings\Temp\7zS1BC7\setup\hpznui01.exe" = C:\Documents and Settings\Flickels\Local Settings\Temp\7zS1BC7\setup\hpznui01.exe:*:Enabled:hpznui01.exe
"C:\Documents and Settings\Flickels\Local Settings\Temp\7zS40E7\setup\hpznui01.exe" = C:\Documents and Settings\Flickels\Local Settings\Temp\7zS40E7\setup\hpznui01.exe:*:Enabled:hpznui01.exe
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\{71C4F928-136A-4222-A191-310E081FB96B}\setup\hpznui01.exe" = C:\Program Files\HP\Digital Imaging\{71C4F928-136A-4222-A191-310E081FB96B}\setup\hpznui01.exe:*:Enabled:hpznui01.exe -- (Hewlett-Packard)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Documents and Settings\Flickels\Desktop\Music\paint shop pro Keygen.exe" = C:\Documents and Settings\Flickels\Desktop\Music\paint shop pro Keygen.exe:*:Enabled:paint shop pro Keygen
"C:\WINDOWS\system32\winctl32.exe" = C:\WINDOWS\system32\winctl32.exe:*:Enabled:winctl32
"C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe" = C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe:*:Enabled:ConfigFree SUMMIT Engine -- (TOSHIBA CORPORATION)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
"C:\Program Files\SRN Micro\SOLOCFG.EXE" = C:\Program Files\SRN Micro\SOLOCFG.EXE:*:Enabled:Solo Scheduler
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\WINDOWS\system32\rtcshare.exe" = C:\WINDOWS\system32\rtcshare.exe:*:Enabled:RTC App Sharing -- (Microsoft Corporation)
"C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe" = C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process
"C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe" = C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater
"D:\setup\HPZnet01.exe" = D:\setup\HPZnet01.exe:*:Enabled:hpznet01.exe
"D:\setup\HPONICIFS01.EXE" = D:\setup\HPONICIFS01.EXE:*:Enabled:hponicifs01.exe
"C:\WINDOWS\system32\bot.exe" = C:\WINDOWS\system32\bot.exe:*:Enabled:bot
"C:\Program Files\BearShare Applications\BearShare\BearShare.exe" = C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare
"C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe" = C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe:*:Enabled:Kaspersky AV Scanner
"C:0\Program Files\IncrediMail\bin\ImApp.exe" = C:0\Program Files\IncrediMail\bin\ImApp.exe:*:Enabled:IncrediMail
"C:0\Program Files\IncrediMail\bin\IncMail.exe" = C:0\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail
"C:\Program Files\IncrediMail\bin\ImApp.exe" = C:\Program Files\IncrediMail\bin\ImApp.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)
"C:\Program Files\IncrediMail\bin\IncMail.exe" = C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)
"C:\Program Files\IncrediMail\bin\ImpCnt.exe" = C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)
"D:\setup\hpznui01.exe" = D:\setup\hpznui01.exe:*:Enabled:hpznui01.exe
"C:\Documents and Settings\Flickels\Local Settings\Temp\7zS1BC7\setup\hpznui01.exe" = C:\Documents and Settings\Flickels\Local Settings\Temp\7zS1BC7\setup\hpznui01.exe:*:Enabled:hpznui01.exe
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
"C:\WINDOWS\system32\ZoneLabs\vsmon.exe" = C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Enabled:vsmon -- (Check Point Software Technologies LTD)
"C:\Documents and Settings\Flickels\Local Settings\Temp\7zS40E7\setup\hpznui01.exe" = C:\Documents and Settings\Flickels\Local Settings\Temp\7zS40E7\setup\hpznui01.exe:*:Enabled:hpznui01.exe
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\{71C4F928-136A-4222-A191-310E081FB96B}\setup\hpznui01.exe" = C:\Program Files\HP\Digital Imaging\{71C4F928-136A-4222-A191-310E081FB96B}\setup\hpznui01.exe:*:Enabled:hpznui01.exe -- (Hewlett-Packard)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{05832D65-6EDB-4D32-BA78-BCD0E2B91C02}" = Atheros Wireless LAN MiniPCI card Driver
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{097CDB1E-07C9-40F1-9972-F0F9F3A287E4}" = Network
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID Sign-in Assistant
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18DB3375-0649-4EA3-959A-44F1ACD278BA}" = IncrediMail
"{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java(TM) 6 Update 26
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator 2
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4216D328-0FE8-48B8-85B8-BD300E6F080F}" = Nokia Connectivity Cable Driver
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5D96E2B1-D9AC-46E0-9073-425C5F63E338}" = Touch and Launch
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{64212898-097F-4F3F-AECA-6D34A7EF82DF}" = TOSHIBA Zooming Utility
"{64DD71BC-3109-4C88-9AD3-D5422644B722}" = TOSHIBA Hotkey Utility
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{69BE47C2-36FE-4397-8199-85D8EAE69982}" = TOSHIBA TouchPad ON/Off Utility
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71C4F928-136A-4222-A191-310E081FB96B}" = HP Photosmart C309a All-In-One Driver 14.0 Rel. 5
"{71D658CF-4E0D-4DA8-AA67-8C0B6F1C01FE}" = Atheros Client Utility
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar)
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar
"{788A0222-5690-4212-AA9C-C48FD0E1C9AE}" = Photo Notifier and Animation Creator
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78C68CB9-3DF5-44F3-AB9D-FA305C5EB85C}" = TOSHIBA Utilities
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{888F0154-4AAA-4719-BFAE-01C3066B8408}" = C309a
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8B12BA86-ADAC-4BA6-B441-FFC591087252}" = TOSHIBA Virtual Sound
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for TOSHIBA
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}" = DVD-RAM Driver
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}" = Highlight Viewer (Windows Live Toolbar)
"{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}" = TOSHIBA Controls
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.0)
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B148AB4B-C8FA-474B-B981-F2943C5B5BCD}" = OGA Notifier 1.7.0105.35.0
"{B1EE1CC5-6CED-4801-BFFF-8454F21A245A}" = Garmin Communicator Plugin
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{BBF08789-06CB-4D2F-9330-CD617AFDE528}" = Fax
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C73CA646-73B3-4AEF-A136-C37505745174}" = iTunes
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
"{D17111CB-C992-42A9-9D56-C19395102AAA}" = Garmin WebUpdater
"{D4AEC53C-1720-41D9-B6D7-6A60DE62D444}" = PC Connectivity Solution
"{D92FF8EB-BD77-40AE-B68B-A6BFC6F8661D}" = Windows Live Family Safety
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{F1CECE09-7CBE-4E98-B435-DA87CDA86167}" = Skype™ 5.5
"{F38FD0E4-B991-462B-873D-F2115EADD093}" = Nokia PC Suite
"{FA0E7183-6B11-4899-B25F-2C490543967E}" = PS_AIO_05_C309_Software_Min
"{FE7E1DD7-EBCE-4696-ADE2-22BDBF2372DA}" = DocumentViewer
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"6DA48AFDE796708D5A4C9121A83E7617A63A9A15" = Windows Driver Package - Nokia Modem (10/07/2010 4.6)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"All ATI Software" = ATI - Software Uninstall Utility
"Ashampoo Burning Studio 2010 Advanced_is1" = Ashampoo Burning Studio 2010 Advanced
"Ashampoo Music Studio 2009_is1" = Ashampoo Music Studio 2009
"ATI Display Driver" = ATI Display Driver
"Audacity_is1" = Audacity 1.2.4
"AudioShell_is1" = AudioShell 1.3.5
"CCleaner" = CCleaner
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.52.1
"Defraggler" = Defraggler
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"E5372C32E8562C76C24DBA6525002B1031495F34" = Windows Driver Package - Nokia Modem (06/09/2010 7.01.0.8)
"FileZilla Client" = FileZilla Client 3.3.2
"Free Audio Converter_is1" = Free Audio Converter version 2.2.19.602
"Free Download Manager_is1" = Free Download Manager 3.0
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ie7" = Windows Internet Explorer 7
"IncrediMail" = IncrediMail 2.0
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 6.9.0
"KRISTAL Audio Engine" = KRISTAL Audio Engine
"LADSPA_plugins-win_is1" = LADSPA_plugins-win-0.4.15
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"Maemo Flasher 3.5_is1" = Maemo Flasher 3.5
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mp3tag" = Mp3tag v2.46a
"MsgPlus! Plugin" = Messenger Plus! 3
"Nokia PC Suite" = Nokia PC Suite
"PC Diagnostic Tool" = TOSHIBA PC Diagnostic Tool
"Photo Notifier and Animation Creator" = Photo Notifier and Animation Creator
"Power Saver" = TOSHIBA Power Saver
"PS3 Media Server" = PS3 Media Server
"Secunia PSI" = Secunia PSI
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"uTorrent" = µTorrent
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"ZoneAlarm Extreme Security" = ZoneAlarm Extreme Security

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/8/2011 1:15:03 AM | Computer Name = GRANT | Source = Windows Search Service | ID = 3013
Description = The entry STORE\_#IM_TEMPORARY_#IM_.IMM> in the hash map cannot be updated. Context: Application,
SystemIndex Catalog Details: A device attached to the system is not functioning.
(0x8007001f)

Error - 8/8/2011 1:15:03 AM | Computer Name = GRANT | Source = Windows Search Service | ID = 3013
Description = The entry STORE\CONTAINERS.DB-JOURNAL> in the hash map cannot be updated. Context: Application,
SystemIndex Catalog Details: A device attached to the system is not functioning.
(0x8007001f)

Error - 8/8/2011 1:15:03 AM | Computer Name = GRANT | Source = Windows Search Service | ID = 3013
Description = The entry STORE\INDEXH\IMIT.DAT-JOURNAL> in the hash map cannot be updated. Context: Application,
SystemIndex Catalog Details: A device attached to the system is not functioning.
(0x8007001f)

Error - 8/8/2011 1:15:03 AM | Computer Name = GRANT | Source = Windows Search Service | ID = 3013
Description = The entry STORE\CONTAINERS.DB-JOURNAL> in the hash map cannot be updated. Context: Application,
SystemIndex Catalog Details: A device attached to the system is not functioning.
(0x8007001f)

Error - 8/8/2011 1:15:03 AM | Computer Name = GRANT | Source = Windows Search Service | ID = 3013
Description = The entry STORE\_#IM_TEMPORARY_#IM_.IMM> in the hash map cannot be updated. Context: Application,
SystemIndex Catalog Details: A device attached to the system is not functioning.
(0x8007001f)

Error - 8/8/2011 1:15:03 AM | Computer Name = GRANT | Source = Windows Search Service | ID = 3013
Description = The entry STORE\CONTAINERS.DB-JOURNAL> in the hash map cannot be updated. Context: Application,
SystemIndex Catalog Details: A device attached to the system is not functioning.
(0x8007001f)

Error - 8/8/2011 1:19:49 AM | Computer Name = GRANT | Source = Windows Search Service | ID = 3083
Description = The protocol handler MDatastorePH.MDatastoreProtocol.1 cannot be loaded.
Error description: Class not registered .

Error - 8/8/2011 1:23:52 AM | Computer Name = GRANT | Source = Windows Search Service | ID = 3083
Description = The protocol handler MDatastorePH.MDatastoreProtocol.1 cannot be loaded.
Error description: Class not registered .

Error - 8/8/2011 1:32:23 AM | Computer Name = GRANT | Source = Windows Search Service | ID = 3083
Description = The protocol handler MDatastorePH.MDatastoreProtocol.1 cannot be loaded.
Error description: Class not registered .

Error - 8/8/2011 1:35:26 AM | Computer Name = GRANT | Source = Windows Search Service | ID = 3083
Description = The protocol handler MDatastorePH.MDatastoreProtocol.1 cannot be loaded.
Error description: Class not registered .

[ OSession Events ]
Error - 1/25/2010 6:36:23 PM | Computer Name = GRANT | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 62183
seconds with 360 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 8/4/2011 5:49:28 AM | Computer Name = GRANT | Source = Service Control Manager | ID = 7001
Description = The Bonjour Service service depends on the TCP/IP Protocol Driver
service which failed to start because of the following error: %%31

Error - 8/4/2011 5:49:28 AM | Computer Name = GRANT | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 8/4/2011 5:49:28 AM | Computer Name = GRANT | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD Fips intelppm IPSec kl1 KLIF MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL Tcpip vsdatant

Error - 8/4/2011 7:25:02 AM | Computer Name = GRANT | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 8/4/2011 7:25:24 AM | Computer Name = GRANT | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 8/4/2011 7:26:24 AM | Computer Name = GRANT | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 8/4/2011 7:38:33 AM | Computer Name = GRANT | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 8/4/2011 8:48:18 PM | Computer Name = GRANT | Source = Service Control Manager | ID = 7023
Description = The HP CUE DeviceDiscovery Service service terminated with the following
error: %%126

Error - 8/4/2011 8:48:18 PM | Computer Name = GRANT | Source = Service Control Manager | ID = 7023
Description = The Automatic Updates service terminated with the following error:
%%126

Error - 8/6/2011 6:39:08 AM | Computer Name = GRANT | Source = Service Control Manager | ID = 7023
Description = The Automatic Updates service terminated with the following error:
%%126


< End of report >

furns

Newbie Surfer
Newbie Surfer

Posts : 18
Joined : 2011-07-20
Operating System : xp

View user profile

Back to top Go down

Re: Hidden malware - Please help

Post by Sneakyone on Tue 09 Aug 2011, 4:24 pm

Hi,

Disable resident protections (Antivirus...); you'll re-enable them after the scan

Download Lop S&D < here

Double-click Lop S&D.exe
Choose the language, then choose Option 1 (Search)
Wait till the end of the scan
Post the log which is created: (%SystemDrive%\lopR.txt)


I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: Hidden malware - Please help

Post by furns on Sat 13 Aug 2011, 4:03 pm


--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel(R) Celeron(R) M processor 1.40GHz )
BIOS : BIOS Version 1.50
USER : Flickels ( Administrator )
BOOT : Normal boot
Antivirus : ZoneAlarm Extreme Security Antivirus 9.3.037.000 (Not Activated)
Firewall : ZoneAlarm Extreme Security Firewall 9.3.037.000 (Not Activated)
C:\ (Local Disk) - NTFS - Total:37 Go (Free:0 Go)
D:\ (CD or DVD)
F:\ (Local Disk) - NTFS - Total:73 Go (Free:5 Go)
G:\ (Local Disk) - NTFS - Total:40 Go (Free:26 Go)
H:\ (Local Disk) - NTFS - Total:73 Go (Free:3 Go)
Z:\ (Network Disk)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( Sat 08/13/2011|14:53 )

--------------------\\ Listing folders in APPLIC~1


[03/20/2009|09:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ {00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[04/08/2010|01:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ {429CAD59-35B1-4DBC-BB6D-1DB246563521}
[09/11/2009|09:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ {755AC846-7372-4AC8-8550-C52491DAA8BD}
[07/28/2009|04:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ {8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[02/28/2009|10:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ 16222
[01/14/2009|05:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ 1E50
[12/13/2008|03:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ 2138A
[12/21/2008|01:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ 23D
[04/04/2009|05:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ 29C
[01/17/2009|02:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ 2C37A
[01/18/2009|04:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ 2E242
[12/30/2008|07:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ 2F109
[03/28/2009|08:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ 395D
[01/17/2009|05:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ 3B29F
[12/06/2008|01:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ 626B
[06/21/2011|09:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ Adobe
[08/01/2009|06:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ Apple
[12/03/2008|04:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ Apple Computer
[09/03/2010|12:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ ashampoo
[09/03/2010|12:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ Australian PC User
[06/22/2007|11:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ BVRP Software
[07/01/2011|11:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ DivX
[02/28/2011|10:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ FreeDownloadManager.ORG
[07/18/2007|11:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ Grisoft
[01/27/2010|09:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ HP
[01/18/2010|06:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ HP Product Assistant
[10/12/2009|12:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ IM
[10/12/2009|12:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ IncrediMail
[05/11/2011|05:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ Installations
[06/17/2006|01:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ InstallShield
[12/12/2009|11:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ Kaspersky SDK
[09/03/2010|12:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ Logishrd
[07/27/2009|10:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ MailFrontier
[06/26/2011|06:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ Malwarebytes
[03/07/2011|09:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ McAfee
[03/17/2007|01:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ Messenger Plus!
[06/26/2011|11:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ Microsoft
[06/16/2011|12:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ Microsoft Help
[06/25/2011|10:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ NCH Swift Sound
[03/20/2009|09:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ Office Genuine Advantage
[04/02/2010|11:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ OviInstallerCache
[10/25/2009|10:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ PC Suite
[06/15/2011|08:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ Photo Notifier and Animation Creator
[12/03/2008|04:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ QuickTime
[01/09/2008|07:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ RoboForm
[11/24/2005|01:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ SBSI
[08/03/2011|11:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ Skype
[09/28/2007|02:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ Sonic
[06/26/2011|01:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ Spybot - Search & Destroy
[01/27/2010|10:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ Sun
[06/25/2011|11:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ SUPERAntiSpyware.com
[07/28/2009|04:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ TEMP
[11/26/2009|04:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ TomTom
[01/18/2010|07:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ WEBREG
[04/15/2006|07:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ Windows Genuine Advantage
[09/03/2010|12:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ WindSolutions
[06/09/2008|09:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ WLInstaller
[08/03/2011|11:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ Yahoo!

[11/24/2005|01:26] C:\DOCUME~1\DEFAUL~1\APPLIC~1\ Identities
[04/02/2010|04:37] C:\DOCUME~1\DEFAUL~1\APPLIC~1\ Macromedia
[11/24/2005|02:20] C:\DOCUME~1\DEFAUL~1\APPLIC~1\ Microsoft
[12/11/2009|02:26] C:\DOCUME~1\DEFAUL~1\APPLIC~1\ Sun
[11/25/2005|04:48] C:\DOCUME~1\DEFAUL~1\APPLIC~1\ toshiba

[07/25/2011|12:25] C:\DOCUME~1\Flickels\APPLIC~1\ #ISW.FS#
[04/17/2011|11:50] C:\DOCUME~1\Flickels\APPLIC~1\ Adobe
[09/04/2010|08:33] C:\DOCUME~1\Flickels\APPLIC~1\ Apple Computer
[09/03/2010|01:00] C:\DOCUME~1\Flickels\APPLIC~1\ Ashampoo
[06/26/2011|02:26] C:\DOCUME~1\Flickels\APPLIC~1\ CheckPoint
[01/24/2011|12:46] C:\DOCUME~1\Flickels\APPLIC~1\ com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[08/04/2007|04:12] C:\DOCUME~1\Flickels\APPLIC~1\ Datalayer
[05/12/2010|03:09] C:\DOCUME~1\Flickels\APPLIC~1\ DivX
[07/01/2011|11:07] C:\DOCUME~1\Flickels\APPLIC~1\ DVDVideoSoft
[03/17/2010|01:07] C:\DOCUME~1\Flickels\APPLIC~1\ FileZilla
[06/26/2011|11:03] C:\DOCUME~1\Flickels\APPLIC~1\ Free Download Manager
[12/25/2010|09:36] C:\DOCUME~1\Flickels\APPLIC~1\ GARMIN
[07/15/2011|04:22] C:\DOCUME~1\Flickels\APPLIC~1\ Gutar
[07/15/2006|11:30] C:\DOCUME~1\Flickels\APPLIC~1\ Help
[09/30/2010|06:28] C:\DOCUME~1\Flickels\APPLIC~1\ HP
[11/24/2005|01:26] C:\DOCUME~1\Flickels\APPLIC~1\ Identities
[02/20/2007|09:38] C:\DOCUME~1\Flickels\APPLIC~1\ IMVU
[11/26/2009|04:43] C:\DOCUME~1\Flickels\APPLIC~1\ InstallShield
[05/14/2006|11:54] C:\DOCUME~1\Flickels\APPLIC~1\ InterVideo
[06/13/2006|11:41] C:\DOCUME~1\Flickels\APPLIC~1\ Jasc
[08/05/2010|08:53] C:\DOCUME~1\Flickels\APPLIC~1\ Leadertech
[10/28/2006|11:39] C:\DOCUME~1\Flickels\APPLIC~1\ Macromedia
[11/26/2009|03:15] C:\DOCUME~1\Flickels\APPLIC~1\ MailFrontier
[06/26/2011|06:04] C:\DOCUME~1\Flickels\APPLIC~1\ Malwarebytes
[06/25/2011|10:31] C:\DOCUME~1\Flickels\APPLIC~1\ Media Player Classic
[01/28/2011|08:52] C:\DOCUME~1\Flickels\APPLIC~1\ Microsoft
[07/31/2009|09:21] C:\DOCUME~1\Flickels\APPLIC~1\ Mp3tag
[05/20/2011|10:34] C:\DOCUME~1\Flickels\APPLIC~1\ Nokia
[07/15/2011|04:00] C:\DOCUME~1\Flickels\APPLIC~1\ Obsu
[05/20/2011|10:34] C:\DOCUME~1\Flickels\APPLIC~1\ PC Suite
[12/24/2007|11:03] C:\DOCUME~1\Flickels\APPLIC~1\ Screenshot Sender
[08/05/2011|11:23] C:\DOCUME~1\Flickels\APPLIC~1\ Skype
[05/28/2011|05:29] C:\DOCUME~1\Flickels\APPLIC~1\ skypePM
[10/03/2006|10:26] C:\DOCUME~1\Flickels\APPLIC~1\ SmartDraw
[05/20/2006|07:21] C:\DOCUME~1\Flickels\APPLIC~1\ Sonic
[04/17/2006|09:25] C:\DOCUME~1\Flickels\APPLIC~1\ Sun
[06/25/2011|11:03] C:\DOCUME~1\Flickels\APPLIC~1\ SUPERAntiSpyware.com
[05/29/2007|07:00] C:\DOCUME~1\Flickels\APPLIC~1\ toshiba
[02/11/2008|03:55] C:\DOCUME~1\Flickels\APPLIC~1\ U3
[06/26/2011|11:03] C:\DOCUME~1\Flickels\APPLIC~1\ uTorrent
[07/28/2009|01:10] C:\DOCUME~1\Flickels\APPLIC~1\ Windows Desktop Search
[07/28/2009|11:28] C:\DOCUME~1\Flickels\APPLIC~1\ Windows Search
[09/03/2010|12:48] C:\DOCUME~1\Flickels\APPLIC~1\ WindSolutions
[12/11/2009|09:45] C:\DOCUME~1\Flickels\APPLIC~1\ WinRAR

[11/27/2006|10:27] C:\DOCUME~1\Guest\APPLIC~1\ Adobe
[11/24/2005|01:26] C:\DOCUME~1\Guest\APPLIC~1\ Identities
[11/27/2006|07:16] C:\DOCUME~1\Guest\APPLIC~1\ Macromedia
[11/27/2006|09:41] C:\DOCUME~1\Guest\APPLIC~1\ Microsoft
[11/27/2006|07:13] C:\DOCUME~1\Guest\APPLIC~1\ Mozilla
[11/25/2005|04:48] C:\DOCUME~1\Guest\APPLIC~1\ toshiba

[06/26/2011|11:15] C:\DOCUME~1\LOCALS~1\APPLIC~1\ Adobe
[11/26/2010|11:00] C:\DOCUME~1\LOCALS~1\APPLIC~1\ Apple Computer
[06/26/2011|11:15] C:\DOCUME~1\LOCALS~1\APPLIC~1\ Macromedia
[06/26/2011|11:52] C:\DOCUME~1\LOCALS~1\APPLIC~1\ Microsoft

[06/26/2011|10:59] C:\DOCUME~1\NETWOR~1\APPLIC~1\ Adobe
[04/14/2010|10:13] C:\DOCUME~1\NETWOR~1\APPLIC~1\ DivX
[06/26/2011|11:00] C:\DOCUME~1\NETWOR~1\APPLIC~1\ Macromedia
[11/24/2005|01:25] C:\DOCUME~1\NETWOR~1\APPLIC~1\ Microsoft
[07/15/2011|06:51] C:\DOCUME~1\NETWOR~1\APPLIC~1\ Sun

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[08/09/2011 02:55 PM][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[08/13/2011 02:19 PM][--a--c---] C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3104764887-2994076566-3931121267-1006UA.job
[08/12/2011 07:19 PM][--a--c---] C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3104764887-2994076566-3931121267-1006Core.job
[08/08/2011 03:00 AM][--a--c---] C:\WINDOWS\tasks\Defrag.job
[08/05/2011 10:47 AM][--ah-c---] C:\WINDOWS\tasks\SA.DAT
[08/04/2004 10:00 PM][-r-h-c---] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing Folders in C:\Program Files

[06/21/2011|09:41] C:\Program Files\ Adobe
[07/29/2011|09:15] C:\Program Files\ Apple Software Update
[09/03/2010|12:54] C:\Program Files\ Ashampoo
[04/16/2006|10:14] C:\Program Files\ Atheros
[07/27/2009|07:44] C:\Program Files\ ATI Technologies
[04/25/2010|05:42] C:\Program Files\ Audacity
[09/05/2009|12:14] C:\Program Files\ AudioShell
[07/29/2011|10:51] C:\Program Files\ Bonjour
[08/03/2011|10:48] C:\Program Files\ CCleaner
[12/12/2009|11:10] C:\Program Files\ CheckPoint
[08/03/2011|11:11] C:\Program Files\ Common Files
[11/24/2005|01:23] C:\Program Files\ ComPlus Applications
[07/30/2009|08:36] C:\Program Files\ CPUID
[07/25/2011|11:59] C:\Program Files\ Defraggler
[12/25/2010|09:08] C:\Program Files\ DIFX
[07/01/2011|11:18] C:\Program Files\ DivX
[11/25/2005|04:48] C:\Program Files\ DVD-RAM
[07/01/2011|11:07] C:\Program Files\ DVDVideoSoft
[03/17/2010|01:08] C:\Program Files\ FileZilla FTP Client
[02/28/2011|10:27] C:\Program Files\ Free Download Manager
[06/05/2011|01:22] C:\Program Files\ Garmin
[12/25/2010|09:09] C:\Program Files\ Garmin GPS Plugin
[01/18/2010|06:50] C:\Program Files\ Hewlett-Packard
[09/30/2010|05:55] C:\Program Files\ HP
[08/04/2011|12:02] C:\Program Files\ IncrediMail
[02/18/2011|09:21] C:\Program Files\ InstallShield Installation Information
[06/16/2011|01:39] C:\Program Files\ Internet Explorer
[11/25/2005|04:50] C:\Program Files\ InterVideo
[07/29/2011|11:00] C:\Program Files\ iPod
[07/29/2011|11:02] C:\Program Files\ iTunes
[06/18/2011|10:15] C:\Program Files\ Java
[02/28/2011|10:50] C:\Program Files\ K-Lite Codec Pack
[04/25/2010|05:45] C:\Program Files\ Kreatives.org
[05/18/2010|10:06] C:\Program Files\ Lame for Audacity
[11/24/2005|03:18] C:\Program Files\ ltmoh
[11/11/2010|10:36] C:\Program Files\ maemo
[07/18/2011|02:06] C:\Program Files\ Malwarebytes' Anti-Malware
[09/30/2008|10:26] C:\Program Files\ Messenger
[09/07/2008|05:30] C:\Program Files\ Messenger Plus! Live
[07/29/2009|01:10] C:\Program Files\ MessengerPlus! 3
[07/28/2009|11:08] C:\Program Files\ Microsoft
[09/29/2010|02:29] C:\Program Files\ Microsoft ActiveSync
[08/03/2007|03:01] C:\Program Files\ Microsoft CAPICOM 2.1.0.2
[11/24/2005|01:26] C:\Program Files\ microsoft frontpage
[08/03/2011|02:48] C:\Program Files\ Microsoft Office
[11/11/2009|04:11] C:\Program Files\ Microsoft Office Outlook Connector
[06/16/2011|08:16] C:\Program Files\ Microsoft Silverlight
[07/28/2009|11:05] C:\Program Files\ Microsoft SQL Server Compact Edition
[07/28/2009|11:06] C:\Program Files\ Microsoft Sync Framework
[05/01/2006|08:00] C:\Program Files\ Microsoft Visual Studio
[07/30/2009|08:26] C:\Program Files\ Microsoft Works
[12/25/2010|09:47] C:\Program Files\ Microsoft.NET
[08/13/2010|03:07] C:\Program Files\ Movie Maker
[02/18/2011|09:18] C:\Program Files\ Mozilla Firefox
[03/21/2010|03:20] C:\Program Files\ Mp3tag
[07/28/2009|11:44] C:\Program Files\ MSBuild
[07/30/2009|06:01] C:\Program Files\ MSECache
[11/24/2005|01:22] C:\Program Files\ MSN
[11/24/2005|01:22] C:\Program Files\ MSN Gaming Zone
[10/15/2006|03:03] C:\Program Files\ MSXML 4.0
[10/25/2009|02:30] C:\Program Files\ MSXML 6.0
[10/07/2009|04:42] C:\Program Files\ NCH Software
[09/30/2008|10:15] C:\Program Files\ NetMeeting
[05/11/2011|11:29] C:\Program Files\ Nokia
[07/13/2006|10:13] C:\Program Files\ Online Services
[12/17/2010|02:04] C:\Program Files\ Outlook Express
[05/11/2011|11:28] C:\Program Files\ PC Connectivity Solution
[09/07/2010|03:46] C:\Program Files\ PC User Audio Toolkit
[06/15/2011|08:55] C:\Program Files\ Photo Notifier and Animation Creator
[08/07/2011|12:51] C:\Program Files\ PS3 Media Server
[12/26/2010|11:46] C:\Program Files\ QuickTime
[11/24/2005|03:17] C:\Program Files\ Realtek
[07/28/2009|11:44] C:\Program Files\ Reference Assemblies
[03/17/2010|08:10] C:\Program Files\ Secunia
[01/09/2008|07:46] C:\Program Files\ Siber Systems
[08/03/2011|11:11] C:\Program Files\ Skype
[10/03/2006|12:45] C:\Program Files\ SmartDraw 7
[11/25/2005|04:50] C:\Program Files\ Sonic
[06/26/2011|12:43] C:\Program Files\ Spybot - Search & Destroy
[10/22/2006|11:28] C:\Program Files\ SRN Micro
[06/25/2011|11:04] C:\Program Files\ SUPERAntiSpyware
[11/24/2005|03:17] C:\Program Files\ Synaptics
[04/16/2006|10:15] C:\Program Files\ TOSHIBA
[11/24/2005|01:28] C:\Program Files\ Uninstall Information
[03/28/2011|05:47] C:\Program Files\ uTorrent
[07/28/2009|01:46] C:\Program Files\ Windows Desktop Search
[07/30/2009|06:02] C:\Program Files\ Windows Installer Clean Up
[06/15/2011|08:02] C:\Program Files\ Windows Live
[06/09/2008|09:52] C:\Program Files\ Windows Live Favorites
[07/28/2009|11:03] C:\Program Files\ Windows Live SkyDrive
[07/28/2009|11:07] C:\Program Files\ Windows Live Toolbar
[07/28/2009|01:05] C:\Program Files\ Windows Media Connect 2
[07/28/2009|01:05] C:\Program Files\ Windows Media Player
[07/13/2006|10:13] C:\Program Files\ Windows NT
[11/24/2005|01:24] C:\Program Files\ WindowsUpdate
[08/03/2011|11:06] C:\Program Files\ WinRAR
[11/24/2005|01:26] C:\Program Files\ xerox
[01/06/2007|11:05] C:\Program Files\ Yahoo!
[07/28/2009|04:17] C:\Program Files\ Zone Labs

--------------------\\ Listing Folders in C:\Program Files\Common Files

[06/21/2011|09:42] C:\Program Files\Common Files\ Adobe
[08/11/2006|09:09] C:\Program Files\Common Files\ Adobe Systems Shared
[07/29/2011|11:00] C:\Program Files\Common Files\ Apple
[05/01/2006|08:01] C:\Program Files\Common Files\ DESIGNER
[07/01/2011|11:17] C:\Program Files\Common Files\ DivX Shared
[07/01/2011|11:07] C:\Program Files\Common Files\ DVDVideoSoft
[07/02/2006|01:42] C:\Program Files\Common Files\ Hewlett-Packard
[07/29/2009|11:29] C:\Program Files\Common Files\ HP
[02/18/2011|09:19] C:\Program Files\Common Files\ InstallShield
[06/18/2011|10:29] C:\Program Files\Common Files\ Java
[05/01/2006|08:02] C:\Program Files\Common Files\ L&H
[09/03/2010|12:13] C:\Program Files\Common Files\ LogiShrd
[07/14/2010|11:25] C:\Program Files\Common Files\ Microsoft Shared
[05/27/2007|10:21] C:\Program Files\Common Files\ Motorola Shared
[11/24/2005|01:24] C:\Program Files\Common Files\ MSSoap
[05/11/2011|11:29] C:\Program Files\Common Files\ Nokia
[11/24/2005|05:19] C:\Program Files\Common Files\ ODBC
[05/11/2011|11:29] C:\Program Files\Common Files\ PCSuite
[11/24/2005|01:24] C:\Program Files\Common Files\ Services
[11/24/2005|05:19] C:\Program Files\Common Files\ SpeechEngines
[08/17/2010|09:44] C:\Program Files\Common Files\ Symantec Shared
[11/11/2009|04:11] C:\Program Files\Common Files\ System
[07/28/2009|01:13] C:\Program Files\Common Files\ Windows Live
[06/09/2008|09:52] C:\Program Files\Common Files\ WindowsLiveInstaller

--------------------\\ Process

( 76 Processes )

MsgPlus.exe ~ [PID:2580]

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

No Lop folder found !

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2011-08-13 14:57:02
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 317

--------------------\\ Searching for other infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\Flickels\Shared\Paint Shop Pro 7.04 + Animation Shop 3.04 + Crack
C:\DOCUME~1\Flickels\Shared\Paint Shop Pro 7.04 + Animation Shop 3.04 + Crack.zip
C:\DOCUME~1\Flickels\Shared\Paint Shop Pro 7.04 + Animation Shop 3.04 + Crack\Crack
C:\DOCUME~1\Flickels\Shared\Paint Shop Pro 7.04 + Animation Shop 3.04 + Crack\Data.Cab
C:\DOCUME~1\Flickels\Shared\Paint Shop Pro 7.04 + Animation Shop 3.04 + Crack\instmsia.exe
C:\DOCUME~1\Flickels\Shared\Paint Shop Pro 7.04 + Animation Shop 3.04 + Crack\instmsiw.exe
C:\DOCUME~1\Flickels\Shared\Paint Shop Pro 7.04 + Animation Shop 3.04 + Crack\Paint Shop Pro 7 Try And Buy.msi
C:\DOCUME~1\Flickels\Shared\Paint Shop Pro 7.04 + Animation Shop 3.04 + Crack\setup.exe
C:\DOCUME~1\Flickels\Shared\Paint Shop Pro 7.04 + Animation Shop 3.04 + Crack\setup.ini
C:\DOCUME~1\Flickels\Shared\Paint Shop Pro 7.04 + Animation Shop 3.04 + Crack\Crack\Animation Shop v3.xx Crack
C:\DOCUME~1\Flickels\Shared\Paint Shop Pro 7.04 + Animation Shop 3.04 + Crack\Crack\Jasc.reg
C:\DOCUME~1\Flickels\Shared\Paint Shop Pro 7.04 + Animation Shop 3.04 + Crack\Crack\Jasc.txt
C:\DOCUME~1\Flickels\Shared\Paint Shop Pro 7.04 + Animation Shop 3.04 + Crack\Crack\junreg.exe
C:\DOCUME~1\Flickels\Shared\Paint Shop Pro 7.04 + Animation Shop 3.04 + Crack\Crack\PaintShop Pro v7.xx Crack
C:\DOCUME~1\Flickels\Shared\Paint Shop Pro 7.04 + Animation Shop 3.04 + Crack\Crack\Animation Shop v3.xx Crack\File_ID.diz
C:\DOCUME~1\Flickels\Shared\Paint Shop Pro 7.04 + Animation Shop 3.04 + Crack\Crack\Animation Shop v3.xx Crack\Read WKT.NFO for information and instructions.txt
C:\DOCUME~1\Flickels\Shared\Paint Shop Pro 7.04 + Animation Shop 3.04 + Crack\Crack\Animation Shop v3.xx Crack\WkT!.nfo
C:\DOCUME~1\Flickels\Shared\Paint Shop Pro 7.04 + Animation Shop 3.04 + Crack\Crack\Animation Shop v3.xx Crack\wktanim3xx.exe
C:\DOCUME~1\Flickels\Shared\Paint Shop Pro 7.04 + Animation Shop 3.04 + Crack\Crack\PaintShop Pro v7.xx Crack\File_ID.diz
C:\DOCUME~1\Flickels\Shared\Paint Shop Pro 7.04 + Animation Shop 3.04 + Crack\Crack\PaintShop Pro v7.xx Crack\Read WKT.NFO for information and instructions.txt
C:\DOCUME~1\Flickels\Shared\Paint Shop Pro 7.04 + Animation Shop 3.04 + Crack\Crack\PaintShop Pro v7.xx Crack\THECRACK.HTM
C:\DOCUME~1\Flickels\Shared\Paint Shop Pro 7.04 + Animation Shop 3.04 + Crack\Crack\PaintShop Pro v7.xx Crack\WkT!.nfo
C:\DOCUME~1\Flickels\Shared\Paint Shop Pro 7.04 + Animation Shop 3.04 + Crack\Crack\PaintShop Pro v7.xx Crack\wktpsp7xx.exe


[F:64][D:15]-> C:\DOCUME~1\Flickels\LOCALS~1\Temp
[F:4][D:0]-> C:\DOCUME~1\Flickels\Cookies
[F:39][D:4]-> C:\DOCUME~1\Flickels\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - Sat 08/13/2011|14:59 - Option : [1]

--------------------\\ Scan completed at 14:59:09

furns

Newbie Surfer
Newbie Surfer

Posts : 18
Joined : 2011-07-20
Operating System : xp

View user profile

Back to top Go down

Re: Hidden malware - Please help

Post by Sponsored content Today at 2:52 am


Sponsored content


Back to top Go down

Page 1 of 2 1, 2  Next

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum