ADS (Alternate Data Streams) Removal

View previous topic View next topic Go down

ADS (Alternate Data Streams) Removal

Post by sblake on Thu 18 Aug 2011, 1:43 am

I have Alternate Data Streams that I can identify but can not remove.. They just keep coming back. I have used programs designed for removal of ADS's and tried in safe mode but they just keep coming back. The problem is with these two:

@Alternate Data Stream - 241 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0574215C
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4

Any help will be appreciated. I have spent hours and am getting nowhere. Thanks!

OTL logfile created on: 8/17/2011 8:20:30 AM - Run 3
OTL by OldTimer - Version 3.2.26.4 Folder = C:\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.67 Mb Total Physical Memory | 521.80 Mb Available Physical Memory | 51.02% Memory free
2.40 Gb Paging File | 1.96 Gb Available in Paging File | 81.66% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 114.48 Gb Total Space | 61.40 Gb Free Space | 53.63% Space Free | Partition Type: NTFS
Drive D: | 74.53 Gb Total Space | 38.07 Gb Free Space | 51.08% Space Free | Partition Type: NTFS

Computer Name: STEVEWINXP | User Name: Steve | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/17 08:17:34 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Downloads\OTL.com
PRC - [2011/07/23 11:11:07 | 000,136,584 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2011/07/23 11:09:06 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2011/06/06 14:55:32 | 002,903,448 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2011/04/24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
PRC - [2010/11/30 17:26:12 | 000,749,384 | ---- | M] (AVG) -- C:\Program Files\AVG\AVG PC Tuneup 2011\BoostSpeed.exe
PRC - [2010/11/08 13:04:20 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2010/10/08 00:18:42 | 000,726,288 | ---- | M] () -- C:\Program Files\ShrewSoft\VPN Client\iked.exe
PRC - [2010/10/08 00:18:42 | 000,541,968 | ---- | M] () -- C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe
PRC - [2010/10/08 00:18:42 | 000,054,544 | ---- | M] () -- C:\Program Files\ShrewSoft\VPN Client\dtpd.exe
PRC - [2010/09/17 16:40:06 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2010/07/25 10:59:46 | 001,275,168 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Nuance\PDF Professional 7\PdfPro7Hook.exe
PRC - [2010/07/25 10:59:30 | 000,134,944 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Nuance\PDF Professional 7\PDFProFiltSrv.exe
PRC - [2010/02/11 17:48:50 | 001,266,944 | ---- | M] (Matrox Graphics Inc.) -- c:\Program Files\Matrox Graphics Inc\PowerDesk\Services\Matrox.PowerDesk.Services.exe
PRC - [2010/02/11 17:48:24 | 004,246,784 | ---- | M] (Matrox Graphics Inc.) -- C:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDesk SE.exe
PRC - [2010/02/11 17:48:22 | 000,344,832 | ---- | M] (Matrox Graphics Inc) -- c:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.Pdesk.ServicesHost.exe
PRC - [2009/08/03 10:22:58 | 000,233,472 | ---- | M] (Teruten) -- C:\WINDOWS\system32\FsUsbExService.Exe
PRC - [2009/06/22 09:03:28 | 000,257,088 | ---- | M] (NovaStor) -- C:\Program Files\NovaStor\NovaStor NovaBACKUP\nsService.exe
PRC - [2009/06/22 09:03:28 | 000,179,264 | ---- | M] (NovaStor) -- C:\Program Files\NovaStor\NovaStor NovaBACKUP\nsCtrl.exe
PRC - [2009/05/20 20:02:56 | 000,176,128 | ---- | M] () -- C:\Program Files\NovaStor\NovaStor NovaBACKUP\DR\CBP\DCSchdler.exe
PRC - [2009/05/20 20:02:56 | 000,090,112 | ---- | M] () -- C:\Program Files\NovaStor\NovaStor NovaBACKUP\DR\FsLoader.exe
PRC - [2007/11/14 10:29:32 | 000,126,976 | ---- | M] () -- C:\Program Files\Common Files\RS\RS.exe
PRC - [2007/04/04 08:48:42 | 000,087,560 | ---- | M] (Matrox Graphics Inc.) -- C:\WINDOWS\system32\mgabg.exe
PRC - [2007/02/16 18:57:24 | 001,945,960 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
PRC - [2007/02/16 18:49:58 | 000,149,024 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2007/02/16 18:49:50 | 000,411,168 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2007/02/16 18:45:30 | 001,169,776 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2006/06/07 13:46:24 | 000,942,080 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
PRC - [2006/02/23 12:41:02 | 000,100,032 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2004/12/21 11:19:00 | 000,804,480 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
PRC - [2004/12/21 11:19:00 | 000,763,520 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
PRC - [2003/08/21 18:06:30 | 000,593,408 | ---- | M] (Alex van Kaam) -- C:\Program Files\Motherboard Monitor 5\MBM5.exe
PRC - [2003/05/29 16:28:32 | 000,790,528 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
PRC - [2002/09/20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
PRC - [2002/04/11 11:47:52 | 000,176,128 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Hardware\Mouse\point32.exe
PRC - [2002/03/04 14:11:50 | 000,782,336 | ---- | M] (Tiburon Technology, Inc.) -- C:\Program Files\ePrompter\ePrompter.exe
PRC - [2002/02/15 10:51:00 | 000,114,749 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\pcAnywhere\awhost32.exe
PRC - [2001/08/17 22:36:54 | 000,086,016 | ---- | M] (PCtel, Inc.) -- C:\WINDOWS\system32\pctspk.exe
PRC - [1998/08/26 15:16:14 | 000,063,488 | ---- | M] () -- C:\SUPERFAX\PROGRAM\PICPMON.EXE


========== Modules (No Company Name) ==========

MOD - [2011/04/24 23:13:30 | 007,008,656 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtgui4.dll
MOD - [2011/04/24 23:13:28 | 000,192,912 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtsql4.dll
MOD - [2011/04/24 23:13:26 | 001,270,160 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtscript4.dll
MOD - [2011/04/24 23:13:26 | 000,758,160 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtnetwork4.dll
MOD - [2011/04/24 23:13:24 | 002,118,032 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtcore4.dll
MOD - [2011/04/24 23:13:24 | 002,089,360 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtdeclarative4.dll
MOD - [2011/04/20 19:56:28 | 000,025,088 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll
MOD - [2010/11/30 17:26:54 | 000,350,024 | ---- | M] () -- C:\Program Files\AVG\AVG PC Tuneup 2011\madExcept_.bpl
MOD - [2010/11/30 17:26:52 | 000,184,136 | ---- | M] () -- C:\Program Files\AVG\AVG PC Tuneup 2011\madBasic_.bpl
MOD - [2010/11/30 17:26:52 | 000,050,504 | ---- | M] () -- C:\Program Files\AVG\AVG PC Tuneup 2011\madDisAsm_.bpl
MOD - [2010/10/08 00:18:42 | 000,726,288 | ---- | M] () -- C:\Program Files\ShrewSoft\VPN Client\iked.exe
MOD - [2010/10/08 00:18:42 | 000,541,968 | ---- | M] () -- C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe
MOD - [2010/10/08 00:18:42 | 000,054,544 | ---- | M] () -- C:\Program Files\ShrewSoft\VPN Client\dtpd.exe
MOD - [2010/09/02 02:25:06 | 000,030,208 | ---- | M] () -- C:\Program Files\ShrewSoft\VPN Client\libvnet.dll
MOD - [2010/09/02 02:24:54 | 000,026,624 | ---- | M] () -- C:\Program Files\ShrewSoft\VPN Client\libvflt.dll
MOD - [2010/09/02 02:24:48 | 000,022,016 | ---- | M] () -- C:\Program Files\ShrewSoft\VPN Client\libike.dll
MOD - [2010/09/02 02:24:48 | 000,016,384 | ---- | M] () -- C:\Program Files\ShrewSoft\VPN Client\libdtp.dll
MOD - [2010/09/02 02:24:42 | 000,025,600 | ---- | M] () -- C:\Program Files\ShrewSoft\VPN Client\libpfk.dll
MOD - [2010/09/02 02:24:38 | 000,102,400 | ---- | M] () -- C:\Program Files\ShrewSoft\VPN Client\libip.dll
MOD - [2010/09/02 02:24:14 | 000,019,968 | ---- | M] () -- C:\Program Files\ShrewSoft\VPN Client\libidb.dll
MOD - [2010/09/02 02:24:10 | 000,011,264 | ---- | M] () -- C:\Program Files\ShrewSoft\VPN Client\liblog.dll
MOD - [2010/09/02 02:24:08 | 000,015,360 | ---- | M] () -- C:\Program Files\ShrewSoft\VPN Client\libith.dll
MOD - [2009/06/22 09:02:48 | 002,505,792 | ---- | M] () -- C:\Program Files\NovaStor\NovaStor NovaBACKUP\nsAppRes409.dll
MOD - [2009/06/22 09:02:32 | 000,179,264 | ---- | M] () -- C:\Program Files\NovaStor\NovaStor NovaBACKUP\nsEngineRes409.dll
MOD - [2009/06/22 08:16:18 | 000,005,120 | ---- | M] () -- C:\Program Files\NovaStor\NovaStor NovaBACKUP\throttle.dll
MOD - [2009/05/20 20:02:56 | 000,176,128 | ---- | M] () -- C:\Program Files\NovaStor\NovaStor NovaBACKUP\DR\CBP\DCSchdler.exe
MOD - [2009/05/20 20:02:56 | 000,106,496 | ---- | M] () -- C:\Program Files\NovaStor\NovaStor NovaBACKUP\DR\CallProMode.dll
MOD - [2009/05/20 20:02:56 | 000,090,112 | ---- | M] () -- C:\Program Files\NovaStor\NovaStor NovaBACKUP\DR\FsLoader.exe
MOD - [2008/04/13 19:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2007/11/14 10:29:32 | 000,126,976 | ---- | M] () -- C:\Program Files\Common Files\RS\RS.exe
MOD - [2007/11/13 12:53:00 | 000,671,744 | ---- | M] () -- C:\Program Files\Common Files\RS\TMRemote.dll
MOD - [2007/02/14 19:21:32 | 000,050,720 | ---- | M] () -- C:\Program Files\Common Files\Acronis\Common\gc.dll
MOD - [2006/12/20 15:15:06 | 000,254,015 | ---- | M] () -- C:\Program Files\Common Files\RS\RemoteDll.dll
MOD - [2002/07/04 09:38:00 | 000,053,248 | ---- | M] () -- C:\Program Files\ArcSoft\Software Suite\PhotoImpression 5\Share\PIHook.dll
MOD - [2002/04/11 11:47:52 | 000,069,632 | ---- | M] () -- C:\Program Files\Microsoft Hardware\Mouse\IP4xBatt.dll
MOD - [2000/06/14 13:32:34 | 000,067,584 | ---- | M] () -- C:\SUPERFAX\PROGRAM\PICUX.DLL
MOD - [2000/06/14 13:32:30 | 000,100,864 | ---- | M] () -- C:\SUPERFAX\PROGRAM\PICLIB1.DLL
MOD - [2000/04/20 13:49:22 | 000,122,880 | ---- | M] () -- C:\SUPERFAX\PROGRAM\PICDLG.DLL
MOD - [1999/05/20 20:18:30 | 000,279,040 | ---- | M] () -- C:\SUPERFAX\PROGRAM\PICLANG.DLL
MOD - [1999/05/20 20:18:00 | 002,380,800 | ---- | M] () -- C:\SUPERFAX\PROGRAM\PICICON.DLL
MOD - [1999/02/04 22:38:40 | 000,103,936 | ---- | M] () -- C:\SUPERFAX\PROGRAM\PICUL.DLL
MOD - [1999/01/19 19:45:52 | 000,032,256 | ---- | M] () -- C:\SUPERFAX\PROGRAM\PICUT.DLL
MOD - [1998/12/01 16:21:06 | 000,103,424 | ---- | M] () -- C:\SUPERFAX\PROGRAM\PICCE.DLL
MOD - [1998/08/26 15:16:14 | 000,063,488 | ---- | M] () -- C:\SUPERFAX\PROGRAM\PICPMON.EXE


========== Win32 Services (SafeList) ==========

SRV - [2011/07/23 11:11:07 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2011/07/23 11:09:06 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2011/04/24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe -- (AVP)
SRV - [2010/11/08 13:04:20 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2010/10/08 00:18:42 | 000,726,288 | ---- | M] () [Auto | Running] -- C:\Program Files\ShrewSoft\VPN Client\iked.exe -- (iked)
SRV - [2010/10/08 00:18:42 | 000,541,968 | ---- | M] () [Auto | Running] -- C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe -- (ipsecd)
SRV - [2010/10/08 00:18:42 | 000,054,544 | ---- | M] () [Auto | Running] -- C:\Program Files\ShrewSoft\VPN Client\dtpd.exe -- (dtpd)
SRV - [2010/07/25 10:59:30 | 000,134,944 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files\Nuance\PDF Professional 7\PDFProFiltSrv.exe -- (PDFProFiltSrv)
SRV - [2010/02/11 17:48:50 | 001,266,944 | ---- | M] (Matrox Graphics Inc.) [Auto | Running] -- c:\Program Files\Matrox Graphics Inc\PowerDesk\Services\Matrox.PowerDesk.Services.exe -- (Matrox Centering Service)
SRV - [2010/02/11 17:48:22 | 000,344,832 | ---- | M] (Matrox Graphics Inc) [Auto | Running] -- c:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.Pdesk.ServicesHost.exe -- (Matrox.Pdesk.ServicesHost)
SRV - [2009/08/03 10:22:58 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2009/06/22 09:03:28 | 000,257,088 | ---- | M] (NovaStor) [Auto | Running] -- C:\Program Files\NovaStor\NovaStor NovaBACKUP\nsService.exe -- (nsService)
SRV - [2009/05/20 20:02:56 | 000,098,304 | ---- | M] () [Auto | Stopped] -- C:\Program Files\NovaStor\NovaStor NovaBACKUP\DR\CBP\DCSchdlerSRVC.exe -- (Backup Scheduler)
SRV - [2009/05/20 20:02:56 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Program Files\NovaStor\NovaStor NovaBACKUP\DR\Fsloader.exe -- (Real time Backup Loader)
SRV - [2008/04/07 10:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2007/11/14 10:29:32 | 000,126,976 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\RS\RS.exe -- (RemoteControlService)
SRV - [2007/04/04 08:48:42 | 000,087,560 | ---- | M] (Matrox Graphics Inc.) [Auto | Running] -- C:\WINDOWS\system32\mgabg.exe -- (MGABGEXE)
SRV - [2007/02/16 18:49:50 | 000,411,168 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2007/01/26 15:33:00 | 000,153,088 | ---- | M] (Avanquest Publishing USA, Inc.) [On_Demand | Stopped] -- C:\Program Files\VCOM\SystemSuite\MXTask.exe -- (SystemSuite Task Manager)
SRV - [2006/06/07 13:46:24 | 000,942,080 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV - [2006/02/23 12:41:02 | 002,045,632 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate)
SRV - [2006/02/23 12:41:02 | 000,100,032 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2005/09/09 04:24:30 | 000,102,400 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor4.0)
SRV - [2005/07/01 17:11:52 | 000,173,040 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Professional 2005.SR2a\RpcDataSrv.exe -- (SandraDataSrv)
SRV - [2005/07/01 17:11:40 | 001,160,168 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Professional 2005.SR2a\RpcSandraSrv.exe -- (SandraTheSrv)
SRV - [2004/12/21 11:19:00 | 000,763,520 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe -- (GBPoll)
SRV - [2004/11/02 17:59:50 | 000,316,544 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe -- (SymWSC)
SRV - [2002/09/20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))
SRV - [2002/02/15 10:51:00 | 000,114,749 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\pcAnywhere\awhost32.exe -- (awhost32)
SRV - [2001/08/17 22:36:54 | 000,086,016 | ---- | M] (PCtel, Inc.) [Auto | Running] -- C:\WINDOWS\system32\pctspk.exe -- (Pctspk)
SRV - [1998/08/26 15:16:14 | 000,063,488 | ---- | M] () [Auto | Running] -- C:\SUPERFAX\PROGRAM\PICPMON.EXE -- (Pacific Image Comm. Fax Server)


========== Driver Services (SafeList) ==========

DRV - [2011/07/24 14:35:13 | 000,565,552 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2011/07/23 11:09:25 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2011/03/10 18:34:46 | 000,034,608 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
DRV - [2011/03/04 13:23:20 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kl2.sys -- (kl2)
DRV - [2011/03/04 13:23:14 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\kl1.sys -- (KL1)
DRV - [2010/09/17 16:40:06 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2010/09/17 16:40:06 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2010/09/02 02:18:48 | 000,024,192 | ---- | M] (Shrew Soft Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vfilter.sys -- (pflt)
DRV - [2010/09/02 02:18:48 | 000,011,904 | ---- | M] (Shrew Soft Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\virtualnet.sys -- (vnet)
DRV - [2010/03/02 22:15:52 | 000,022,016 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\system32\drivers\1UnHooker.sys -- (1UnHooker)
DRV - [2009/11/02 20:27:24 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009/08/03 10:22:58 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009/05/20 20:02:56 | 000,155,648 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\DCDisk.sys -- (DCDisk)
DRV - [2009/05/20 20:02:56 | 000,077,472 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\dcsnap.sys -- (dcsnap)
DRV - [2009/05/13 12:41:02 | 000,121,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscemdm.sys -- (sscemdm)
DRV - [2009/05/13 12:41:02 | 000,090,240 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscebus.sys -- (sscebus) SAMSUNG USB Composite Device V2 driver (WDM)
DRV - [2009/05/13 12:41:02 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscemdfl.sys -- (sscemdfl)
DRV - [2009/02/06 14:19:52 | 000,350,592 | ---- | M] (Matrox Graphics Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\g400dhm.sys -- (G400DH)
DRV - [2008/04/13 13:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2007/09/17 16:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/09/16 18:13:23 | 000,392,320 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2007/09/16 18:13:23 | 000,032,768 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2007/09/16 18:13:09 | 000,114,048 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2007/08/15 20:02:42 | 000,022,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbsermpt.sys -- (usbsermpt)
DRV - [2007/06/21 18:43:52 | 000,023,864 | ---- | M] (Webroot Software Inc ([You must be registered and logged in to see this link.] [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sskbfd.sys -- (SSKBFD)
DRV - [2007/02/27 14:31:28 | 000,021,504 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2007/01/29 21:20:04 | 000,361,728 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emBDA.sys -- (USB28xxBGA)
DRV - [2007/01/29 21:19:48 | 000,039,680 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emOEM.sys -- (USB28xxOEM)
DRV - [2006/11/02 19:28:30 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2006/09/15 22:52:12 | 000,124,016 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2006/08/16 14:59:24 | 000,013,930 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\GERNUWA.sys -- (Gernuwa)
DRV - [2005/05/18 20:24:24 | 000,019,416 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Professional 2005.SR2a\sandra.sys -- (SANDRA)
DRV - [2005/02/23 15:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/12/21 10:19:00 | 000,170,718 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\GoBack2k.sys -- (GoBack2K)
DRV - [2004/12/21 10:19:00 | 000,016,196 | R--- | M] (Symantec Corporation) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\GBFSHook.sys -- (GBFSHook)
DRV - [2004/12/21 10:19:00 | 000,004,093 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\GBDevice.sys -- (GBDevice)
DRV - [2004/12/03 05:35:48 | 000,026,672 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\UimBus.sys -- (UimBus)
DRV - [2004/06/19 03:50:10 | 000,120,483 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Uim_IM.sys -- (Uim_IM)
DRV - [2004/03/05 17:09:02 | 000,003,904 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\CheckIt\Diagnostics\MAPMEM.SYS -- (MAPMEM)
DRV - [2004/03/05 17:09:00 | 000,003,744 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\CheckIt\Diagnostics\BCMNTIO.SYS -- (BCMNTIO)
DRV - [2004/03/04 02:23:20 | 000,067,840 | ---- | M] (Rocket Division Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\StarPort.sys -- (StarPort)
DRV - [2004/02/13 03:39:50 | 000,008,960 | R--- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cx88xbar.sys -- (CX88XBAR)
DRV - [2004/02/13 03:39:36 | 000,186,240 | R--- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cx88vid.sys -- (CX23880)
DRV - [2003/10/28 16:17:52 | 000,005,273 | ---- | M] (Arrowkey) [Kernel | Auto | Running] -- C:\Program Files\321Studios\Shared\CDRPDACC.SYS -- (CDRPDACC)
DRV - [2003/05/21 01:20:00 | 000,070,272 | R--- | M] (VIA Technologies inc,.ltd) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\viaraid.sys -- (viaraid)
DRV - [2003/04/17 03:15:22 | 000,147,328 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\EL2K_XP.sys -- (EL2000)
DRV - [2002/09/20 10:53:34 | 000,235,100 | ---- | M] (Analog Devices Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MidiSyn.sys -- (MidiSyn)
DRV - [2002/07/11 06:16:10 | 000,003,480 | ---- | M] (cansoft@livewiredev.com) [Kernel | System | Running] -- C:\WINDOWS\system32\mbmiodrvr.sys -- (mbmiodrvr)
DRV - [2002/04/11 11:47:52 | 000,011,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ipfilter.sys -- (IPFilter)
DRV - [2002/02/11 10:51:00 | 000,033,496 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AW_HOST5.sys -- (AW_HOST)
DRV - [2001/12/03 12:55:14 | 000,155,264 | ---- | M] (Zoran Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nuvvid2.sys -- (NUVision)
DRV - [2001/12/03 12:55:12 | 000,026,560 | ---- | M] (Zoran Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nuvaud2.sys -- (nuvaud2)
DRV - [2001/08/17 13:28:16 | 000,397,502 | ---- | M] (PCtel, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\vpctcom.sys -- (Vpctcom)
DRV - [2001/08/17 13:28:16 | 000,064,605 | ---- | M] (PCtel, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\vvoice.sys -- (Vvoice)
DRV - [2001/08/17 13:28:14 | 000,604,253 | ---- | M] (PCTEL, INC.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\vmodem.sys -- (Vmodem)
DRV - [2001/08/17 13:28:14 | 000,112,574 | ---- | M] (PCTEL, INC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptserlp.sys -- (Ptserlp)
DRV - [2001/08/17 12:49:42 | 000,322,432 | ---- | M] (Matrox Graphics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\g400m.sys -- (G400)
DRV - [2001/04/14 01:22:12 | 000,022,474 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ptiusbf.sys -- (ptiusbf)
DRV - [2000/09/11 10:50:00 | 000,010,816 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\awlegacy.sys -- (awlegacy)
DRV - [2000/07/05 06:00:00 | 000,024,142 | R--- | M] (CASIO COMPUTER CO.,LTD.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Klsmpad.sys -- (Klsmpad)
DRV - [1999/09/10 12:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [1997/04/22 10:16:00 | 000,006,272 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASLM75.SYS -- (aslm75)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\e, = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\e,# = %23
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\e,& = %26
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\e,? = %3F
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\e,+ = %2B
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\e,= = %3D
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\e,MenuText = eBay.de
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\eb, = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\eb,# = %23
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\eb,& = %26
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\eb,? = %3F
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\eb,+ = %2B
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\eb,= = %3D
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\eb,MenuText = eBay.de
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\eba, = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\eba,# = %23
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\eba,& = %26
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\eba,? = %3F
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\eba,+ = %2B
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\eba,= = %3D
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\eba,MenuText = eBay.de
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\ebay, = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\ebay,# = %23
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\ebay,& = %26
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\ebay,? = %3F
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\ebay,+ = %2B
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\ebay,= = %3D
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\ebay,MenuText = eBay.de
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "eBay"
FF - prefs.js..browser.startup.homepage: "http://att.my.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.2.5
FF - prefs.js..extensions.enabledItems: {E843EA9A-B51C-4CAE-93B9-BBE52D0C4551}:1.0.6.1
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:11.0.2.556
FF - prefs.js..extensions.enabledItems: {7C9AE782-DB21-4e40-81FB-AD8A53A6233A}:1.83
FF - prefs.js..extensions.enabledItems: {46868735-c3fa-47ce-8ce7-cce51a66aceb}:1.2
FF - prefs.js..extensions.enabledItems: {ada4b710-8346-4b82-8199-5de2b400a6ae}:1.9.9.3.1
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3
FF - prefs.js..extensions.enabledItems: {246B0AC1-31AB-4786-A4CC-A6AF89647D7F}:0.3.8
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:11.0.2.556
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0.0.608
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10
FF - prefs.js..extensions.enabledItems: {269FB356-C69F-7349-D092-AB28AF836D0E}:3.5.004

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011/06/30 20:09:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2011/08/16 06:57:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2011/08/16 06:57:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2011/08/16 06:57:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/23 11:31:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/30 20:09:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/12/08 07:33:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011/06/30 20:09:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{8C17574E-F5C5-41b8-8B36-333FC7E67980}: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\THBExt_2_x [2011/07/24 14:36:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{FD9B3EC6-8265-41fb-8A2F-4C5A22A95A7B}: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\THBExt_3_1_x [2011/07/24 14:36:50 | 000,000,000 | ---D | M]

[2009/01/31 16:46:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Steve\Application Data\Mozilla\Extensions
[2011/07/23 11:31:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\k3nom86e.default\extensions
[2010/07/03 16:52:15 | 000,000,000 | ---D | M] (Screengrab) -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\k3nom86e.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2010/07/03 16:52:14 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\k3nom86e.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/07/03 16:52:14 | 000,000,000 | ---D | M] (Wikipedia Lookup Add-on) -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\k3nom86e.default\extensions\{246B0AC1-31AB-4786-A4CC-A6AF89647D7F}
[2010/07/03 16:52:08 | 000,000,000 | ---D | M] (Strata Aero) -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\k3nom86e.default\extensions\{269FB356-C69F-7349-D092-AB28AF836D0E}
[2009/01/31 16:51:34 | 000,000,000 | ---D | M] (oldbar) -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\k3nom86e.default\extensions\{46868735-c3fa-47ce-8ce7-cce51a66aceb}
[2009/02/14 13:20:11 | 000,000,000 | ---D | M] (Live IP Address) -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\k3nom86e.default\extensions\{7C9AE782-DB21-4e40-81FB-AD8A53A6233A}
[2011/07/23 11:31:32 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\k3nom86e.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2010/09/11 12:01:27 | 000,000,000 | ---D | M] (Buyertools) -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\k3nom86e.default\extensions\{E843EA9A-B51C-4CAE-93B9-BBE52D0C4551}
[2011/02/08 18:40:59 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\k3nom86e.default\extensions\LogMeInClient@logmein.com
[2009/01/31 16:56:41 | 000,000,000 | ---D | M] ("Broadband Speed Test and Diagnostics") -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\k3nom86e.default\extensions\speedtest@gotomyhelp.com
[2010/07/03 16:52:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\k3nom86e.default\extensions\{269FB356-C69F-7349-D092-AB28AF836D0E}\mozapps\extensions
[2011/06/01 10:15:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2007/12/08 21:26:53 | 000,000,000 | ---D | M] (Buyertools) -- C:\Program Files\Mozilla Firefox\extensions\{E843EA9A-B51C-4CAE-93B9-BBE52D0C4551}
[2010/12/12 14:32:35 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak
[2010/12/12 14:32:29 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak
File not found (No name found) --
() (No name found) -- C:\DOCUMENTS AND SETTINGS\STEVE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\K3NOM86E.DEFAULT\EXTENSIONS\{A7C6CF7F-112C-4500-A7EA-39801A327E5F}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\STEVE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\K3NOM86E.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011/08/16 06:57:36 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2012\FFEXT\KAVANTIBANNER@KASPERSKY.RU
[2011/08/16 06:57:36 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2012\FFEXT\LINKFILTER@KASPERSKY.RU
[2011/08/16 06:57:36 | 000,000,000 | ---D | M] (Kaspersky Virtual Keyboard) -- C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2012\FFEXT\VIRTUALKEYBOARD@KASPERSKY.RU
[2011/07/23 11:31:13 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2005/12/05 23:31:00 | 000,114,688 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npmozax.dll
[2006/01/18 12:50:00 | 000,319,488 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npsnapfish.dll
[2006/09/30 10:00:00 | 000,065,536 | ---- | M] (Avantstar, Inc.) -- C:\Program Files\mozilla firefox\plugins\QVPLUG32.DLL
[2011/05/14 09:34:08 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2010/11/22 19:41:58 | 000,000,495 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 216.109.126.23 dsl.sbc.yahoo.com
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 216.109.126.22 my.yahoo.com
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files\Nuance\PDF Professional 7\bin\PlusIEContextMenu.dll (Zeon Corporation)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Buyertools) - {7C7A8947-5935-4430-AC0E-E7D04697414E} - C:\Program Files\Buyertools Reminder\IEButtonBuyertoolsInterface.dll ()
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (metaspinner GmbH) - {CD9B7762-DFBC-42B1-BB30-02A78287B456} - C:\Program Files\Buyertools Reminder\IEButtonEbayInterface.dll ()
O2 - BHO: (ZeonIEEventHelper Class) - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files\Nuance\PDF Professional 7\bin\ZeonIEFavClient.dll (Zeon Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Nuance PDF) - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files\Nuance\PDF Professional 7\bin\ZeonIEFavClient.dll (Zeon Corporation)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [DiskeeperSystray] C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [Matrox PowerDesk SE] c:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDesk SE.exe (Matrox Graphics Inc.)
O4 - HKLM..\Run: [MBM 5] C:\Program Files\Motherboard Monitor 5\MBM5.EXE (Alex van Kaam)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [Nuance PDF Converter Professional 7-reminder] C:\Program Files\Nuance\PDF Professional 7\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDF7 Registry Controller] C:\Program Files\Nuance\PDF Professional 7\RegistryController.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDFHook] C:\Program Files\Nuance\PDF Professional 7\PdfPro7Hook.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [POINTER] C:\Program Files\Microsoft Hardware\Mouse\point32.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RS] C:\Program Files\Common Files\RS\RS.exe ()
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKCU..\Run: [Adobe Acrobat Synchronizer] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Norton GoBack.lnk = C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe (Symantec Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NovaBACKUP Tray Control.lnk = C:\Program Files\NovaStor\NovaStor NovaBACKUP\nsCtrl.exe (NovaStor)
O4 - Startup: C:\Documents and Settings\Steve\Start Menu\Programs\Startup\ePrompter.lnk = C:\Program Files\ePrompter\ePrompter.exe (Tiburon Technology, Inc.)
O4 - Startup: C:\Documents and Settings\Steve\Start Menu\Programs\Startup\reminder.lnk = C:\Program Files\Reminder\reminder.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStrCmpLogical = 01 00 00 00 [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Append the content of the link to existing PDF file - C:\Program Files\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Append the content of the selected links to existing PDF file - C:\Program Files\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Append to existing PDF file - C:\Program Files\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Create PDF file - C:\Program Files\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Create PDF file from the content of the link - C:\Program Files\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Create PDF files from the selected links - C:\Program Files\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Buyertools Reminder - {27914077-B4D6-4A0E-9763-76B6E9DD9A81} - C:\Program Files\Buyertools Reminder\ReminderIE.exe ()
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} [You must be registered and logged in to see this link.] (Windows Genuine Advantage Validation Tool)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} [You must be registered and logged in to see this link.] (Symantec AntiVirus scanner)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} [You must be registered and logged in to see this link.] (WUWebControl Class)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} [You must be registered and logged in to see this link.] (Symantec RuFSI Utility Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_01)
O16 - DPF: {8BC53B30-32E4-4ED3-BEF9-DB761DB77453} [You must be registered and logged in to see this link.] (CInstallLPCtrl Object)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {A8658086-E6AC-4957-BC8E-8D54A7E8A790} [You must be registered and logged in to see this link.] (GDIChk Object)
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} [You must be registered and logged in to see this link.] (Yahoo! Photos Easy Upload Tool Class)
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} [You must be registered and logged in to see this link.] (Symantec RuFSI Registry Information Class)
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.4.1_02)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.5.0_04)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_01)
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} [You must be registered and logged in to see this link.] (ActiveDataInfo Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab ZAO)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O20 - Winlogon\Notify\PCANotify: DllName - PCANotify.dll - C:\WINDOWS\System32\PCANotify.dll (Symantec Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Steve\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Steve\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {0cab0400-7395-11d0-a5e5-0020afe2fdd9} - C:\WINDOWS\qvphook.dll (Avantstar, Inc.)
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/09/13 14:28:38 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{47399496-8e9f-11de-bace-000c6e407b0d}\Shell\AutoRun\command - "" = L:\Setup_FlipShare.exe
O33 - MountPoints2\{47399496-8e9f-11de-bace-000c6e407b0d}\Shell\Setup FlipShare\command - "" = L:\Setup_FlipShare.exe
O34 - HKLM BootExecute: ("autocheck autochk *") - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: Ip6FwHlp - File not found

MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: svcWRSSSDK - Service
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: svcWRSSSDK - Service
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: UploadMgr - Service
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {02f78298-8af6-495c-9ecb-b6ae68678186} - KB867282
ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {04d6265d-6b5d-41c3-9e7c-48be15919643} - KB890923
ActiveX: {057997dd-71e4-43cc-b161-3f8180691a9e} - Q824145
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {0990B1C2-A505-2CDE-76CD-C75094DC8D4B} - KB890923
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {2298d453-bcae-4519-bf33-1cbf3faf1524} - Q867801
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {2337076a-dd0c-43a6-8d85-54070578a42f} - KB912812
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2cc9d512-6db6-4f1c-8979-9a41fae88de0} - Q837009
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {377483c2-e4b4-4ee8-b577-9aed264c8735} - Q822925
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3e7bb08a-a7a3-4692-8eac-ac5e7895755b} - KB834707
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4b218e3e-bc98-4770-93d3-2731b9329278} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - Windows Messenger 5.0
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5b7bf89d-d196-4c32-a303-a57b8ab7f18d} - KB918439
ActiveX: {5c9ff2bf-938d-47fe-85d9-9dbab4f65018} - KB897715
ActiveX: {5f3c70b3-ac2f-432c-8f9c-1624df61f54f} - Microsoft Data Access Components KB870669
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {689e5762-8d75-4346-90cf-bc1902c32d63} - KB896688
ActiveX: {6b0d63a7-bf2d-45df-877b-b22d4c0eddbd} - KB887797
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {795d0712-722c-43ec-906a-fc5e678eada9} - Q831167
ActiveX: {79844cfb-ac65-4e10-a06a-c974234f40d0} - KB883939
ActiveX: {82ced0ff-a00d-4405-ba5f-ef4699159333} - KB896727
ActiveX: {839117ee-2132-4bae-a56a-42b50204c9b9} - KB889293
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {96543d59-497a-4801-a1f3-5936aacaf7b1} - Q828750
ActiveX: {abcdf74f-9a64-4e6e-b8eb-6e5a41de6550} -
ActiveX: {ae594d5e-dd07-4e54-8252-daa5aebbd4ec} - KB905915
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {BAC01377-73DD-4796-854D-2A8997E3D68A} - Yahoo! Photos Drag-Drop Uploader
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {eddbec60-89cb-44ef-8291-0850fd28ff6a} - Q832894
ActiveX: {f15ee071-deb7-4cbb-951f-431c98338d8e} - KB911567
ActiveX: {f5173cf0-1dfb-4978-8e50-a90169ee7ca9} - Q823353
ActiveX: {f54910c7-a2f3-4ca4-81b2-4a43a5e2680a} - KB916281
ActiveX: {F5776D81-AE53-4935-8E84-B0B283D8BCEF} - Q330994
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE



Last edited by sblake on Thu 18 Aug 2011, 3:11 am; edited 1 time in total

sblake

Newbie Surfer
Newbie Surfer

Posts : 7
Joined : 2011-08-17
Operating System : XP

View user profile

Back to top Go down

Re: ADS (Alternate Data Streams) Removal

Post by sblake on Thu 18 Aug 2011, 1:44 am

Part 2 of OTL log:

Drivers32: msacm.iac2 - C:\WINDOWS\System32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: VIDC.ACDV - C:\WINDOWS\System32\ACDV.dll (ACD Systems)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.NTN1 - C:\WINDOWS\System32\NUVision.ax (Zoran Ltd.)
Drivers32: VIDC.PIM1 - C:\WINDOWS\System32\pclepim1.dll (Pinnacle Systems)
Drivers32: VIDC.PIXL - C:\WINDOWS\System32\pclepixl.dll (Pinnacle Systems)
Drivers32: vidc.tscc - C:\WINDOWS\System32\tsccvid.dll (TechSmith Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/08/16 18:59:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/08/16 18:38:44 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/08/16 17:32:23 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/08/16 17:32:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\Start Menu\Programs\HiJackThis
[2011/08/16 17:27:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\TimoSoft
[2011/08/16 17:27:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\StreamsViewer
[2011/08/16 17:27:58 | 000,000,000 | ---D | C] -- C:\Program Files\StreamsViewer
[2011/08/12 19:37:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\Application Data\GlarySoft
[2011/08/12 19:31:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Glary Utilities
[2011/08/12 19:31:36 | 000,000,000 | ---D | C] -- C:\Program Files\Glary Utilities
[2011/08/12 18:32:47 | 000,000,000 | ---D | C] -- C:\Program Files\SecurityXploded
[2011/08/12 18:32:18 | 000,000,000 | ---D | C] -- C:\Program Files\Pointstone
[2011/08/12 18:32:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\Start Menu\Programs\ADS Scanner 2
[2011/08/11 17:21:54 | 000,000,000 | ---D | C] -- C:\Program Files\Tizerô Rootkit Razor
[2011/08/11 17:21:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Tizerô Rootkit Razor
[2011/07/24 14:38:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Kaspersky Internet Security 2012
[2011/07/24 14:35:46 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2011/07/24 14:35:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
[2011/07/24 14:35:13 | 000,565,552 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2011/07/24 07:26:53 | 000,000,000 | ---D | C] -- C:\Program Files\Unlocker
[2011/07/24 07:26:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\Start Menu\Programs\Unlocker
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/17 08:42:00 | 000,016,679 | ---- | M] () -- C:\WINDOWS\ePrompter.ini
[2011/08/17 07:31:48 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\Steve\Desktop\HiJackThis.lnk
[2011/08/17 06:20:37 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/08/17 06:19:13 | 000,017,920 | -H-- | M] () -- C:\logicinf.bin
[2011/08/17 06:19:10 | 000,001,024 | -H-- | M] () -- C:\diskfile1
[2011/08/17 06:18:50 | 000,000,312 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2011/08/17 06:18:33 | 000,000,388 | ---- | M] () -- C:\WINDOWS\tasks\AVG PC Tuneup 2011 Integrator Start On Windows Logon.job
[2011/08/17 06:18:17 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/08/17 06:18:02 | 1072,418,816 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/16 17:28:00 | 000,000,790 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\StreamsViewer.lnk
[2011/08/16 07:09:41 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/08/12 19:31:41 | 000,000,789 | ---- | M] () -- C:\Documents and Settings\Steve\Desktop\Glary Utilities.lnk
[2011/08/12 18:32:47 | 000,000,924 | ---- | M] () -- C:\Documents and Settings\Steve\Desktop\StreamArmor.lnk
[2011/08/12 18:32:20 | 000,000,857 | ---- | M] () -- C:\Documents and Settings\Steve\Desktop\ADS Scanner 2.lnk
[2011/08/11 17:21:55 | 000,000,886 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Tizerô Rootkit Razor.lnk
[2011/08/11 17:21:55 | 000,000,854 | ---- | M] () -- C:\Documents and Settings\Steve\Application Data\Microsoft\Internet Explorer\Quick Launch\Tizerô Rootkit Razor.lnk
[2011/07/26 21:03:31 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2011/07/25 06:22:04 | 000,001,580 | ---- | M] () -- C:\Documents and Settings\Steve\Start Menu\Programs\Startup\reminder.lnk
[2011/07/24 14:38:59 | 000,115,369 | ---- | M] () -- C:\WINDOWS\System32\drivers\klin.dat
[2011/07/24 14:38:58 | 000,097,859 | ---- | M] () -- C:\WINDOWS\System32\drivers\klick.dat
[2011/07/24 14:35:13 | 000,565,552 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2011/07/23 11:09:25 | 000,083,360 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIRfsClientNP.dll
[2011/07/23 11:09:09 | 000,087,424 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIinit.dll
[2011/07/23 11:09:09 | 000,029,568 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIport.dll
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/16 18:58:37 | 1072,418,816 | -HS- | C] () -- C:\hiberfil.sys
[2011/08/16 17:32:23 | 000,002,447 | ---- | C] () -- C:\Documents and Settings\Steve\Desktop\HiJackThis.lnk
[2011/08/16 17:28:00 | 000,000,790 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\StreamsViewer.lnk
[2011/08/12 19:31:43 | 000,000,312 | ---- | C] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2011/08/12 19:31:41 | 000,000,789 | ---- | C] () -- C:\Documents and Settings\Steve\Desktop\Glary Utilities.lnk
[2011/08/12 18:32:47 | 000,000,924 | ---- | C] () -- C:\Documents and Settings\Steve\Desktop\StreamArmor.lnk
[2011/08/12 18:32:20 | 000,000,857 | ---- | C] () -- C:\Documents and Settings\Steve\Desktop\ADS Scanner 2.lnk
[2011/08/11 17:21:55 | 000,000,886 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Tizerô Rootkit Razor.lnk
[2011/08/11 17:21:55 | 000,000,854 | ---- | C] () -- C:\Documents and Settings\Steve\Application Data\Microsoft\Internet Explorer\Quick Launch\Tizerô Rootkit Razor.lnk
[2011/07/25 06:22:03 | 000,001,580 | ---- | C] () -- C:\Documents and Settings\Steve\Start Menu\Programs\Startup\reminder.lnk
[2011/07/24 14:38:59 | 000,115,369 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat
[2011/07/24 14:38:58 | 000,097,859 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat
[2011/03/11 12:43:54 | 000,029,763 | ---- | C] () -- C:\WINDOWS\System32\drivers\klopp.dat
[2011/01/25 19:49:29 | 000,000,101 | ---- | C] () -- C:\WINDOWS\VSWizard.ini
[2010/03/02 22:15:52 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\1UnHooker.sys
[2009/11/16 22:50:03 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2009/11/16 22:50:03 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2009/11/16 22:49:46 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Steve\Application Data\$_hpcst$.hpc
[2009/10/26 20:14:05 | 000,000,106 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2009/07/18 12:45:12 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\drivers\DCDisk.sys
[2009/07/18 12:45:12 | 000,077,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\dcsnap.sys
[2009/03/12 20:50:59 | 003,852,832 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2009/03/12 20:50:59 | 000,778,272 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2008/06/05 19:38:52 | 000,164,799 | ---- | C] () -- C:\WINDOWS\Audio Converter Pro Uninstaller.exe
[2007/10/25 18:26:10 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2007/08/15 21:15:05 | 000,000,120 | ---- | C] () -- C:\WINDOWS\PbkUser.INI
[2007/08/02 17:42:04 | 000,002,560 | ---- | C] () -- C:\WINDOWS\_MSRSTRT.EXE
[2007/03/30 20:46:41 | 000,009,728 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2007/01/25 20:07:40 | 000,029,600 | ---- | C] () -- C:\WINDOWS\System32\mxntdfg.exe
[2006/12/06 18:40:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2006/10/27 10:34:26 | 000,696,320 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2006/10/27 10:34:26 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2006/09/28 17:34:56 | 000,000,174 | ---- | C] () -- C:\WINDOWS\Readiris.ini
[2006/06/16 19:35:58 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/05/09 20:40:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WinHDM.INI
[2006/05/09 17:21:19 | 003,870,720 | ---- | C] () -- C:\WINDOWS\System32\qt-mt323.dll
[2006/05/09 17:21:10 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\UimExt.dll
[2006/05/09 17:21:10 | 000,120,483 | ---- | C] () -- C:\WINDOWS\System32\drivers\Uim_IM.sys
[2006/05/09 17:21:10 | 000,006,160 | ---- | C] () -- C:\WINDOWS\System32\drivers\UimFIO.sys
[2006/05/06 10:19:04 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Steve\Local Settings\Application Data\fusioncache.dat
[2006/05/06 10:07:43 | 000,205,312 | R--- | C] () -- C:\WINDOWS\patchw32.dll
[2006/05/06 10:07:19 | 000,205,312 | R--- | C] () -- C:\WINDOWS\pw32a.dll
[2006/01/11 22:40:48 | 000,013,396 | ---- | C] () -- C:\WINDOWS\System32\drivers\MTiCtwl.sys
[2006/01/09 21:53:59 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/11/13 20:38:55 | 000,000,023 | ---- | C] () -- C:\WINDOWS\ZDPLUSSEARCH.INI
[2005/11/04 22:33:00 | 000,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
[2005/10/21 21:17:09 | 000,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
[2005/09/03 07:57:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\prestopm.INI
[2005/09/01 22:06:36 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS6y.DLL
[2005/09/01 21:57:37 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\IPPCPUID.DLL
[2005/09/01 21:57:37 | 000,000,105 | ---- | C] () -- C:\WINDOWS\UMXADDIN.INI
[2005/09/01 21:57:31 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll
[2005/09/01 21:56:29 | 000,000,074 | ---- | C] () -- C:\WINDOWS\PMINI.ini
[2005/09/01 21:55:08 | 000,000,866 | ---- | C] () -- C:\WINDOWS\System32\xscan32.dat
[2005/09/01 21:52:51 | 000,000,398 | ---- | C] () -- C:\WINDOWS\System32\CNCMP60.INI
[2005/09/01 21:52:46 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\CNCFMS60.EXE
[2005/08/23 19:27:01 | 000,000,019 | ---- | C] () -- C:\WINDOWS\SoundConverter.INI
[2005/08/05 12:14:37 | 000,049,637 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2005/08/05 12:14:37 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2005/08/05 12:14:37 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2005/08/05 12:14:37 | 000,015,652 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2005/08/05 12:14:37 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2005/08/05 12:14:37 | 000,011,413 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2005/08/05 12:14:37 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2005/08/05 12:14:37 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2005/08/05 12:14:37 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2005/08/05 12:14:37 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2005/08/05 12:14:37 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2005/08/05 12:14:37 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2005/08/05 12:14:37 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2005/08/05 12:14:37 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2005/08/04 21:17:57 | 000,000,021 | ---- | C] () -- C:\WINDOWS\PI_setup.ini
[2005/08/04 21:11:15 | 000,000,204 | ---- | C] () -- C:\WINDOWS\EPSONCX6400.ini
[2005/07/02 22:15:40 | 000,053,248 | R--- | C] () -- C:\WINDOWS\UpdtNv28.exe
[2005/01/13 19:06:20 | 000,002,662 | ---- | C] () -- C:\WINDOWS\TVC8XDrv.ini
[2004/12/01 20:29:27 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/11/30 04:10:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\besch.exe
[2004/11/30 04:10:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\besched.dll
[2004/09/16 22:00:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\TEXTART.INI
[2004/09/03 11:17:45 | 000,000,057 | ---- | C] () -- C:\WINDOWS\PestPatrol.ini
[2004/06/29 21:24:06 | 000,000,036 | ---- | C] () -- C:\WINDOWS\NpIpx32.ini
[2004/05/29 14:18:15 | 000,000,214 | ---- | C] () -- C:\WINDOWS\pdf2rtf.INI
[2004/05/29 14:17:42 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\pdf2word.DAT
[2004/05/18 21:06:29 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\cdTextCtl.dll
[2004/05/14 21:15:03 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2004/05/14 21:00:36 | 000,000,182 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT4.DAT
[2004/05/14 20:59:41 | 000,000,111 | ---- | C] () -- C:\WINDOWS\EPSON Stylus CX5400.ini
[2004/05/01 20:06:59 | 000,000,174 | ---- | C] () -- C:\WINDOWS\Hpp.INI
[2004/05/01 20:01:57 | 000,000,058 | ---- | C] () -- C:\WINDOWS\ph401.dll
[2004/04/17 21:12:01 | 000,038,912 | ---- | C] () -- C:\WINDOWS\System32\smrgdf.exe
[2004/01/31 12:06:14 | 000,000,031 | ---- | C] () -- C:\WINDOWS\bewin32.INI
[2004/01/23 18:40:36 | 000,000,048 | ---- | C] () -- C:\WINDOWS\PerWin.ini
[2004/01/07 19:25:34 | 000,000,030 | ---- | C] () -- C:\WINDOWS\INTURS.DAT
[2004/01/07 19:17:53 | 000,000,064 | ---- | C] () -- C:\WINDOWS\qwimp.ini
[2004/01/02 09:52:26 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2003/12/29 08:41:24 | 000,001,354 | ---- | C] () -- C:\WINDOWS\Klslnk4.ini
[2003/12/28 18:09:17 | 000,000,471 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2003/12/27 16:35:12 | 000,000,020 | ---- | C] () -- C:\WINDOWS\calera.ini
[2003/12/24 17:47:54 | 000,016,649 | ---- | C] () -- C:\WINDOWS\ePrompter.ini
[2003/12/20 21:05:43 | 000,008,773 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2003/12/14 19:48:45 | 000,061,440 | ---- | C] () -- C:\WINDOWS\wnUninstall.exe
[2003/11/28 15:44:42 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\Steve\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2003/11/15 21:48:55 | 000,000,074 | ---- | C] () -- C:\WINDOWS\MPLAYER.INI
[2003/11/15 21:48:06 | 001,680,896 | ---- | C] () -- C:\WINDOWS\System32\LTCLR13n.dll
[2003/11/15 21:48:06 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[2003/11/15 21:48:06 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2003/10/13 17:52:45 | 000,045,749 | ---- | C] () -- C:\WINDOWS\System32\Common.dll
[2003/10/11 13:09:42 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2003/10/11 10:40:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QFN.ini
[2003/10/11 10:40:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QDQICK.ini
[2003/10/11 10:27:35 | 000,007,406 | ---- | C] () -- C:\WINDOWS\ICOADB32.DAT
[2003/10/10 19:47:01 | 000,335,872 | ---- | C] () -- C:\WINDOWS\System32\ldf252.dll
[2003/10/05 21:17:16 | 000,000,040 | ---- | C] () -- C:\WINDOWS\nero.INI
[2003/10/02 01:00:00 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lockout.dll
[2003/10/02 01:00:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\lockres.dll
[2003/09/29 20:53:19 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\WnASPI32.dll
[2003/09/27 11:50:33 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2003/09/27 11:50:33 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2003/09/27 11:50:33 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2003/09/27 11:50:33 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2003/09/27 11:50:33 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2003/09/27 11:50:33 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2003/09/25 19:38:57 | 000,062,080 | ---- | C] () -- C:\WINDOWS\iun1400.exe
[2003/09/25 19:38:57 | 000,038,366 | ---- | C] () -- C:\WINDOWS\vbodbca.dll
[2003/09/25 19:38:57 | 000,020,880 | ---- | C] () -- C:\WINDOWS\vbprint.dll
[2003/09/24 21:57:31 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2003/09/23 17:28:56 | 000,002,496 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2003/09/20 10:09:31 | 000,034,816 | ---- | C] () -- C:\WINDOWS\System32\BGData.bin
[2003/09/17 20:56:17 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Steve\Application Data\PFP100JPR.{PB
[2003/09/17 20:56:17 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Steve\Application Data\PFP100JCM.{PB
[2003/09/17 20:25:04 | 000,000,850 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/09/17 19:54:52 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
[2003/09/16 21:24:08 | 000,000,121 | ---- | C] () -- C:\WINDOWS\Winamp.ini
[2003/09/16 21:18:44 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2003/09/16 21:17:20 | 000,018,824 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2003/09/14 18:03:09 | 000,001,536 | ---- | C] () -- C:\WINDOWS\System32\TrueSoft.dat
[2003/09/14 18:03:07 | 000,000,456 | ---- | C] () -- C:\WINDOWS\System32\pthsp.dat
[2003/09/13 20:17:17 | 000,006,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASLM75.SYS
[2003/09/13 15:47:32 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2003/09/13 14:30:34 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2003/09/13 14:26:25 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2003/09/13 09:14:03 | 000,004,324 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/09/13 09:13:15 | 000,340,240 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/03/31 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/03/31 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/03/31 07:00:00 | 000,444,612 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/03/31 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/03/31 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/03/31 07:00:00 | 000,072,508 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/03/31 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/03/31 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/03/31 07:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/03/31 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/03/31 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/04/11 11:47:52 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\msmscoin.dll
[2002/03/21 16:39:02 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL
[1999/07/05 05:00:00 | 000,074,261 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[1999/03/09 19:23:00 | 000,222,928 | ---- | C] () -- C:\WINDOWS\System32\lobas09.dll
[1999/02/24 13:52:48 | 000,042,496 | ---- | C] () -- C:\WINDOWS\SVUNINST.EXE
[1998/04/26 19:23:00 | 006,150,961 | ---- | C] () -- C:\WINDOWS\System32\jre116.exe
[1998/04/16 12:31:14 | 000,020,992 | ---- | C] () -- C:\WINDOWS\PICUNINS.DLL
[1998/01/13 07:52:30 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\lotrn13.dll
[1997/11/13 19:23:00 | 000,031,008 | ---- | C] () -- C:\WINDOWS\System32\ivtrn09.dll
[1997/02/01 19:23:00 | 000,000,058 | ---- | C] () -- C:\WINDOWS\loss613.ini
[1997/02/01 19:23:00 | 000,000,058 | ---- | C] () -- C:\WINDOWS\loss09.ini
[1996/07/08 19:23:00 | 000,000,038 | ---- | C] () -- C:\WINDOWS\loidp13.ini
[1995/07/31 21:15:18 | 000,000,057 | ---- | C] () -- C:\WINDOWS\FAX.INI
[1994/07/24 20:23:00 | 000,014,928 | ---- | C] () -- C:\WINDOWS\System32\wingen.drv
[1994/04/06 19:23:00 | 000,000,462 | ---- | C] () -- C:\WINDOWS\lodbf13.ini

========== Custom Scans ==========


< %APPDATA%\Microsoft\*.* >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %USERPROFILE%\Desktop\*.exe >

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\winn32\*.* >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >
[2011/07/23 11:31:13 | 000,125,912 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\crashreporter.exe
[2011/07/23 11:31:13 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2011/07/23 11:31:09 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
[2011/07/23 11:31:08 | 000,265,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\updater.exe

< %ProgramFiles%\TinyProxy. >

< %systemroot%\system32\*.* /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.* /lockedfiles >
[1 C:\WINDOWS\system32\drivers\*.tmp files -> C:\WINDOWS\system32\drivers\*.tmp -> ]

< %PROGRAMFILES%\*. >
[2005/11/21 18:39:43 | 000,000,000 | ---D | M] -- C:\Program Files\321Studios
[2010/04/03 14:44:13 | 000,000,000 | ---D | M] -- C:\Program Files\5DFly
[2006/11/02 21:22:49 | 000,000,000 | ---D | M] -- C:\Program Files\ACD Systems
[2007/09/16 18:13:00 | 000,000,000 | ---D | M] -- C:\Program Files\Acronis
[2010/12/05 18:18:18 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2004/12/26 17:14:05 | 000,000,000 | ---D | M] -- C:\Program Files\Aiada32
[2003/09/13 20:29:29 | 000,000,000 | ---D | M] -- C:\Program Files\Analog Devices
[2007/04/10 18:02:21 | 000,000,000 | ---D | M] -- C:\Program Files\AnyReader
[2007/01/01 12:45:33 | 000,000,000 | ---D | M] -- C:\Program Files\AOD
[2009/01/27 15:16:29 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2007/12/01 11:58:26 | 000,000,000 | ---D | M] -- C:\Program Files\ArcSoft
[2004/03/22 20:54:14 | 000,000,000 | ---D | M] -- C:\Program Files\ARen
[2009/03/01 22:25:49 | 000,000,000 | ---D | M] -- C:\Program Files\Audacity
[2007/08/15 20:25:57 | 000,000,000 | ---D | M] -- C:\Program Files\Avanquest update
[2011/03/18 12:16:59 | 000,000,000 | ---D | M] -- C:\Program Files\AVG
[2004/12/15 13:27:06 | 000,000,000 | ---D | M] -- C:\Program Files\BookType
[2004/02/16 09:15:40 | 000,000,000 | ---D | M] -- C:\Program Files\Broadband Wizard
[2011/08/12 20:32:47 | 000,000,000 | ---D | M] -- C:\Program Files\Buyertools Reminder
[2003/09/25 20:36:21 | 000,000,000 | ---D | M] -- C:\Program Files\Calendar
[2005/11/17 21:20:44 | 000,000,000 | ---D | M] -- C:\Program Files\Canon
[2004/05/18 17:33:38 | 000,000,000 | ---D | M] -- C:\Program Files\Card 2000
[2003/12/29 08:41:28 | 000,000,000 | ---D | M] -- C:\Program Files\CasioFA-B30
[2011/05/01 17:58:03 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner
[2003/10/06 20:26:32 | 000,000,000 | ---D | M] -- C:\Program Files\CD Doctor
[2009/03/10 17:23:07 | 000,000,000 | ---D | M] -- C:\Program Files\CDEdit 1.14
[2006/05/06 10:51:56 | 000,000,000 | ---D | M] -- C:\Program Files\CheckIt
[2005/07/18 19:10:38 | 000,000,000 | ---D | M] -- C:\Program Files\Click'N Design 3D (V5)
[2005/08/12 22:04:41 | 000,000,000 | ---D | M] -- C:\Program Files\Click'N Design 3D AfterBurner
[2011/08/16 17:27:59 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2003/09/13 14:26:24 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2003/09/17 20:49:35 | 000,000,000 | ---D | M] -- C:\Program Files\Corel
[2008/01/07 19:04:20 | 000,000,000 | ---D | M] -- C:\Program Files\CPUZ
[2005/01/13 19:14:19 | 000,000,000 | ---D | M] -- C:\Program Files\CyberLink
[2003/09/25 19:21:19 | 000,000,000 | ---D | M] -- C:\Program Files\DAMN NFO Viewer
[2008/05/08 19:12:55 | 000,000,000 | ---D | M] -- C:\Program Files\Day2
[2009/11/16 22:50:18 | 000,000,000 | ---D | M] -- C:\Program Files\DIFX
[2004/12/01 23:03:56 | 000,000,000 | ---D | M] -- C:\Program Files\DirPrn
[2006/11/08 23:11:21 | 000,000,000 | ---D | M] -- C:\Program Files\Diskeeper Corporation
[2005/11/17 21:03:52 | 000,000,000 | ---D | M] -- C:\Program Files\DVD Decrypter
[2006/02/13 21:07:12 | 000,000,000 | ---D | M] -- C:\Program Files\DVD Identifier
[2004/12/29 08:34:22 | 000,000,000 | ---D | M] -- C:\Program Files\DVD Shrink
[2004/12/01 20:22:12 | 000,000,000 | ---D | M] -- C:\Program Files\Easy Financial Calculator
[2011/08/17 08:52:11 | 000,000,000 | ---D | M] -- C:\Program Files\ePrompter
[2007/11/23 19:57:17 | 000,000,000 | ---D | M] -- C:\Program Files\EVEREST Ultimate Edition
[2011/08/16 20:02:41 | 000,000,000 | ---D | M] -- C:\Program Files\Everything
[2005/05/21 08:30:14 | 000,000,000 | ---D | M] -- C:\Program Files\febooti fileTweak
[2003/09/25 19:08:01 | 000,000,000 | ---D | M] -- C:\Program Files\Financial Calculator
[2004/06/17 21:06:54 | 000,000,000 | ---D | M] -- C:\Program Files\FireTrust
[2011/08/12 20:32:47 | 000,000,000 | ---D | M] -- C:\Program Files\FolderMatch
[2005/05/29 15:23:42 | 000,000,000 | ---D | M] -- C:\Program Files\Fujifilm e-Systems
[2003/10/12 21:23:36 | 000,000,000 | ---D | M] -- C:\Program Files\Get IP
[2011/08/12 19:31:41 | 000,000,000 | ---D | M] -- C:\Program Files\Glary Utilities
[2003/09/21 16:53:30 | 000,000,000 | ---D | M] -- C:\Program Files\GlobalSCAPE
[2010/04/04 15:54:10 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2004/05/02 20:52:32 | 000,000,000 | ---D | M] -- C:\Program Files\GraphPaper
[2011/04/25 17:45:16 | 000,000,000 | ---D | M] -- C:\Program Files\HDD Regenerator
[2004/05/01 20:01:31 | 000,000,000 | ---D | M] -- C:\Program Files\Home Plan Software
[2006/12/06 18:39:45 | 000,000,000 | ---D | M] -- C:\Program Files\IndigoWind
[2011/01/27 21:01:26 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2003/09/13 14:54:28 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2011/07/23 15:21:33 | 000,000,000 | ---D | M] -- C:\Program Files\Interest Calculator
[2009/01/28 07:57:39 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2005/01/15 00:21:34 | 000,000,000 | ---D | M] -- C:\Program Files\InterVideo
[2003/12/22 18:43:21 | 000,000,000 | ---D | M] -- C:\Program Files\Intuit
[2003/09/21 20:26:15 | 000,000,000 | ---D | M] -- C:\Program Files\Investors Toolbox v3.5
[2010/11/22 18:38:49 | 000,000,000 | ---D | M] -- C:\Program Files\iolo
[2010/12/07 18:47:00 | 000,000,000 | ---D | M] -- C:\Program Files\IsoBuster
[2009/04/14 11:45:38 | 000,000,000 | ---D | M] -- C:\Program Files\ItsDeductible2005
[2006/12/24 14:41:24 | 000,000,000 | ---D | M] -- C:\Program Files\ItsDeductible2006
[2006/10/05 20:19:18 | 000,000,000 | ---D | M] -- C:\Program Files\ItsDeductibleEX
[2007/05/13 16:56:22 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2004/05/18 17:33:40 | 000,000,000 | ---D | M] -- C:\Program Files\Java Web Start
[2004/03/28 22:48:30 | 000,000,000 | ---D | M] -- C:\Program Files\Karen's Replicator
[2011/07/24 14:35:46 | 000,000,000 | ---D | M] -- C:\Program Files\Kaspersky Lab
[2011/05/14 10:01:10 | 000,000,000 | ---D | M] -- C:\Program Files\Keep Me Posted
[2004/09/22 17:16:31 | 000,000,000 | ---D | M] -- C:\Program Files\KeyWallet
[2006/02/15 18:40:51 | 000,000,000 | ---D | M] -- C:\Program Files\KProbe
[2009/07/03 21:46:54 | 000,000,000 | ---D | M] -- C:\Program Files\Lame for Audacity
[2005/06/09 21:31:59 | 000,000,000 | ---D | M] -- C:\Program Files\Lavasoft
[2011/08/12 20:32:47 | 000,000,000 | ---D | M] -- C:\Program Files\LogMeIn
[2004/03/13 08:26:52 | 000,000,000 | ---D | M] -- C:\Program Files\Magnus Brading
[2009/11/16 22:49:28 | 000,000,000 | ---D | M] -- C:\Program Files\MarkAny
[2009/03/21 06:38:57 | 000,000,000 | ---D | M] -- C:\Program Files\Matrox Graphics Inc
[2004/06/05 19:35:06 | 000,000,000 | ---D | M] -- C:\Program Files\Merriam-Webster
[2008/05/14 18:01:32 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2003/09/17 20:24:37 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
[2005/07/02 13:28:28 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2004/01/17 12:19:29 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Hardware
[2004/01/17 12:18:47 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft IntelliPoint 4.12
[2004/01/15 19:15:02 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft IntelliPoint 5.0
[2006/10/26 17:45:24 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Location Finder
[2011/01/29 12:54:58 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2006/10/26 17:47:37 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Streets & Trips
[2003/09/14 21:55:14 | 000,000,000 | ---D | M] -- C:\Program Files\Motherboard Monitor 5
[2007/08/22 18:12:13 | 000,000,000 | ---D | M] -- C:\Program Files\Motorola Phone Tools
[2010/08/14 09:39:47 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2011/08/17 08:15:40 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2011/08/17 07:13:10 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Thunderbird
[2009/01/28 08:01:09 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2003/09/13 14:26:20 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2003/09/13 14:26:14 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2006/11/18 12:24:05 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2004/05/18 17:33:41 | 000,000,000 | ---D | M] -- C:\Program Files\MyWANiP
[2005/12/22 19:45:56 | 000,000,000 | ---D | M] -- C:\Program Files\Nero
[2008/05/14 17:58:25 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2005/09/01 21:57:07 | 000,000,000 | ---D | M] -- C:\Program Files\NewSoft
[2008/05/02 14:51:28 | 000,000,000 | ---D | M] -- C:\Program Files\Norton SystemWorks
[2009/02/14 09:57:28 | 000,000,000 | ---D | M] -- C:\Program Files\NovaStor
[2010/12/13 20:32:18 | 000,000,000 | ---D | M] -- C:\Program Files\Nuance
[2003/09/13 14:27:41 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2011/01/27 18:28:17 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2004/09/22 22:00:09 | 000,000,000 | ---D | M] -- C:\Program Files\Password Tracker Deluxe
[2009/11/16 22:50:49 | 000,000,000 | ---D | M] -- C:\Program Files\PC Connectivity Solution
[2004/12/01 20:22:12 | 000,000,000 | ---D | M] -- C:\Program Files\PDF2Word v1.3
[2007/02/08 18:18:11 | 000,000,000 | ---D | M] -- C:\Program Files\Pegasys Inc
[2004/12/01 20:22:13 | 000,000,000 | ---D | M] -- C:\Program Files\PerformanceTest
[2010/12/13 20:20:45 | 000,000,000 | ---D | M] -- C:\Program Files\PestPatrol
[2010/01/03 20:28:10 | 000,000,000 | ---D | M] -- C:\Program Files\PFConfig
[2003/10/13 21:21:23 | 000,000,000 | ---D | M] -- C:\Program Files\Pinnacle
[2011/08/12 18:32:18 | 000,000,000 | ---D | M] -- C:\Program Files\Pointstone
[2010/01/02 10:23:51 | 000,000,000 | ---D | M] -- C:\Program Files\Port Forwarding Wizard
[2003/12/29 12:03:08 | 000,000,000 | ---D | M] -- C:\Program Files\Prime95
[2003/12/23 21:19:31 | 000,000,000 | ---D | M] -- C:\Program Files\PrintKey2000
[2007/02/05 20:02:02 | 000,000,000 | ---D | M] -- C:\Program Files\Quick View Plus
[2006/01/21 11:46:18 | 000,000,000 | ---D | M] -- C:\Program Files\Quicken Legal Products
[2009/01/23 20:21:51 | 000,000,000 | ---D | M] -- C:\Program Files\Quicken WillMaker Plus 2009
[2010/12/08 07:33:45 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2011/08/12 20:32:46 | 000,000,000 | ---D | M] -- C:\Program Files\QuoteTracker
[2011/08/12 20:32:48 | 000,000,000 | ---D | M] -- C:\Program Files\Readiris Pro 11 Corporate Edition
[2009/01/28 08:01:03 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2010/11/04 17:36:48 | 000,000,000 | ---D | M] -- C:\Program Files\RegClean
[2006/10/22 08:58:24 | 000,000,000 | ---D | M] -- C:\Program Files\Registry Mechanic
[2011/07/25 06:21:38 | 000,000,000 | ---D | M] -- C:\Program Files\Reminder
[2008/06/05 19:38:49 | 000,000,000 | ---D | M] -- C:\Program Files\River Past
[2009/11/16 22:51:13 | 000,000,000 | ---D | M] -- C:\Program Files\Samsung
[2011/05/10 17:37:38 | 000,000,000 | ---D | M] -- C:\Program Files\Savings Bond Wizard
[2009/05/31 15:24:47 | 000,000,000 | ---D | M] -- C:\Program Files\ScanSoft
[2011/08/12 18:32:47 | 000,000,000 | ---D | M] -- C:\Program Files\SecurityXploded
[2005/06/29 17:29:12 | 000,000,000 | ---D | M] -- C:\Program Files\Serials 2000 7.1 Plus
[2006/11/30 10:55:40 | 000,000,000 | ---D | M] -- C:\Program Files\Serials 2005
[2007/08/03 16:40:14 | 000,000,000 | ---D | M] -- C:\Program Files\Serv-U
[2010/11/05 21:15:48 | 000,000,000 | ---D | M] -- C:\Program Files\ShrewSoft
[2006/01/04 22:17:20 | 000,000,000 | ---D | M] -- C:\Program Files\SiSoftware
[2004/04/23 13:47:53 | 000,000,000 | ---D | M] -- C:\Program Files\Smart Burn
[2005/09/01 21:06:46 | 000,000,000 | ---D | M] -- C:\Program Files\Smart Panel
[2009/03/12 20:34:43 | 000,000,000 | ---D | M] -- C:\Program Files\Spybot - Search & Destroy
[2004/11/29 22:18:42 | 000,000,000 | ---D | M] -- C:\Program Files\Startup Inspector for Windows
[2007/07/31 21:54:46 | 000,000,000 | ---D | M] -- C:\Program Files\StompSoft
[2011/08/16 17:27:59 | 000,000,000 | ---D | M] -- C:\Program Files\StreamsViewer
[2007/02/24 15:20:17 | 000,000,000 | ---D | M] -- C:\Program Files\Symantec
[2003/12/27 17:53:09 | 000,000,000 | ---D | M] -- C:\Program Files\TextBridge Pro Millennium
[2011/08/11 17:21:54 | 000,000,000 | ---D | M] -- C:\Program Files\Tizerô Rootkit Razor
[2008/06/27 07:48:21 | 000,000,000 | ---D | M] -- C:\Program Files\Torrent Harvester
[2010/01/04 22:23:42 | 000,000,000 | ---D | M] -- C:\Program Files\TouchStoneSoftware
[2011/08/16 17:32:23 | 000,000,000 | ---D | M] -- C:\Program Files\Trend Micro
[2003/10/13 17:52:45 | 000,000,000 | ---D | M] -- C:\Program Files\Tsarfin Computing
[2005/12/04 19:58:54 | 000,000,000 | ---D | M] -- C:\Program Files\TurboTax
[2003/12/06 14:20:22 | 000,000,000 | ---D | M] -- C:\Program Files\Ulead Systems
[2004/07/03 16:57:03 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2011/08/12 17:42:04 | 000,000,000 | ---D | M] -- C:\Program Files\Unlocker
[2005/11/28 20:28:40 | 000,000,000 | ---D | M] -- C:\Program Files\USBInfo
[2007/08/04 19:51:41 | 000,000,000 | ---D | M] -- C:\Program Files\VCOM
[2006/03/19 09:46:19 | 000,000,000 | ---D | M] -- C:\Program Files\VIA
[2003/09/16 21:17:59 | 000,000,000 | ---D | M] -- C:\Program Files\Viewpoint
[2011/01/27 18:54:22 | 000,000,000 | ---D | M] -- C:\Program Files\ViewSonic
[2005/01/09 15:34:43 | 000,000,000 | ---D | M] -- C:\Program Files\VirtualDub
[2003/09/13 16:21:37 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Journal Viewer
[2006/12/10 20:16:01 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2008/05/14 17:58:22 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2008/05/14 17:58:21 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2007/06/30 12:59:03 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2003/09/25 19:28:19 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2006/04/25 17:49:26 | 000,000,000 | ---D | M] -- C:\Program Files\WinZip
[2003/09/13 14:28:52 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
[2011/05/14 10:03:11 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!


< MD5 for: AGP440.SYS >
[2006/06/16 19:59:05 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/05/14 17:49:23 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2006/06/16 19:59:05 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008/05/14 17:49:23 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 01:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
[2001/08/17 13:58:00 | 000,025,472 | ---- | M] (Microsoft Corporation) MD5=65880045C51AA36184841CEE915A61DF -- C:\WINDOWS\system32\ReinstallBackups\0008\DriverFiles\i386\AGP440.SYS

< MD5 for: ATAPI.SYS >
[2003/03/31 07:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2006/06/16 19:59:05 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/05/14 17:49:23 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2006/06/16 19:59:05 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008/05/14 17:49:23 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2002/08/29 01:27:50 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 00:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: DISK.SYS >
[2003/03/31 07:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:disk.sys
[2006/06/16 19:59:05 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2008/05/14 17:49:23 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2006/06/16 19:59:05 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:disk.sys
[2008/05/14 17:49:23 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2004/08/04 00:59:54 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/13 13:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/13 13:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 02:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/07/23 11:31:08 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/07/23 11:31:08 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/07/23 11:31:08 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/07/23 11:31:13 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/07/23 11:31:13 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/07/23 11:31:13 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: %systemroot%\system32\shmgrate.exe OCInstallReinstallIE [2008/04/13 19:12:35 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallHideIE [2008/04/13 19:12:35 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallShowIE [2008/04/13 19:12:35 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "%programfiles%\Internet Explorer\iexplore.exe" [2008/04/13 19:12:22 | 000,093,184 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\MSN Explorer\shell\open\command\\: "C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE" [2003/03/31 07:00:00 | 000,094,208 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/07/23 11:31:08 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/07/23 11:31:08 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/07/23 11:31:08 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/07/23 11:31:13 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/07/23 11:31:13 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/07/23 11:31:13 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: %systemroot%\system32\shmgrate.exe OCInstallReinstallIE [2008/04/13 19:12:35 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallHideIE [2008/04/13 19:12:35 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallShowIE [2008/04/13 19:12:35 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "%programfiles%\Internet Explorer\iexplore.exe" [2008/04/13 19:12:22 | 000,093,184 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\MSN Explorer\shell\open\command\\: "C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE" [2003/03/31 07:00:00 | 000,094,208 | ---- | M] (Microsoft Corporation)

========== Alternate Data Streams ==========

@Alternate Data Stream - 241 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0574215C
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
@Alternate Data Stream - 1153 bytes -> C:\Documents and Settings\Steve\My Documents\Philadelphia Marriott Downtown Reservation Confirmation #85564409.eml:OECustomProperty

< End of report >

sblake

Newbie Surfer
Newbie Surfer

Posts : 7
Joined : 2011-08-17
Operating System : XP

View user profile

Back to top Go down

Re: ADS (Alternate Data Streams) Removal

Post by Sneakyone on Thu 18 Aug 2011, 9:10 am

Hi,

Please download ComboFix from BleepingComputer.com

Alternate link: GeeksToGo.com

Alternate link: Forospyware.com

Rename ComboFix.exe to commy.exe before you save it to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
  • Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console


Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.


I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: ADS (Alternate Data Streams) Removal

Post by sblake on Thu 18 Aug 2011, 10:26 am

Contents of ComboFix.txt:

ComboFix 11-08-17.03 - Steve 08/17/2011 17:48:03.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.468 [GMT -5:00]
Running from: C:\Documents and Settings\Steve\desktop\commy.exe
Command switches used :: /stepdel
AV: Kaspersky Internet Security *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

sblake

Newbie Surfer
Newbie Surfer

Posts : 7
Joined : 2011-08-17
Operating System : XP

View user profile

Back to top Go down

Re: ADS (Alternate Data Streams) Removal

Post by Sneakyone on Fri 19 Aug 2011, 2:46 pm

Hi,

Your log is cut off. Please re-run ComboFix or post the entire ComboFix.txt.


I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: ADS (Alternate Data Streams) Removal

Post by sblake on Sun 21 Aug 2011, 1:32 am

I am unable to get the ComboFix to make a complete log. After it finishes and it says it is going to reboot, I get a BSOD. The error says "BAD_POOL_HEADER". I have tried this several times and the result is the same. I have this same problem when I run the program GMER in an attempt to remove the ADS.

sblake

Newbie Surfer
Newbie Surfer

Posts : 7
Joined : 2011-08-17
Operating System : XP

View user profile

Back to top Go down

Re: ADS (Alternate Data Streams) Removal

Post by DragonMaster Jay on Sun 21 Aug 2011, 4:32 am

Scan for malware

Please download Malwarebytes Anti-Malware from Download.CNET.com.
Alternate link: BleepingComputer.com.
(Note: if you already have the program installed, just follow the directions. No need to re-download or re-install!)

Double Click mbam-setup.exe to install the application.

(Note: if you already have the program installed, open Malwarebytes from the Start Menu or Desktop shortcut, click the Update tab, and click Check for Updates, before doing the scan as instructed below!)

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If you are prompted to restart, please allow it to restart your computer. Failure to do this, will cause the infection to still be active on the computer.
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • The log can also be found at C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Copy and paste the entire report in your next reply.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: ADS (Alternate Data Streams) Removal

Post by sblake on Sun 21 Aug 2011, 5:37 am

Malwarebytes' Anti-Malware 1.51.1.1800
[You must be registered and logged in to see this link.]

Database version: 7507

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

8/20/2011 1:30:09 PM
mbam-log-2011-08-20 (13-30-09).txt

Scan type: Quick scan
Objects scanned: 187966
Time elapsed: 7 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

sblake

Newbie Surfer
Newbie Surfer

Posts : 7
Joined : 2011-08-17
Operating System : XP

View user profile

Back to top Go down

Re: ADS (Alternate Data Streams) Removal

Post by DragonMaster Jay on Mon 22 Aug 2011, 4:54 am

ESET Online Scan

Please run a free online scan with the ESET Online Scanner
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: ADS (Alternate Data Streams) Removal

Post by sblake on Mon 22 Aug 2011, 7:16 am

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=999f8b8d43becc48ad97ef8b5b390b49
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-08-21 08:10:07
# local_time=2011-08-21 03:10:07 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 329950 329950 0 0
# compatibility_mode=1280 16777191 100 0 2327747 2327747 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=122591
# found=19
# cleaned=19
# scan_time=7117
C:\Downloads\ACDSee 6.0 PowerPack KeyGen.exe probably a variant of Win32/Agent.FQGCNIN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Downloads\Unlocker1.9.1.exe Win32/Adware.ADON application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Downloads\WinRAR 4.01 Final\Unrarred\FFF\Keygen.exe a variant of Win32/Keygen.AI application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{F6A9C1A6-FE1A-459E-842A-5A2307AD0EE8}\RP16\A0009127.rbf probably a variant of Win32/Agent.LVFALAZ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{F6A9C1A6-FE1A-459E-842A-5A2307AD0EE8}\RP17\A0009366.rbf a variant of Win32/Kryptik.FNT trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{F6A9C1A6-FE1A-459E-842A-5A2307AD0EE8}\RP18\A0014861.exe probably a variant of Win32/Agent.FQGCNIN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{F6A9C1A6-FE1A-459E-842A-5A2307AD0EE8}\RP18\A0014862.exe Win32/Adware.ADON application (deleted - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{F6A9C1A6-FE1A-459E-842A-5A2307AD0EE8}\RP18\A0014863.exe a variant of Win32/Keygen.AI application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
D:\Downloads\ACDSee Photo Manager v10.0.219\ACDSee10_Keygen.exe a variant of Win32/Keygen.AG application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
D:\Downloads\Adobe.CS3.Web.Premium.Keymaker.Only-ZWT\Keygen.exe a variant of Win32/Keygen.AH application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
D:\Downloads\Corel Draw X5 with Keygen\Keygen.exe a variant of Win32/Keygen.AF application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
D:\Downloads\Office 2010 Activation and Conversion Kit 1.3\O2ACK1.3.exe probably a variant of Win32/Agent.DMNPCPA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
D:\Downloads\Office 2010 Activation and Conversion Kit 1.3\Resources\KMSAct\KMSAct.exe Win32/HackKMS.A application (deleted - quarantined) 00000000000000000000000000000000 C
D:\Downloads\Office 2010 Activation and Conversion Kit 1.3\Resources\KMSKG\Keygen.exe Win32/HackKMS.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
D:\Downloads\Webroot.Spy.Sweeper.v5.3.1.2344.Plus.Keygen-BLiZZARD\keygen.exe a variant of Win32/Keygen.AD application (deleted - quarantined) 00000000000000000000000000000000 C
D:\Downloads\WinRAR 4.00 Final\Unrarred\FFF\Keygen.exe a variant of Win32/Keygen.AI application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
D:\Downloads\WinRAR 4.01 Final\Unrarred\FFF\Keygen.exe a variant of Win32/Keygen.AI application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
D:\OldDownloads\ACDSee 6.0 PowerPack KeyGen.exe probably a variant of Win32/Agent.FQGCNIN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
D:\OldDownloads\FlashDrive\EVEREST Ultimate Edition 4.00.976\Keygen\Everest [Keyegn].exe probably a variant of Win32/Agent.HLKGIJY trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

sblake

Newbie Surfer
Newbie Surfer

Posts : 7
Joined : 2011-08-17
Operating System : XP

View user profile

Back to top Go down

Re: ADS (Alternate Data Streams) Removal

Post by DragonMaster Jay on Tue 23 Aug 2011, 7:37 am

Please download CKScanner by askey127 from here

Save it to your desktop.

  • Doubleclick CKScanner.exe and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify that the file is saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: ADS (Alternate Data Streams) Removal

Post by sblake on Tue 30 Aug 2011, 6:02 am

I kept getting blue screens and then it finally crashed. I had to put in a new hard drive and restore from an old image. Thanks for everyone's help.

sblake

Newbie Surfer
Newbie Surfer

Posts : 7
Joined : 2011-08-17
Operating System : XP

View user profile

Back to top Go down

Re: ADS (Alternate Data Streams) Removal

Post by Sponsored content Today at 7:40 am


Sponsored content


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum