Author Topic: Please help, being hijacked while web surfing... (Read 31462 times)

jwfilion · « **on:** October 01, 2010, 04:51:14 PM »

Could someone please help me with this irritating problem. I believed it was the Google search redirect virus. I did a search on it, but It does not seem to be the exact same thing. Every fourth or fifth web page I go to, gets redirected to a different page, but there are no porn or ad sites, just the following custom search engine:

http://img.villagephotos.com/p/2006-8/1209601/Googled.jpg

It started a few weeks ago and I have tried every conceivable thing I could think of to get rid of it, even the self help section, but to no avail. The address is always the following www.landing.savetubevideo.com and is interesting in that a few weeks before, I downloaded the program "SaveTubeVideo" to save YouTube videos to my desktop. No sooner had I done so, a good friend suggested another called "KeepVid". I tried it, liked it and erased the first from my computer or so it seemed.

I have done all the steps your site has suggested and have the logs available, should anyone ask for them. Any response will be greatly appreciated.

Mind Computer Products
Intel Celeron 1.80GHz
2 GB Ram
WinXP Home / SP2
Mainboard ECS P4VMM2
S3 Graphics ProSavageDDR
Vinyl AC'97 Audio
Mozilla Firefox
AVG free,
PC Tools Firewall PlusSpybot,
StopZilla, Ad-aware, SUPERAntiSpyware
CCleaner, HyJackthis, Malwarebytes' Anti-Malware
Hitman Pro, SpyBlaster

harry 48 · « **Reply #1 on:** October 02, 2010, 12:31:25 PM »

you must post all 3 logs to get help from an expert

Azzaboi · « **Reply #2 on:** October 02, 2010, 01:39:49 PM »

I'm not an expert so plese ignore acting on the following (as I'm not allowed to help you in this topic)...

ADVICE DELETED BY ALLAN

Follow the 'experts' advice in order to remove.

Allan · « **Reply #3 on:** October 02, 2010, 01:43:10 PM »

You are not permitted to provide advice in this thread and you know it. Warning sent.

Azzaboi · « **Reply #4 on:** October 02, 2010, 01:49:33 PM »

Whatever - I wasn't providing advice on how to remove it and clearly said wait for an expert to help you remove it, which is not breaking the rules. If I'm not even allow to say what is it, why do you guys even allow access here? Block it... then maybe no one will provide any help.

jwfilion · « **Reply #5 on:** October 02, 2010, 07:23:42 PM »

Sorry, I had assumed that I needed permission to post the logs. I shall do so now...

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/27/2010 at 04:14 AM

Application Version : 4.43.1000

Core Rules Database Version : 5583
Trace Rules Database Version: 3395

Scan type : Complete Scan
Total Scan Time : 02:25:16

Memory items scanned : 501
Memory threats detected : 0
Registry items scanned : 6305
Registry threats detected : 0
File items scanned : 108058
File threats detected : 19

Adware.Tracking Cookie
   .statcounter.com [ C:\Documents and Settings\Wayne\Application Data\Mozilla\Firefox\Profiles\d1lib2qr.default\cookies.txt ]
   sales.liveperson.net [ C:\Documents and Settings\Wayne\Application Data\Mozilla\Firefox\Profiles\d1lib2qr.default\cookies.txt ]
   .liveperson.net [ C:\Documents and Settings\Wayne\Application Data\Mozilla\Firefox\Profiles\d1lib2qr.default\cookies.txt ]
   .liveperson.net [ C:\Documents and Settings\Wayne\Application Data\Mozilla\Firefox\Profiles\d1lib2qr.default\cookies.txt ]
   sales.liveperson.net [ C:\Documents and Settings\Wayne\Application Data\Mozilla\Firefox\Profiles\d1lib2qr.default\cookies.txt ]
   *Blocked Russian URL* [ C:\Documents and Settings\Wayne\Application Data\Mozilla\Firefox\Profiles\d1lib2qr.default\cookies.txt ]
   *Blocked Russian URL* [ C:\Documents and Settings\Wayne\Application Data\Mozilla\Firefox\Profiles\d1lib2qr.default\cookies.txt ]
   .serving-sys.com [ C:\Documents and Settings\Wayne\Application Data\Mozilla\Firefox\Profiles\d1lib2qr.default\cookies.txt ]
   .serving-sys.com [ C:\Documents and Settings\Wayne\Application Data\Mozilla\Firefox\Profiles\d1lib2qr.default\cookies.txt ]
   .serving-sys.com [ C:\Documents and Settings\Wayne\Application Data\Mozilla\Firefox\Profiles\d1lib2qr.default\cookies.txt ]
   .serving-sys.com [ C:\Documents and Settings\Wayne\Application Data\Mozilla\Firefox\Profiles\d1lib2qr.default\cookies.txt ]
   .serving-sys.com [ C:\Documents and Settings\Wayne\Application Data\Mozilla\Firefox\Profiles\d1lib2qr.default\cookies.txt ]
   .serving-sys.com [ C:\Documents and Settings\Wayne\Application Data\Mozilla\Firefox\Profiles\d1lib2qr.default\cookies.txt ]
   .serving-sys.com [ C:\Documents and Settings\Wayne\Application Data\Mozilla\Firefox\Profiles\d1lib2qr.default\cookies.txt ]
   .bs.serving-sys.com [ C:\Documents and Settings\Wayne\Application Data\Mozilla\Firefox\Profiles\d1lib2qr.default\cookies.txt ]
   .stopzilla.com [ C:\Documents and Settings\Wayne\Application Data\Mozilla\Firefox\Profiles\d1lib2qr.default\cookies.txt ]
   .stopzilla.com [ C:\Documents and Settings\Wayne\Application Data\Mozilla\Firefox\Profiles\d1lib2qr.default\cookies.txt ]
   .stopzilla.com [ C:\Documents and Settings\Wayne\Application Data\Mozilla\Firefox\Profiles\d1lib2qr.default\cookies.txt ]
   www.stopzilla.com [ C:\Documents and Settings\Wayne\Application Data\Mozilla\Firefox\Profiles\d1lib2qr.default\cookies.txt ]

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4699

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

9/29/2010 3:23:41 AM
mbam-log-2010-09-29 (03-23-41).txt

Scan type: Quick scan
Objects scanned: 1
Time elapsed: 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:00:05 PM, on 9/30/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17080)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\KMaestro\KMaestro.exe
C:\WINDOWS\essspk.exe
C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Sonic Shared\CineTray.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.canoe.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - Default URLSearchHook is missing
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Accelerator Plugin - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\PROGRA~1\MTSACC~1\PRPL_I~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
O4 - HKLM\..\Run: [BtcMaestro] C:\Program Files\KMaestro\KMaestro.exe
O4 - HKLM\..\Run: [EssSpkPhone] essspk.exe
O4 - HKLM\..\Run: [basicsmssmenu] "C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [OneTouch Monitor] C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Sonic CinePlayer Quick Launch.lnk = C:\Program Files\Common Files\Sonic Shared\CineTray.exe
O8 - Extra context menu item: eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20021205/qtinstall.info.apple.com/borris/us/win/QuickTimeInstaller.exe
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Basics Service - Seagate Technology LLC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe

--
End of file - 7071 bytes

harry 48 · « **Reply #6 on:** October 03, 2010, 08:38:36 AM »

jwfilion , thats fine now a malware expert will help you , do not take advice from any-one else

SuperDave · « **Reply #7 on:** October 03, 2010, 12:13:44 PM »

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer. I am working under the guidance of one of the specialist of this forum so it may take a bit longer to process your logs.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

Download Disable/Remove Windows Messenger to the desktop to remove Windows Messenger.

Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Unzip the file on the desktop. Open the MessengerDisable.exe and choose the bottom box - Uninstall Windows Messenger and click Apply.

Exit out of MessengerDisable then delete the two files that were put on the desktop.

***************************************

Please download ComboFix

from BleepingComputer.com

Alternate link: GeeksToGo.com

Rename ComboFix.exe to commy.exe before you save it to your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console[/list]

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

If you have problems with ComboFix usage, see How to use ComboFix

jwfilion · « **Reply #8 on:** October 03, 2010, 04:58:32 PM »

Mayday! Mayday! SuperDave, I did as required in the preceeding post, but ComboFix does'nt do anything other than tell me I have the wrong OS?! I have XP home SP3. Below is the error message.

http://img.villagephotos.com/p/2006-8/1209601/Error.jpg

It appears that I may have bigger problems than an errant browser.

SuperDave · « **Reply #9 on:** October 03, 2010, 07:35:25 PM »

Ok. It could be the infection blocking ComboFix. Let's try this.

Delete your copy of ComboFix; download a fresh copy, except before you download it, rename it to blackpudding.bat

Navigate to Start --> Run, and enter the following command exactly as shown:

"%userprofile%\desktop\blackpudding.bat" /killall

See if ComboFix will run now

jwfilion · « **Reply #10 on:** October 03, 2010, 11:25:09 PM »

Thanks SuperDave, that got it running. Below is the log.

ComboFix 10-10-02.02 - Wayne 10/03/2010 23:40:56.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2031.1366 [GMT -5:00]
Running from: C:\Documents and Settings\Wayne\desktop\blackpudding.bat
Command switches used :: /killall
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: PC Tools Firewall Plus *disabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\V2T10.tmp
C:\V2TB.tmp
C:\V2TD.tmp
C:\WINDOWS\a3kebook.ini
C:\WINDOWS\akebook.ini
C:\WINDOWS\ANS2000.INI
C:\WINDOWS\system32\_005128_.tmp.dll
C:\WINDOWS\system32\_005129_.tmp.dll
C:\WINDOWS\system32\_005130_.tmp.dll
C:\WINDOWS\system32\_005131_.tmp.dll
C:\WINDOWS\system32\_005136_.tmp.dll
C:\WINDOWS\system32\_005137_.tmp.dll
C:\WINDOWS\system32\_005138_.tmp.dll
C:\WINDOWS\system32\_005139_.tmp.dll
C:\WINDOWS\system32\_005140_.tmp.dll
C:\WINDOWS\system32\_005141_.tmp.dll
C:\WINDOWS\system32\_005142_.tmp.dll
C:\WINDOWS\system32\_005143_.tmp.dll
C:\WINDOWS\system32\_005144_.tmp.dll
C:\WINDOWS\system32\_005146_.tmp.dll
C:\WINDOWS\system32\_005147_.tmp.dll
C:\WINDOWS\system32\_005149_.tmp.dll
C:\WINDOWS\system32\_005150_.tmp.dll
C:\WINDOWS\system32\_005151_.tmp.dll
C:\WINDOWS\system32\_005153_.tmp.dll
C:\WINDOWS\system32\_005156_.tmp.dll
C:\WINDOWS\system32\_005157_.tmp.dll
C:\WINDOWS\system32\_005159_.tmp.dll
C:\WINDOWS\system32\_005160_.tmp.dll
C:\WINDOWS\system32\_005161_.tmp.dll
C:\WINDOWS\system32\_005162_.tmp.dll
C:\WINDOWS\system32\_005163_.tmp.dll
C:\WINDOWS\system32\_005164_.tmp.dll
C:\WINDOWS\system32\_005166_.tmp.dll
C:\WINDOWS\system32\_005167_.tmp.dll
C:\WINDOWS\system32\_005168_.tmp.dll
C:\WINDOWS\system32\_005169_.tmp.dll
C:\WINDOWS\system32\_005170_.tmp.dll
C:\WINDOWS\system32\_005171_.tmp.dll
C:\WINDOWS\system32\_005172_.tmp.dll
C:\WINDOWS\system32\_005173_.tmp.dll
C:\WINDOWS\system32\_005175_.tmp.dll
C:\WINDOWS\system32\_005176_.tmp.dll
C:\WINDOWS\system32\_005177_.tmp.dll
C:\WINDOWS\system32\_005178_.tmp.dll
C:\WINDOWS\system32\_005179_.tmp.dll
C:\WINDOWS\system32\_005181_.tmp.dll
C:\WINDOWS\system32\_005182_.tmp.dll
C:\WINDOWS\system32\_005184_.tmp.dll
C:\WINDOWS\system32\_005185_.tmp.dll
C:\WINDOWS\system32\_005186_.tmp.dll
C:\WINDOWS\system32\_005187_.tmp.dll
C:\WINDOWS\system32\_005188_.tmp.dll
C:\WINDOWS\system32\_005189_.tmp.dll
C:\WINDOWS\system32\_005191_.tmp.dll
C:\WINDOWS\system32\_005194_.tmp.dll
C:\WINDOWS\system32\_005195_.tmp.dll
C:\WINDOWS\system32\_005199_.tmp.dll
C:\WINDOWS\system32\_005200_.tmp.dll
C:\WINDOWS\system32\_005202_.tmp.dll
C:\WINDOWS\system32\_005205_.tmp.dll
C:\WINDOWS\system32\_005206_.tmp.dll
C:\WINDOWS\system32\_005207_.tmp.dll
C:\WINDOWS\system32\_005208_.tmp.dll
C:\WINDOWS\system32\_005209_.tmp.dll
C:\WINDOWS\system32\_005210_.tmp.dll
C:\WINDOWS\system32\_005213_.tmp.dll
C:\WINDOWS\system32\_005214_.tmp.dll
C:\WINDOWS\system32\_005215_.tmp.dll
C:\WINDOWS\system32\_005216_.tmp.dll
C:\WINDOWS\system32\_005217_.tmp.dll
C:\WINDOWS\system32\_005222_.tmp.dll
C:\WINDOWS\system32\_005224_.tmp.dll
C:\WINDOWS\system32\_005225_.tmp.dll
C:\WINDOWS\system32\ReadMe.txt
C:\WINDOWS\system32\spool\prtprocs\w32x86\Ppbiproc.dll

.
((((((((((((((((((((((((( Files Created from 2010-09-04 to 2010-10-04 )))))))))))))))))))))))))))))))
.

2010-09-29 19:13:05 . 2010-10-04 02:57:44   --------   d-----w-   C:\Program Files\Mozilla Thunderbird
2010-09-26 20:50:41 . 2010-09-26 20:51:39   --------   d-----w-   C:\Documents and Settings\Wayne\Application Data\PCToolsFirewallPlus
2010-09-26 20:46:02 . 2009-11-23 18:54:20   88040   ----a-w-   C:\WINDOWS\system32\drivers\PCTAppEvent.sys
2010-09-26 20:46:02 . 2009-11-09 16:20:12   207792   ----a-w-   C:\WINDOWS\system32\drivers\PCTCore.sys
2010-09-26 20:45:54 . 2010-01-07 17:40:26   233136   ----a-w-   C:\WINDOWS\system32\drivers\pctgntdi.sys
2010-09-26 20:44:31 . 2010-09-26 20:46:02   --------   d-----w-   C:\Program Files\Common Files\PC Tools
2010-09-26 20:44:31 . 2010-01-12 14:34:14   70664   ----a-w-   C:\WINDOWS\system32\drivers\pctNdis-PacketFilter.sys
2010-09-26 20:44:31 . 2010-01-07 16:35:06   58816   ----a-w-   C:\WINDOWS\system32\drivers\pctNdis.sys
2010-09-26 20:44:31 . 2010-01-07 16:35:02   32680   ----a-w-   C:\WINDOWS\system32\drivers\pctNdis-DNS.sys
2010-09-26 20:44:28 . 2010-01-13 13:59:28   115216   ----a-w-   C:\WINDOWS\system32\drivers\pctplfw.sys
2010-09-26 20:44:25 . 2010-09-28 03:24:55   --------   d-----w-   C:\Program Files\PC Tools Firewall Plus
2010-09-26 09:53:45 . 2010-09-26 09:54:04   --------   d-----w-   C:\Program Files\CCleaner
2010-09-26 01:14:05 . 2010-09-25 19:55:24   1129120   ----a-w-   C:\Documents and Settings\All Users\Application Data\STOPzilla!\vdb\vbcorent.dll
2010-09-25 15:43:30 . 2010-09-25 15:43:31   262144   ----a-w-   C:\Documents and Settings\ntuser.dat
2010-09-25 15:42:24 . 2010-09-25 15:42:27   --------   d-----w-   C:\Program Files\STOPzilla!
2010-09-25 15:42:23 . 2010-10-04 05:00:12   --------   d-----w-   C:\Documents and Settings\All Users\Application Data\STOPzilla!
2010-09-25 15:42:23 . 2010-09-25 15:42:23   --------   d-----w-   C:\Program Files\Common Files\iS3
2010-09-25 05:00:27 . 2010-09-25 05:00:36   --------   d-----w-   C:\671feffc3b70b88a397bd6f620fbac40
2010-09-24 16:25:08 . 2010-09-25 19:46:42   --------   d-----w-   C:\Program Files\UnHackMe
2010-09-24 15:57:40 . 2010-09-24 16:26:37   2   --shatr-   C:\WINDOWS\winstart.bat
2010-09-24 01:33:42 . 2010-09-24 01:33:42   12872   ----a-w-   C:\WINDOWS\system32\bootdelete.exe
2010-09-24 01:26:06 . 2010-09-24 23:39:07   16968   ----a-w-   C:\WINDOWS\system32\drivers\hitmanpro35.sys
2010-09-24 01:23:25 . 2010-09-24 01:33:40   --------   d-----w-   C:\Documents and Settings\All Users\Application Data\Hitman Pro
2010-09-24 01:23:20 . 2010-09-24 01:23:20   --------   d-----w-   C:\Program Files\Hitman Pro 3.5
2010-09-21 06:28:15 . 2010-09-21 06:28:15   --------   d-----w-   C:\Program Files\ESET
2010-09-20 23:08:16 . 2010-09-20 23:08:16   546256   ----a-r-   C:\WINDOWS\system32\SZComp5.dll
2010-09-20 23:08:16 . 2010-09-20 23:08:16   22992   ----a-r-   C:\WINDOWS\system32\SZIO5.dll
2010-09-20 23:08:16 . 2010-09-20 23:08:16   132560   ----a-r-   C:\WINDOWS\system32\IS3HTUI5.dll
2010-09-20 23:08:14 . 2010-09-20 23:08:14   99792   ----a-r-   C:\WINDOWS\system32\IS3Svc5.dll
2010-09-20 23:08:14 . 2010-09-20 23:08:14   67024   ----a-r-   C:\WINDOWS\system32\IS3Hks5.dll
2010-09-20 23:08:14 . 2010-09-20 23:08:14   452048   ----a-r-   C:\WINDOWS\system32\SZBase5.dll
2010-09-20 23:08:14 . 2010-09-20 23:08:14   398800   ----a-r-   C:\WINDOWS\system32\IS3DBA5.dll
2010-09-20 23:08:14 . 2010-09-20 23:08:14   28624   ----a-r-   C:\WINDOWS\system32\IS3XDat5.dll
2010-09-20 23:08:12 . 2010-09-20 23:08:12   99792   ----a-r-   C:\WINDOWS\system32\IS3Inet5.dll
2010-09-20 23:08:12 . 2010-09-20 23:08:12   738768   ----a-r-   C:\WINDOWS\system32\IS3Base5.dll
2010-09-20 23:08:12 . 2010-09-20 23:08:12   390608   ----a-r-   C:\WINDOWS\system32\IS3UI5.dll
2010-09-20 23:08:12 . 2010-09-20 23:08:12   230864   ----a-r-   C:\WINDOWS\system32\IS3Win325.dll
2010-09-16 00:51:20 . 2010-09-16 00:51:29   --------   d-----w-   C:\Program Files\WinPcap

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-04 05:02:48 . 2010-10-04 05:02:09   728   ----a-w-   C:\WINDOWS\system32\drivers\kgpcpy.cfg
2010-10-04 05:02:24 . 2010-10-04 05:02:24   80   ----a-w-   C:\WINDOWS\system32\drivers\kgpfr2.cfg
2010-10-04 05:01:17 . 2009-01-09 03:27:56   --------   d---a-w-   C:\Documents and Settings\All Users\Application Data\TEMP
2010-10-01 19:35:52 . 2010-05-28 05:29:12   --------   d-----w-   C:\Program Files\MTS Accelerator
2010-10-01 00:09:49 . 2004-02-18 20:41:08   --------   d-----w-   C:\Program Files\Java
2010-09-27 06:45:14 . 2008-05-14 07:32:36   --------   d-----w-   C:\Program Files\SUPERAntiSpyware
2010-09-27 06:34:34 . 2009-10-08 18:48:28   117760   ----a-w-   C:\Documents and Settings\Wayne\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-09-26 10:04:34 . 2010-01-19 07:37:59   --------   d-----w-   C:\Documents and Settings\Wayne\Application Data\Media Player Classic
2010-09-24 01:33:42 . 2008-09-08 16:33:16   --------   d-----w-   C:\Program Files\ERUNT
2010-09-22 18:59:32 . 2006-04-12 18:25:43   --------   d-----w-   C:\Documents and Settings\Wayne\Application Data\Thunderbird
2010-09-22 01:41:43 . 2009-04-23 06:47:44   --------   d-----w-   C:\Program Files\SpywareBlaster
2010-09-22 01:08:39 . 2002-12-18 08:10:52   --------   d-----w-   C:\Program Files\WinTV
2010-09-22 01:00:34 . 2004-01-16 01:15:35   --------   d-----w-   C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2010-09-21 10:54:08 . 2008-05-21 00:21:17   --------   d-----w-   C:\Program Files\Unlocker
2010-09-09 18:14:33 . 2008-08-20 17:51:11   --------   d-----w-   C:\Documents and Settings\Wayne\Application Data\gtk-2.0
2010-09-04 08:34:37 . 2002-12-22 01:36:02   --------   d-----w-   C:\Program Files\AutoCAD R14
2010-08-21 07:52:55 . 2010-08-21 07:52:55   503808   ----a-w-   C:\Documents and Settings\Wayne\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-45231699-n\msvcp71.dll
2010-08-21 07:52:55 . 2010-08-21 07:52:55   499712   ----a-w-   C:\Documents and Settings\Wayne\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-45231699-n\jmc.dll
2010-08-21 07:52:55 . 2010-08-21 07:52:55   348160   ----a-w-   C:\Documents and Settings\Wayne\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-45231699-n\msvcr71.dll
2010-08-21 07:48:15 . 2010-08-21 07:48:15   61440   ----a-w-   C:\Documents and Settings\Wayne\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-6bfce2df-n\decora-sse.dll
2010-08-21 07:48:15 . 2010-08-21 07:48:15   12800   ----a-w-   C:\Documents and Settings\Wayne\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-6bfce2df-n\decora-d3d.dll
2010-08-19 22:54:30 . 2010-08-19 22:54:23   --------   d-----w-   C:\Program Files\GIMP-2.0
2010-08-17 13:17:06 . 2001-08-18 12:00:00   58880   ----a-w-   C:\WINDOWS\system32\spoolsv.exe
2010-08-13 10:12:38 . 2010-07-29 15:43:41   --------   d-----w-   C:\Documents and Settings\Wayne\Application Data\DVD Flick
2010-07-25 07:10:09 . 2004-02-09 09:49:22   664   ----a-w-   C:\WINDOWS\system32\d3d9caps.dat
2010-07-24 23:52:58 . 2004-10-08 03:03:21   254632   ----a-w-   C:\Documents and Settings\Wayne\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-24 23:52:34 . 2010-07-24 23:52:34   0   ----a-w-   C:\Documents and Settings\All Users\Application Data\xml52.tmp
2010-07-24 23:52:34 . 2010-07-24 23:52:34   0   ----a-w-   C:\Documents and Settings\All Users\Application Data\xml51.tmp
2010-07-24 23:52:34 . 2010-07-24 23:52:15   0   ----a-w-   C:\Documents and Settings\All Users\Application Data\xml50.tmp
2010-07-24 23:52:34 . 2010-05-31 04:08:29   0   ----a-w-   C:\Documents and Settings\All Users\Application Data\xml16F.tmp
2010-07-24 23:52:34 . 2010-05-31 04:08:27   0   ----a-w-   C:\Documents and Settings\All Users\Application Data\xml16E.tmp
2010-07-22 15:49:15 . 2004-04-19 15:30:26   590848   ----a-w-   C:\WINDOWS\system32\rpcrt4.dll
2010-07-22 05:57:20 . 2009-04-16 04:06:45   5120   ----a-w-   C:\WINDOWS\system32\xpsp4res.dll
2010-07-19 00:48:01 . 2008-05-28 04:57:40   243024   ----a-w-   C:\WINDOWS\system32\drivers\avgtdix.sys
2010-07-19 00:47:58 . 2010-07-19 00:47:58   12536   ----a-w-   C:\WINDOWS\system32\avgrsstx.dll
2010-07-19 00:46:17 . 2008-05-28 04:57:39   216400   ----a-w-   C:\WINDOWS\system32\drivers\avgldx86.sys
2010-07-17 10:00:04 . 2010-05-23 05:24:54   423656   ----a-w-   C:\WINDOWS\system32\deployJava1.dll
2010-07-12 18:46:00 . 2010-07-12 18:46:00   552   ----a-w-   C:\WINDOWS\system32\d3d8caps.dat
2010-07-12 17:04:00 . 2008-09-17 21:14:37   70691   ----a-w-   C:\WINDOWS\pchealth\HELPCTR\OfflineCache\index.dat
2001-07-07 04:47:50 . 2001-07-07 04:47:50   3149   ----a-w-   C:\Program Files\ReadMe.txt
2001-07-06 21:59:54 . 2001-07-06 21:59:54   372736   ----a-w-   C:\Program Files\Dragnifier.exe
2008-12-21 19:43:06 . 2008-09-06 19:16:33   67688   ----a-w-   C:\Program Files\mozilla firefox\components\jar50.dll
2008-12-21 19:43:06 . 2008-09-06 19:16:33   54368   ----a-w-   C:\Program Files\mozilla firefox\components\jsd3250.dll
2008-12-21 19:43:06 . 2008-09-06 19:16:33   34944   ----a-w-   C:\Program Files\mozilla firefox\components\myspell.dll
2008-12-21 19:43:06 . 2008-09-06 19:16:33   46712   ----a-w-   C:\Program Files\mozilla firefox\components\spellchk.dll
2008-12-21 19:43:07 . 2008-09-06 19:16:33   172136   ----a-w-   C:\Program Files\mozilla firefox\components\xpinstal.dll
2008-04-14 00:12:01 . 2008-10-01 08:11:52   413696   --sha-w-   C:\WINDOWS\system32\SET284.tmp
2008-04-14 10:42:02 . 2010-07-12 06:28:01   413696   --sha-w-   C:\WINDOWS\system32\SET45A.tmp
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

SuperDave · « **Reply #11 on:** October 04, 2010, 04:27:02 PM »

This is not the complete ComboFix file. Please post everything.

jwfilion · « **Reply #12 on:** October 04, 2010, 06:33:55 PM »

Sorry, but I am a bit confused. This is all there is in the ComboFix.txt file in the "blackpudding" folder. There are other .txt files, but this is the only txt file named ComboFix.txt, all 12.5 kbytes of it. I await your response.

SuperDave · « **Reply #13 on:** October 05, 2010, 04:24:27 PM »

Ok. Delete that file, run ComboFix again and see we can get a complete log.

jwfilion · « **Reply #14 on:** October 05, 2010, 11:28:34 PM »

Hey SuperDave, after a few dozen attempts at running the program, and being told that I had the wrong operating system, and was not the Administrator, (I am!) and stalling at the DOS window, I finally got it to run. Oddly enough, it worked after I renamed the batch file "666". It seemed appropriate. Here is the log...

ComboFix 10-10-05.01 - Wayne 10/05/2010 23:46:15.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2031.1405 [GMT -5:00]
Running from: c:\documents and settings\Wayne\Desktop\666.bat
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: PC Tools Firewall Plus *disabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}
.

((((((((((((((((((((((((( Files Created from 2010-09-06 to 2010-10-06 )))))))))))))))))))))))))))))))
.

2010-10-06 04:03 . 2010-10-06 04:03   --------   d-----w-   C:\ViewPro
2010-10-05 18:22 . 2010-10-05 18:22   --------   d-----w-   c:\documents and settings\Wayne\Application Data\Foxit Software
2010-10-05 08:07 . 2010-10-05 08:07   262144   ----a-w-   c:\documents and settings\ntuser.dat
2010-10-04 18:15 . 2010-10-04 18:15   4100960   ----a-w-   c:\documents and settings\All Users\Application Data\avg9\update\backup\avgui.exe
2010-10-04 18:15 . 2010-10-04 18:15   2065760   ----a-w-   c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtray.exe
2010-10-04 18:15 . 2010-10-04 18:15   4394336   ----a-w-   c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2010-09-29 19:13 . 2010-10-06 02:35   --------   d-----w-   c:\program files\Mozilla Thunderbird
2010-09-26 20:50 . 2010-09-26 20:51   --------   d-----w-   c:\documents and settings\Wayne\Application Data\PCToolsFirewallPlus
2010-09-26 20:46 . 2009-11-23 18:54   88040   ----a-w-   c:\windows\system32\drivers\PCTAppEvent.sys
2010-09-26 20:46 . 2009-11-09 16:20   207792   ----a-w-   c:\windows\system32\drivers\PCTCore.sys
2010-09-26 20:45 . 2010-01-07 17:40   233136   ----a-w-   c:\windows\system32\drivers\pctgntdi.sys
2010-09-26 20:44 . 2010-09-26 20:46   --------   d-----w-   c:\program files\Common Files\PC Tools
2010-09-26 20:44 . 2010-01-12 14:34   70664   ----a-w-   c:\windows\system32\drivers\pctNdis-PacketFilter.sys
2010-09-26 20:44 . 2010-01-07 16:35   58816   ----a-w-   c:\windows\system32\drivers\pctNdis.sys
2010-09-26 20:44 . 2010-01-07 16:35   32680   ----a-w-   c:\windows\system32\drivers\pctNdis-DNS.sys
2010-09-26 20:44 . 2010-01-13 13:59   115216   ----a-w-   c:\windows\system32\drivers\pctplfw.sys
2010-09-26 20:44 . 2010-09-28 03:24   --------   d-----w-   c:\program files\PC Tools Firewall Plus
2010-09-26 09:53 . 2010-09-26 09:54   --------   d-----w-   c:\program files\CCleaner
2010-09-26 01:14 . 2010-09-25 19:55   1129120   ----a-w-   c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vbcorent.dll
2010-09-25 15:42 . 2010-09-25 15:42   --------   d-----w-   c:\program files\STOPzilla!
2010-09-25 15:42 . 2010-10-06 04:56   --------   d-----w-   c:\documents and settings\All Users\Application Data\STOPzilla!
2010-09-25 15:42 . 2010-09-25 15:42   --------   d-----w-   c:\program files\Common Files\iS3
2010-09-25 05:00 . 2010-09-25 05:00   --------   d-----w-   C:\671feffc3b70b88a397bd6f620fbac40
2010-09-24 16:25 . 2010-09-25 19:46   --------   d-----w-   c:\program files\UnHackMe
2010-09-24 15:57 . 2010-09-24 16:26   2   --shatr-   c:\windows\winstart.bat
2010-09-24 01:33 . 2010-09-24 01:33   12872   ----a-w-   c:\windows\system32\bootdelete.exe
2010-09-24 01:26 . 2010-09-24 23:39   16968   ----a-w-   c:\windows\system32\drivers\hitmanpro35.sys
2010-09-24 01:23 . 2010-09-24 01:33   --------   d-----w-   c:\documents and settings\All Users\Application Data\Hitman Pro
2010-09-24 01:23 . 2010-09-24 01:23   --------   d-----w-   c:\program files\Hitman Pro 3.5
2010-09-21 06:28 . 2010-09-21 06:28   --------   d-----w-   c:\program files\ESET
2010-09-20 23:08 . 2010-09-20 23:08   546256   ----a-r-   c:\windows\system32\SZComp5.dll
2010-09-20 23:08 . 2010-09-20 23:08   22992   ----a-r-   c:\windows\system32\SZIO5.dll
2010-09-20 23:08 . 2010-09-20 23:08   132560   ----a-r-   c:\windows\system32\IS3HTUI5.dll
2010-09-20 23:08 . 2010-09-20 23:08   99792   ----a-r-   c:\windows\system32\IS3Svc5.dll
2010-09-20 23:08 . 2010-09-20 23:08   67024   ----a-r-   c:\windows\system32\IS3Hks5.dll
2010-09-20 23:08 . 2010-09-20 23:08   452048   ----a-r-   c:\windows\system32\SZBase5.dll
2010-09-20 23:08 . 2010-09-20 23:08   398800   ----a-r-   c:\windows\system32\IS3DBA5.dll
2010-09-20 23:08 . 2010-09-20 23:08   28624   ----a-r-   c:\windows\system32\IS3XDat5.dll
2010-09-20 23:08 . 2010-09-20 23:08   99792   ----a-r-   c:\windows\system32\IS3Inet5.dll
2010-09-20 23:08 . 2010-09-20 23:08   738768   ----a-r-   c:\windows\system32\IS3Base5.dll
2010-09-20 23:08 . 2010-09-20 23:08   390608   ----a-r-   c:\windows\system32\IS3UI5.dll
2010-09-20 23:08 . 2010-09-20 23:08   230864   ----a-r-   c:\windows\system32\IS3Win325.dll
2010-09-16 00:51 . 2010-09-16 00:51   --------   d-----w-   c:\program files\WinPcap

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-06 04:56 . 2010-10-06 04:24   3000   ----a-w-   c:\windows\system32\drivers\kgpfr2.cfg
2010-10-06 04:46 . 2010-10-06 04:21   1680   ----a-w-   c:\windows\system32\drivers\kgpcpy.cfg
2010-10-06 04:20 . 2009-01-09 03:27   --------   d---a-w-   c:\documents and settings\All Users\Application Data\TEMP
2010-10-01 19:35 . 2010-05-28 05:29   --------   d-----w-   c:\program files\MTS Accelerator
2010-10-01 00:09 . 2004-02-18 20:41   --------   d-----w-   c:\program files\Java
2010-09-27 06:45 . 2008-05-14 07:32   --------   d-----w-   c:\program files\SUPERAntiSpyware
2010-09-27 06:34 . 2009-10-08 18:48   117760   ----a-w-   c:\documents and settings\Wayne\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-09-26 10:04 . 2010-01-19 07:37   --------   d-----w-   c:\documents and settings\Wayne\Application Data\Media Player Classic
2010-09-24 01:33 . 2008-09-08 16:33   --------   d-----w-   c:\program files\ERUNT
2010-09-22 18:59 . 2006-04-12 18:25   --------   d-----w-   c:\documents and settings\Wayne\Application Data\Thunderbird
2010-09-22 01:41 . 2009-04-23 06:47   --------   d-----w-   c:\program files\SpywareBlaster
2010-09-22 01:08 . 2002-12-18 08:10   --------   d-----w-   c:\program files\WinTV
2010-09-22 01:00 . 2004-01-16 01:15   --------   d-----w-   c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-09-21 10:54 . 2008-05-21 00:21   --------   d-----w-   c:\program files\Unlocker
2010-09-09 18:14 . 2008-08-20 17:51   --------   d-----w-   c:\documents and settings\Wayne\Application Data\gtk-2.0
2010-09-04 08:34 . 2002-12-22 01:36   --------   d-----w-   c:\program files\AutoCAD R14
2010-08-21 07:52 . 2010-08-21 07:52   503808   ----a-w-   c:\documents and settings\Wayne\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-45231699-n\msvcp71.dll
2010-08-21 07:52 . 2010-08-21 07:52   499712   ----a-w-   c:\documents and settings\Wayne\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-45231699-n\jmc.dll
2010-08-21 07:52 . 2010-08-21 07:52   348160   ----a-w-   c:\documents and settings\Wayne\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-45231699-n\msvcr71.dll
2010-08-21 07:48 . 2010-08-21 07:48   61440   ----a-w-   c:\documents and settings\Wayne\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-6bfce2df-n\decora-sse.dll
2010-08-21 07:48 . 2010-08-21 07:48   12800   ----a-w-   c:\documents and settings\Wayne\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-6bfce2df-n\decora-d3d.dll
2010-08-19 22:54 . 2010-08-19 22:54   --------   d-----w-   c:\program files\GIMP-2.0
2010-08-17 13:17 . 2001-08-18 12:00   58880   ----a-w-   c:\windows\system32\spoolsv.exe
2010-08-13 10:12 . 2010-07-29 15:43   --------   d-----w-   c:\documents and settings\Wayne\Application Data\DVD Flick
2010-07-25 07:10 . 2004-02-09 09:49   664   ----a-w-   c:\windows\system32\d3d9caps.dat
2010-07-24 23:52 . 2004-10-08 03:03   254632   ----a-w-   c:\documents and settings\Wayne\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-24 23:52 . 2010-07-24 23:52   0   ----a-w-   c:\documents and settings\All Users\Application Data\xml52.tmp
2010-07-24 23:52 . 2010-07-24 23:52   0   ----a-w-   c:\documents and settings\All Users\Application Data\xml51.tmp
2010-07-24 23:52 . 2010-07-24 23:52   0   ----a-w-   c:\documents and settings\All Users\Application Data\xml50.tmp
2010-07-24 23:52 . 2010-05-31 04:08   0   ----a-w-   c:\documents and settings\All Users\Application Data\xml16F.tmp
2010-07-24 23:52 . 2010-05-31 04:08   0   ----a-w-   c:\documents and settings\All Users\Application Data\xml16E.tmp
2010-07-22 15:49 . 2004-04-19 15:30   590848   ----a-w-   c:\windows\system32\rpcrt4.dll
2010-07-22 05:57 . 2009-04-16 04:06   5120   ----a-w-   c:\windows\system32\xpsp4res.dll
2010-07-19 00:48 . 2008-05-28 04:57   243024   ----a-w-   c:\windows\system32\drivers\avgtdix.sys
2010-07-19 00:47 . 2010-07-19 00:47   12536   ----a-w-   c:\windows\system32\avgrsstx.dll
2010-07-19 00:46 . 2008-05-28 04:57   216400   ----a-w-   c:\windows\system32\drivers\avgldx86.sys
2010-07-17 10:00 . 2010-05-23 05:24   423656   ----a-w-   c:\windows\system32\deployJava1.dll
2010-07-12 18:46 . 2010-07-12 18:46   552   ----a-w-   c:\windows\system32\d3d8caps.dat
2010-07-12 17:04 . 2008-09-17 21:14   70691   ----a-w-   c:\windows\pchealth\HELPCTR\OfflineCache\index.dat
2001-07-07 04:47 . 2001-07-07 04:47   3149   ----a-w-   c:\program files\ReadMe.txt
2001-07-06 21:59 . 2001-07-06 21:59   372736   ----a-w-   c:\program files\Dragnifier.exe
2008-12-21 19:43 . 2008-09-06 19:16   67688   ----a-w-   c:\program files\mozilla firefox\components\jar50.dll
2008-12-21 19:43 . 2008-09-06 19:16   54368   ----a-w-   c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-21 19:43 . 2008-09-06 19:16   34944   ----a-w-   c:\program files\mozilla firefox\components\myspell.dll
2008-12-21 19:43 . 2008-09-06 19:16   46712   ----a-w-   c:\program files\mozilla firefox\components\spellchk.dll
2008-12-21 19:43 . 2008-09-06 19:16   172136   ----a-w-   c:\program files\mozilla firefox\components\xpinstal.dll
2008-04-14 00:12 . 2008-10-01 08:11   413696   --sha-w-   c:\windows\system32\SET284.tmp
2008-04-14 10:42 . 2010-07-12 06:28   413696   --sha-w-   c:\windows\system32\SET45A.tmp
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-11-01 32768]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"VTPreset"="VTPreset.exe" [2004-02-25 45056]
"BtcMaestro"="c:\program files\KMaestro\KMaestro.exe" [2004-05-05 237568]
"EssSpkPhone"="essspk.exe" [2002-05-31 167936]
"basicsmssmenu"="c:\program files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" [2007-10-09 169328]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-10-04 2067808]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"OneTouch Monitor"="c:\program files\Visioneer OneTouch\OneTouchMon.exe" [2002-05-20 86016]
"CXMon"="c:\program files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe" [2001-08-09 45056]
"00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2010-01-12 3168216]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-11-19 805392]
Sonic CinePlayer Quick Launch.lnk - c:\program files\Common Files\Sonic Shared\CineTray.exe [2006-7-25 114688]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2009-10-08 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-19 00:47   12536   ----a-w-   c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 08:42   72208   ----a-w-   c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Cloudmark SpamNet for OE.lnk]
backup=c:\windows\pss\Cloudmark SpamNet for OE.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^dpcstart.lnk]
backup=c:\windows\pss\dpcstart.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Wayne^Start Menu^Programs^Startup^ClickTray Calendar.lnk]
backup=c:\windows\pss\ClickTray Calendar.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Popup Ad Filter
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Washer

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP2c\\RpcAgentSrv.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP2c\\WNt500x86\\RpcSandraSrv.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 szkg5;szkg5;c:\windows\system32\drivers\SZKG.sys [12/7/2009 5:59 PM 61328]
R0 szkgfs;szkgfs;c:\windows\system32\drivers\SZKGFS.sys [5/12/2010 6:01 PM 59280]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/27/2008 11:57 PM 216400]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/27/2008 11:57 PM 243024]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [9/26/2010 3:45 PM 233136]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2/29/2008 4:03 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/29/2008 4:03 PM 67656]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [7/18/2010 7:46 PM 921440]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [7/18/2010 7:47 PM 308136]
R2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [5/29/2010 8:14 PM 20072]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [9/26/2010 3:46 PM 88040]
R2 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe [5/30/2008 1:31 PM 98488]
R2 SnapTHN;SnapTHN;c:\windows\system32\drivers\SNAPTHN.SYS [2/23/1998 5:56 PM 31104]
R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [9/26/2010 3:44 PM 70664]
R3 pctNDIS;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [9/26/2010 3:44 PM 58816]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [9/26/2010 3:44 PM 115216]
S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [12/7/2009 5:59 PM 61328]
S3 Dual Mode;Dual Mode Video Capture;c:\windows\system32\DRIVERS\CoachVc.sys --> c:\windows\system32\DRIVERS\CoachVc.sys [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [11/6/2007 3:22 PM 34064]
S3 nuvaudio;Hauppauge WinTV USB Pro Audio Service;c:\windows\system32\DRIVERS\nuvaudio.sys --> c:\windows\system32\DRIVERS\nuvaudio.sys [?]
S3 NuVision;Hauppauge WinTV USB Live Pro;c:\windows\system32\drivers\Nuvision.sys [12/19/2002 3:56 PM 260144]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/16/2006 4:51 PM 12872]
S3 USBNDIS;%USBNDIS.Service.DispName%;c:\windows\system32\DRIVERS\usbndis.sys --> c:\windows\system32\DRIVERS\usbndis.sys [?]
S4 DPCUSB;Satellite Receiver USB Driver;c:\windows\system32\Drivers\DPCUSB.sys --> c:\windows\system32\Drivers\DPCUSB.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2010-10-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.canoe.ca/
uInternet Settings,ProxyOverride = <local>
IE: eBay Search - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Wayne\Application Data\Mozilla\Firefox\Profiles\d1lib2qr.default\
FF - prefs.js: browser.search.selectedEngine - www.google-feed.net
FF - prefs.js: browser.startup.homepage - hxxp://en.canoe.ca/home.html
FF - prefs.js: keyword.URL - hxxp://www.veerboo.com/results.php?q=
FF - component: c:\documents and settings\Wayne\Application Data\Mozilla\Firefox\Profiles\d1lib2qr.default\extensions\[email protected]\components\PACMozComponent.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
AddRemove-GSpot - c:\program files\GSpot\Uninstall.exe

.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{8F7EC739-D5DE-8DF0-851B2E09AF27478A}\{9DB8FF8F-3E0D-CA6E-8233451919EA27FD}\{89229253-B827-099C-CFFB852028D69EA1}*]
"WE6X3HNHJXRI2CPMH2OUMP32VF1"=hex:01,00,01,00,00,00,00,00,6d,db,9e,e2,89,b8,a5,
65,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(700)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll

- - - - - - - > 'explorer.exe'(236)
c:\windows\system32\WININET.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-10-06 00:02:41
ComboFix-quarantined-files.txt 2010-10-06 05:02

Pre-Run: 265,712,398,336 bytes free
Post-Run: 265,705,082,880 bytes free

- - End Of File - - 6308A0289D7F412A0E85994AA668FC77

SuperDave · « **Reply #15 on:** October 06, 2010, 04:57:44 PM »

Re-running ComboFix to remove infections:

Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open notepad and copy/paste the text in the quotebox below into it:
Quote
KillAll::

File::
c:\windows\system32\SET284.tmp
c:\windows\system32\SET45A.tmp
Save this as CFScript.txt, in the same location as ComboFix.exe
Referring to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt
I don't need to see the log from this action.

**************************
Please download 7-Zip and install it. If you already have it, no need to reinstall.

Then, download RootkitUnhooker and save the setup to your Desktop.

Right-click on the RootkitUnhooker setup and mouse-over 7-Zip then click Extract to "RKU***"
Once that is done, enter the folder, and double-click on the setup file. Navigate through setup and finish.
Once that is done, you will see another folder that was created inside the RKU folder. Enter that folder, and double-click on the randomly named file. (It will be alpha-numeric and have an EXE extension on it.)
It will initialize itself and load the scanner. It will also install its driver. Please wait for the interface to begin.
Once inside the interface, do not fix anything. Click on the Report tab.
Next, click on the Scan button and a popup will show. Make sure all are checked, then click on OK. It will begin scanning. When it gets to the Files tab, it will ask you what drives to scan. Just select C:\ and hit OK.
It will finish in about 5 minutes or a little longer depending on how badly infected the system is, or if your security software is enabled.
When finished, it will show the report in the Report tab. Please copy all of it, and post it in your next reply. Depending on how large the log is, you may have to use two or three posts to get all the information in.

jwfilion · « **Reply #16 on:** October 06, 2010, 09:41:43 PM »

Thanks SuperDave. Unfortunately, the script did not get ComboFix running. After many attempts, I got no farther than I did before, so I just said screw it! Below is the log you asked for...

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #1
==============================================
>SSDT State
==============================================
ntoskrnl.exe-->NtAllocateVirtualMemory, Type: Address change 0x80568FCA-->B555D752 [C:\WINDOWS\system32\drivers\PCTAppEvent.sys]
ntoskrnl.exe-->NtAssignProcessToJobObject, Type: Address change 0x805A253D-->B555D440 [C:\WINDOWS\system32\drivers\PCTAppEvent.sys]
ntoskrnl.exe-->NtConnectPort, Type: Address change 0x8058C63A-->B555D482 [C:\WINDOWS\system32\drivers\PCTAppEvent.sys]
ntoskrnl.exe-->NtCreateFile, Type: Address change 0x8056CF98-->B555D530 [C:\WINDOWS\system32\drivers\PCTAppEvent.sys]
ntoskrnl.exe-->NtCreateProcess, Type: Address change 0x805B14AC-->B555DDD8 [C:\WINDOWS\system32\drivers\PCTAppEvent.sys]
ntoskrnl.exe-->NtCreateProcessEx, Type: Address change 0x8057FE4C-->B555DE64 [C:\WINDOWS\system32\drivers\PCTAppEvent.sys]
ntoskrnl.exe-->NtCreateThread, Type: Address change 0x80587A3C-->B555DEF4 [C:\WINDOWS\system32\drivers\PCTAppEvent.sys]
ntoskrnl.exe-->NtDebugActiveProcess, Type: Address change 0x8065B541-->B555D580 [C:\WINDOWS\system32\drivers\PCTAppEvent.sys]
ntoskrnl.exe-->NtDuplicateObject, Type: Address change 0x805717C5-->B555D5C2 [C:\WINDOWS\system32\drivers\PCTAppEvent.sys]
ntoskrnl.exe-->NtLoadDriver, Type: Address change 0x805A3B73-->B555D606 [C:\WINDOWS\system32\drivers\PCTAppEvent.sys]
ntoskrnl.exe-->NtOpenKey, Type: Address change 0x80568D48-->B555D648 [C:\WINDOWS\system32\drivers\PCTAppEvent.sys]
ntoskrnl.exe-->NtOpenSection, Type: Address change 0x805711B4-->B555D68A [C:\WINDOWS\system32\drivers\PCTAppEvent.sys]
ntoskrnl.exe-->NtOpenThread, Type: Address change 0x8058E5C4-->B555D6CC [C:\WINDOWS\system32\drivers\PCTAppEvent.sys]
ntoskrnl.exe-->NtProtectVirtualMemory, Type: Address change 0x80571E96-->B555D79A [C:\WINDOWS\system32\drivers\PCTAppEvent.sys]
ntoskrnl.exe-->NtRequestWaitReplyPort, Type: Address change 0x80576EC6-->B555D70E [C:\WINDOWS\system32\drivers\PCTAppEvent.sys]
ntoskrnl.exe-->NtRestoreKey, Type: Address change 0x8064EFDD-->B555D7DC [C:\WINDOWS\system32\drivers\PCTAppEvent.sys]
ntoskrnl.exe-->NtResumeThread, Type: Address change 0x805880AF-->B555D824 [C:\WINDOWS\system32\drivers\PCTAppEvent.sys]
ntoskrnl.exe-->NtSecureConnectPort, Type: Address change 0x805888DA-->B555D8B4 [C:\WINDOWS\system32\drivers\PCTAppEvent.sys]
ntoskrnl.exe-->NtSetValueKey, Type: Address change 0x80572A6E-->B555D866 [C:\WINDOWS\system32\drivers\PCTAppEvent.sys]
ntoskrnl.exe-->NtSuspendProcess, Type: Address change 0x8062FC39-->B555D958 [C:\WINDOWS\system32\drivers\PCTAppEvent.sys]
ntoskrnl.exe-->NtSystemDebugControl, Type: Address change 0x8064A01B-->B555D99A [C:\WINDOWS\system32\drivers\PCTAppEvent.sys]
ntoskrnl.exe-->NtTerminateProcess, Type: Address change 0x805824CC-->B833E620 [C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys]
ntoskrnl.exe-->NtWriteVirtualMemory, Type: Address change 0x8057E60A-->B555DA2A [C:\WINDOWS\system32\drivers\PCTAppEvent.sys]
==============================================
>Shadow
==============================================
win32k.sys-->NtUserAttachThreadInput, Type: Address change 0xBF8F559C-->B555DA6C [C:\WINDOWS\system32\drivers\PCTAppEvent.sys]
win32k.sys-->NtUserCallOneParam, Type: Address change 0xBF8010DF-->B555DAB4 [C:\WINDOWS\system32\drivers\PCTAppEvent.sys]
win32k.sys-->NtUserGetAsyncKeyState, Type: Address change 0xBF8A3E9C-->B555DAF8 [C:\WINDOWS\system32\drivers\PCTAppEvent.sys]
win32k.sys-->NtUserGetKeyState, Type: Address change 0xBF823E97-->B555DB3C [C:\WINDOWS\system32\drivers\PCTAppEvent.sys]
win32k.sys-->NtUserMessageCall, Type: Address change 0xBF80EEAE-->B555DB80 [C:\WINDOWS\system32\drivers\PCTAppEvent.sys]
win32k.sys-->NtUserPostMessage, Type: Address change 0xBF808327-->B555DBD8 [C:\WINDOWS\system32\drivers\PCTAppEvent.sys]
win32k.sys-->NtUserPostThreadMessage, Type: Address change 0xBF85FD24-->B555DC30 [C:\WINDOWS\system32\drivers\PCTAppEvent.sys]
win32k.sys-->NtUserRegisterRawInputDevices, Type: Address change 0xBF916B09-->B555DC88 [C:\WINDOWS\system32\drivers\PCTAppEvent.sys]
win32k.sys-->NtUserSetWindowsHookEx, Type: Address change 0xBF8AD40B-->B555DD1E [C:\WINDOWS\system32\drivers\PCTAppEvent.sys]
win32k.sys-->NtUserSetWinEventHook, Type: Address change 0xBF8F9928-->B555DCD0 [C:\WINDOWS\system32\drivers\PCTAppEvent.sys]
==============================================
>Processes
==============================================
0x8AA68830 [4] System
0x8A77C368 [292] C:\Program Files\PC Tools Firewall Plus\FWService.exe (PC Tools, PC Tools Firewall Plus service)
0x8A724530 [332] C:\WINDOWS\system32\locator.exe (Microsoft Corporation, Rpc Locator)
0x8A37EDA0 [384] C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe (SiSoftware, SiSoftware Deployment Agent Service (NT)(Unicode))
0x8A109B98 [424] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x8A985A00 [580] C:\WINDOWS\system32\smss.exe (Microsoft Corporation, Windows NT Session Manager)
0x8A740480 [676] C:\WINDOWS\system32\csrss.exe (Microsoft Corporation, Client Server Runtime Process)
0x8A2DCDA0 [700] C:\WINDOWS\system32\winlogon.exe (Microsoft Corporation, Windows NT Logon Application)
0x8A988A00 [744] C:\WINDOWS\system32\services.exe (Microsoft Corporation, Services and Controller app)
0x8A2E8020 [756] C:\WINDOWS\system32\lsass.exe (Microsoft Corporation, LSA Shell (Export Version))
0x89F34990 [920] C:\Program Files\Common Files\Sonic Shared\CineTray.exe (Sonic Solutions, Sonic CinePlayer(R) Tray Application)
0x8A815DA0 [928] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x8A301BE8 [964] C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe (iS3, Inc., STOPzilla Service)
0x8A11CDA0 [988] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp., PowerDVD RC Service)
0x89B54020 [1040] C:\WINDOWS\system32\notepad.exe (Microsoft Corporation, Notepad)
0x8A090DA0 [1072] C:\Program Files\KMaestro\Kmaestro.exe (BTC, KeyMaestro main program)
0x8A0DCDA0 [1088] C:\WINDOWS\essspk.exe (-, Modem On Hold Utility)
0x8A985DA0 [1136] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x8A117B28 [1184] C:\PROGRA~1\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o., AVG Tray Monitor)
0x8A771DA0 [1188] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x8A781408 [1204] C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o., AVG Cache Server)
0x89F46900 [1212] C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o., AVG Resident Shield Service)
0x8A101BC0 [1228] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc., Java(TM) Update Scheduler)
0x8A8C4DA0 [1332] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x8A0A3DA0 [1368] C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe (PC Tools, PC Tools Firewall GUI)
0x8A3689D8 [1448] C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o., AVG Scanning Core Module - Server Part)
0x8A6EB580 [1504] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x8A2E79B0 [1624] C:\WINDOWS\system32\spoolsv.exe (Microsoft Corporation, Spooler SubSystem App)
0x8A2ECB70 [1680] C:\WINDOWS\explorer.exe (Microsoft Corporation, Windows Explorer)
0x8A138DA0 [1756] C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc., Logitech SetPoint Event Manager (UNICODE))
0x8A340558 [1852] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x8A8F89A8 [1928] C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o., AVG Watchdog Service)
0x8A2D8DA0 [1988] C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe (Seagate Technology LLC, Sync Windows Services)
0x89F15DA0 [2108] C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o., AVG E-Mail Scanner)
0x89EFFC88 [2252] C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o., AVG Network scanner Service)
0x89F09BC0 [2344] C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc., Logitech KHAL Main Process)
0x89EBADA0 [2416] C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o., AVG Scanning Core Module - Server Part)
0x89B5C4B8 [2544] C:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation, Windows Security Center Notification App)
0x898F3020 [2736] C:\Documents and Settings\Wayne\Desktop\RkU3.8.388.590\MustBeRandomlyNamed\xq1k3G0m3je.exe (UG North, RKULE, SR2 Normandy)
0x89E37DA0 [3136] C:\WINDOWS\system32\alg.exe (Microsoft Corporation, Application Layer Gateway Service)
0x89CBA5F8 [3320] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation, CTF Loader)
==============================================
>Drivers
==============================================
0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2189952 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2189952 bytes
0x804D7000 RAW 2189952 bytes
0x804D7000 WMIxWDM 2189952 bytes
0xBF800000 Win32k 1855488 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xB985E000 C:\WINDOWS\System32\DRIVERS\es56hpi.sys 671744 bytes (ESS Technology, Inc., ESS Telephony Driver)
0xF7B52000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xB8299000 C:\WINDOWS\System32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xBF012000 C:\WINDOWS\System32\s3gnb.dll 405504 bytes (S3 Graphics, Inc., S3 ProSavage(DDR) & Twister Display Driver)
0xB96D7000 C:\WINDOWS\System32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xB85B3000 C:\WINDOWS\System32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xB53E3000 C:\WINDOWS\System32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xB558E000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xB8542000 C:\WINDOWS\System32\Drivers\avgtdix.sys 237568 bytes (AVG Technologies CZ, s.r.o., AVG Network connection watcher)
0xB857C000 C:\WINDOWS\system32\drivers\pctgntdi.sys 225280 bytes (PC Tools, PC Tools Generic TDI Driver)
0xB8265000 C:\WINDOWS\System32\Drivers\avgldx86.sys 212992 bytes (AVG Technologies CZ, s.r.o., AVG AVI Loader Driver)
0xB97E5000 C:\WINDOWS\system32\drivers\vinyl97.sys 204800 bytes (VIA Technologies, Inc., Vinyl AC'97 Codec Combo WDM Driver)
0xF7508000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xB579A000 C:\WINDOWS\System32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF7841000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xB8309000 C:\WINDOWS\System32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xB823B000 C:\WINDOWS\system32\DRIVERS\emDevice.sys 172032 bytes (eMPIA Technology, Inc., USB 28xx WDM Driver)
0xB9916000 C:\WINDOWS\System32\DRIVERS\s3gnbm.sys 167936 bytes (S3 Graphics, Inc., S3 ProSavage(DDR) & Twister Miniport Driver)
0xB8418000 C:\WINDOWS\System32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xB851C000 C:\WINDOWS\System32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xB50AC000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xB97C1000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB983A000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB9817000 C:\WINDOWS\System32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xB83F6000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xB8334000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys 139264 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
0xF7400000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF74D8000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xB5210000 C:\WINDOWS\system32\drivers\pctplfw.sys 110592 bytes (PC Tools, PC Tools FW Plugin Driver)
0xF7827000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF74C0000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xF786E000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB9796000 C:\WINDOWS\System32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xB5735000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xB97AD000 C:\WINDOWS\System32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xB5552000 C:\WINDOWS\system32\drivers\PCTAppEvent.sys 81920 bytes (PC Tools, PC Tools App Monitor Driver)
0xB9902000 C:\WINDOWS\System32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0x806EE000 ACPI_HAL 81152 bytes
0x806EE000 C:\WINDOWS\system32\hal.dll 81152 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xB860C000 C:\WINDOWS\System32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF7885000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF74F7000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xB9785000 C:\WINDOWS\System32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xF7420000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF7586000 C:\WINDOWS\System32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xB544A000 C:\WINDOWS\system32\drivers\pctNdis-PacketFilter.sys 65536 bytes (PC Tools, PC Tools NDIS - Packet Filter)
0xB99AF000 C:\WINDOWS\System32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xB99BF000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xB99CF000 C:\WINDOWS\System32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xB5C37000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF7566000 C:\WINDOWS\System32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF75F7000 szkg.sys 57344 bytes (iS3 Inc., szkg Device Driver)
0xF7667000 C:\WINDOWS\System32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xB994F000 C:\WINDOWS\system32\DRIVERS\pctNdis.sys 53248 bytes (PC Tools, PC Tools NDIS Driver)
0xB999F000 C:\WINDOWS\System32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF7480000 C:\WINDOWS\system32\DRIVERS\STREAM.SYS 53248 bytes (Microsoft Corporation, WDM CODEC Class Device Driver 2.0)
0xF7607000 szkgfs.sys 53248 bytes (iS3, Inc., STOPzilla Kernel Guard File System, x86-32 )
0xF7647000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xB997F000 C:\WINDOWS\System32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF74A0000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF7596000 C:\WINDOWS\System32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF7637000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xB998F000 C:\WINDOWS\System32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF7627000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF7576000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xB995F000 C:\WINDOWS\System32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF7657000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF7470000 C:\WINDOWS\System32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xB996F000 C:\WINDOWS\System32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF74B0000 C:\WINDOWS\System32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xB4B25000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xF75A6000 C:\WINDOWS\System32\DRIVERS\processr.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xF7677000 PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xF7536000 C:\WINDOWS\System32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF7807000 C:\WINDOWS\system32\drivers\Afc.sys 32768 bytes (Arcsoft, Inc., Arcsoft(R) ASPI Shell)
0xF77EF000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xF7787000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF779F000 C:\WINDOWS\System32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xF77FF000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF771F000 viaagp1.sys 32768 bytes (VIA Technologies, Inc., VIA NT AGP Filter)
0xF7717000 videX32.sys 32768 bytes (VIA Technologies, Inc., VIA Generic PCI IDE Bus Driver)
0xF7817000 C:\WINDOWS\System32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xF776F000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xF7707000 C:\WINDOWS\System32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF7797000 C:\WINDOWS\System32\Drivers\avgmfx86.sys 24576 bytes (AVG Technologies CZ, s.r.o., AVG Resident Shield Minifilter Driver)
0xF77A7000 C:\WINDOWS\system32\drivers\emAudio.sys 24576 bytes (eMPIA Technology, Inc., USB EMP Audio Device)
0xF774F000 C:\WINDOWS\System32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF7747000 C:\WINDOWS\System32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF778F000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
0xB974D000 C:\WINDOWS\System32\Drivers\SnapTHN.SYS 24576 bytes (Play Incorporated, Snappy Windows-NT Driver)
0xF780F000 C:\WINDOWS\System32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xF7777000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF775F000 C:\WINDOWS\System32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
0xF777F000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF770F000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF7737000 C:\WINDOWS\System32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF773F000 C:\WINDOWS\System32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
0xF781F000 C:\WINDOWS\System32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF77F7000 C:\WINDOWS\system32\DRIVERS\usbohci.sys 20480 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
0xB9775000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xB58B7000 C:\WINDOWS\system32\DRIVERS\asyncmac.sys 16384 bytes (Microsoft Corporation, MS Remote Access serial network driver)
0xB578A000 C:\WINDOWS\system32\drivers\cpuz133_x32.sys 16384 bytes (Windows (R) Win 7 DDK provider, CPUID Driver)
0xBA7FC000 C:\WINDOWS\system32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xBA340000 C:\WINDOWS\system32\drivers\MODEMCSA.sys 16384 bytes (Microsoft Corporation, Unimodem CSA Filter)
0xBA7BC000 C:\WINDOWS\System32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xBA7D0000 C:\WINDOWS\System32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xF7897000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xBA7E0000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xBA7CC000 C:\WINDOWS\System32\DRIVERS\gameenum.sys 12288 bytes (Microsoft Corporation, Game Port Enumerator)
0xF7947000 C:\WINDOWS\System32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xBA7F8000 C:\WINDOWS\System32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xBA7C8000 C:\WINDOWS\System32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xBA32C000 C:\WINDOWS\System32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF7937000 C:\WINDOWS\System32\drivers\ws2ifsl.sys 12288 bytes (Microsoft Corporation, Winsock2 IFS Layer)
0xF79C7000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF79CD000 C:\WINDOWS\system32\DRIVERS\emFilter.sys 8192 bytes (eMPIA Technology, Inc., USB 28xx WDM Lower filter)
0xF79CF000 C:\WINDOWS\system32\DRIVERS\emScan.sys 8192 bytes (eMPIA Technology, Inc., USB 28xx WDM Upper Filter)
0xF79C5000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF7987000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF79C9000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF79EB000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xF79CB000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF79C1000 C:\WINDOWS\System32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF79C3000 C:\WINDOWS\System32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7989000 C:\WINDOWS\System32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7A58000 C:\WINDOWS\System32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xB81B2000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF7A54000 C:\WINDOWS\system32\drivers\msmpu401.sys 4096 bytes (Microsoft Corporation, MPU401 Adapter Driver)
0xF7A85000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7A86000 C:\WINDOWS\System32\Drivers\VIAPFD.SYS 4096 bytes (VIA Technologies. Inc., VIA PFD driver)
==============================================
>Stealth
==============================================
==============================================
>Files
==============================================
!-->[Hidden] C:\32788R22FWJFW\EN-US
!-->[Hidden] C:\32788R22FWJFW\N_
!-->[Hidden] C:\cmdcons
!-->[Hidden] C:\DECCHECK
!-->[Hidden] C:\Documents and Settings\All Users\Start Menu\Programs\7-Zip
!-->[Hidden] C:\Documents and Settings\All Users\Start Menu\Programs\Foxit Reader
!-->[Hidden] C:\Documents and Settings\All Users\Start Menu\Programs\GIMP
!-->[Hidden] C:\Documents and Settings\All Users\Start Menu\Programs\Neat Video for VirtualDub
!-->[Hidden] C:\Documents and Settings\All Users\Start Menu\Programs\Rootkit Unhooker LE
!-->[Hidden] C:\Documents and Settings\Wayne\.gimp-2.6
!-->[Hidden] C:\Documents and Settings\Wayne\.thumb
!-->[Hidden] C:\Documents and Settings\Wayne\Application Data\Foxit Software
!-->[Hidden] C:\Documents and Settings\Wayne\Application Data\Macromedia\Flash Player\#SharedObjects\GK77QL6S\core.videoegg.com
!-->[Hidden] C:\Documents and Settings\Wayne\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#core.videoegg.com
!-->[Hidden] C:\Documents and Settings\Wayne\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-6bfce2df-n
!-->[Hidden] C:\Documents and Settings\Wayne\Application Data\Sun\Java\jre1.6.0_21
!-->[Hidden] C:\Documents and Settings\Wayne\Desktop\Art Stuff\art pics2
!-->[Hidden] C:\Documents and Settings\Wayne\Desktop\Art Stuff\Byron Pickering
!-->[Hidden] C:\Documents and Settings\Wayne\Desktop\Art Stuff\swa468018-Painting-With-Gouache_files\ads_data
!-->[Hidden] C:\Documents and Settings\Wayne\Desktop\Art Stuff\swa468018-Painting-With-Gouache_files\ads_data_002
!-->[Hidden] C:\Documents and Settings\Wayne\Desktop\Desktop Stuff\DVDStyler
!-->[Hidden] C:\Documents and Settings\Wayne\Desktop\Movies pre NeatVid
!-->[Hidden] C:\Documents and Settings\Wayne\Desktop\Recipes\BAKED BEANS
!-->[Hidden] C:\Documents and Settings\Wayne\Desktop\Recipes\Bisquick
!-->[Hidden] C:\Documents and Settings\Wayne\Desktop\Recipes\Pumpkin
!-->[Hidden] C:\Documents and Settings\Wayne\Desktop\RkU3.8.388.590
!-->[Hidden] C:\Documents and Settings\Wayne\Desktop\Shortcuts\GoldWave
!-->[Hidden] C:\Documents and Settings\Wayne\Desktop\Temp Pics
!-->[Hidden] C:\Documents and Settings\Wayne\Desktop\To Do List\Digital Camera2
!-->[Hidden] C:\Documents and Settings\Wayne\Desktop\Video Editing\VirtualDub\fieldalign02
!-->[Hidden] C:\Documents and Settings\Wayne\Desktop\Video Editing\VirtualDub\LogoAway_files
!-->[Hidden] C:\Documents and Settings\Wayne\Desktop\Video Editing\VirtualDub\plugins\vdf
!-->[Hidden] C:\Documents and Settings\Wayne\Desktop\Video Editing\VirtualDub\Xsharpen
!-->[Hidden] C:\Documents and Settings\Wayne\Local Settings\Application Data\Microsoft\Media Player\Art Cache
!-->[Hidden] C:\Documents and Settings\Wayne\Local Settings\Application Data\Opera\Opera\application_cache
!-->[Hidden] C:\Documents and Settings\Wayne\Local Settings\Application Data\PCHealth\ErrorRep\QSignoff
!-->[Hidden] C:\Documents and Settings\Wayne\My Documents\CyberLink\PowerDVD\Snapshot
!-->[Hidden] C:\Documents and Settings\Wayne\My Documents\gegl-0.0
!-->[Hidden] C:\Documents and Settings\Wayne\My Documents\My Music\Unknown Artist
!-->[Hidden] C:\Documents and Settings\Wayne\Start Menu\Programs\Windows Media
!-->[Hidden] C:\Program Files\CyberLink\PowerDVD\AVSettings
!-->[Hidden] C:\Program Files\DVDStyler
!-->[Hidden] C:\Program Files\GIMP-2.0
!-->[Hidden] C:\Program Files\GoldWave\Figures
!-->[Hidden] C:\Program Files\GoldWave\File
!-->[Hidden] C:\Program Files\Google\GoogleToolbarNotifier
!-->[Hidden] C:\Program Files\Grisoft
!-->[Hidden] C:\Program Files\GSpot
!-->[Hidden] C:\Program Files\Hewlett-Packard
!-->[Hidden] C:\Program Files\honestech
!-->[Hidden] C:\Program Files\hott notes 4
!-->[Hidden] C:\Program Files\IGC
!-->[Hidden] C:\Program Files\InstallShield Installation Information
!-->[Hidden] C:\Program Files\Internet Explorer
!-->[Hidden] C:\Program Files\IrfanView
!-->[Hidden] C:\Program Files\Java
!-->[Hidden] C:\Program Files\K-Lite Codec Pack
!-->[Hidden] C:\Program Files\KMaestro
!-->[Hidden] C:\Program Files\Lame
!-->[Hidden] C:\Program Files\Larry's GDS Plugins
!-->[Hidden] C:\Program Files\Lavalys
!-->[Hidden] C:\Program Files\Lavasoft
!-->[Hidden] C:\Program Files\Leawo
!-->[Hidden] C:\Program Files\Logitech
!-->[Hidden] C:\Program Files\Malwarebytes' Anti-Malware
!-->[Hidden] C:\Program Files\MediaMonkey
!-->[Hidden] C:\Program Files\Messenger
!-->[Hidden] C:\Program Files\microsoft frontpage
!-->[Hidden] C:\Program Files\Microsoft IntelliType Pro 6.02
!-->[Hidden] C:\Program Files\Moffsoft FreeCalc
!-->[Hidden] C:\Program Files\Movie Joiner
!-->[Hidden] C:\Program Files\Movie Maker
!-->[Hidden] C:\Program Files\Mozilla Firefox
!-->[Hidden] C:\Program Files\Mozilla Thunderbird
!-->[Hidden] C:\Program Files\mozilla.org
!-->[Hidden] C:\Program Files\MP3Rocket
!-->[Hidden] C:\Program Files\MSBuild
!-->[Hidden] C:\Program Files\MSECACHE
!-->[Hidden] C:\Program Files\msn
!-->[Hidden] C:\Program Files\MSN Gaming Zone
!-->[Hidden] C:\Program Files\MSXML 4.0
!-->[Hidden] C:\Program Files\MSXML 6.0
!-->[Hidden] C:\Program Files\MTS Accelerator
!-->[Hidden] C:\Program Files\NetMeeting
!-->[Hidden] C:\Program Files\OLYMPUS
!-->[Hidden] C:\Program Files\Online Services
!-->[Hidden] C:\Program Files\Opera
!-->[Hidden] C:\Program Files\Outlook Express
!-->[Hidden] C:\Program Files\Paint-By-Grids
!-->[Hidden] C:\Program Files\Paint.NET
!-->[Hidden] C:\Program Files\Pegasus Imaging
!-->[Hidden] C:\Program Files\Pixarra
!-->[Hidden] C:\Program Files\Prismatic Software
!-->[Hidden] C:\Program Files\QuickPar
!-->[Hidden] C:\Program Files\QuickTime
!-->[Hidden] C:\Program Files\Real Alternative
!-->[Hidden] C:\Program Files\Reference Assemblies
!-->[Hidden] C:\Program Files\Runtime Software
!-->[Hidden] C:\Program Files\S3
!-->[Hidden] C:\Program Files\ScanSoft
!-->[Hidden] C:\Program Files\Seagate
!-->[Hidden] C:\Program Files\SiSoftware
!-->[Hidden] C:\Program Files\SMagnify
!-->[Hidden] C:\Program Files\Spybot - Search & Destroy
!-->[Hidden] C:\Program Files\SpywareBlaster
!-->[Hidden] C:\Program Files\Super Video Joiner
!-->[Hidden] C:\Program Files\SUPERAntiSpyware
!-->[Hidden] C:\Program Files\TouchStoneSoftware
!-->[Hidden] C:\Program Files\Trend Micro
!-->[Hidden] C:\Program Files\TuneXP
!-->[Hidden] C:\Program Files\TypingMaster
!-->[Hidden] C:\Program Files\Ulead Systems
!-->[Hidden] C:\Program Files\Ultra QuickTime Converter
!-->[Hidden] C:\Program Files\Uninstall Information
!-->[Hidden] C:\Program Files\Unlocker
!-->[Hidden] C:\Program Files\USB_video_device
!-->[Hidden] C:\Program Files\Visioneer OneTouch
!-->[Hidden] C:\Program Files\Visualizer Photo Resize
!-->[Hidden] C:\Program Files\VS Revo Group
!-->[Hidden] C:\Program Files\Windows Installer Clean Up
!-->[Hidden] C:\Program Files\Windows Media Connect 2
!-->[Hidden] C:\Program Files\Windows Media Player
!-->[Hidden] C:\Program Files\Windows NT
!-->[Hidden] C:\Program Files\Windows Resource Kits
!-->[Hidden] C:\Program Files\WindowsUpdate
!-->[Hidden] C:\Program Files\WinMX
!-->[Hidden] C:\Program Files\WinRAR
!-->[Hidden] C:\Program Files\WinTV
!-->[Hidden] C:\Program Files\xerox
!-->[Hidden] C:\Program Files\XXCLONE
!-->[Hidden] C:\Qoobox
!-->[Hidden] C:\QuickTimeOutput
!-->[Hidden] C:\RECYCLER\S-1-5-21-3025990876-1698683601-3399203189-1006\Dc4
!-->[Hidden] C:\RECYCLER\S-1-5-21-3025990876-1698683601-3399203189-1006\Dc67\EN-US
!-->[Hidden] C:\RECYCLER\S-1-5-21-3025990876-1698683601-3399203189-1006\Dc67\N_
!-->[Hidden] C:\S3Graphics
!-->[Hidden] C:\SCANNER
!-->[Hidden] C:\ScanSoft Documents
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2467
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2468
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2469\snapshot\Repository
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2470
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2471
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2472
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2473
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2474
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2475
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2476
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2477
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2478
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2479
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2480
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2481
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2482
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2483
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2484
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2485
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2486
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2487
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2488
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2489
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2490
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2491
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2492
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2493
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2494
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2495
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2496
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2497
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2498
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2499
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2500
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2501
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2502
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2503
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2504
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2505
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2506
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2507
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2508
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2509
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2510
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2511
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2512
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2513
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2514
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2515
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2516
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2517
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2518
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2519
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2520
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2521
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2522
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2523
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2524
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2525
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2526
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2527
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2528
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2529
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2530
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2531
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2532
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2533
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2534
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2535
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2536
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2537
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2538
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2539
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2540
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2541
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2542
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2543
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2544
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2545
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2546
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2547
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2548
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2549
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2550
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2551
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2552
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2553
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2554
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2555
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2556
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2557
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2558
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2559
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2560
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2561
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2562
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2563
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2564
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2565
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2566
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2567
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2568
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2569\snapshot\Repository
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2570
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2587\snapshot\Repository
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2588
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2589
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2590
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2591\snapshot
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2593\snapshot\Repository
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2595
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2596
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2597
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2598
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2600
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2601
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2602
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2603
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2620\snapshot
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2621\snapshot\Repository
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2622
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2623
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2624
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2625\snapshot\Repository
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2626
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2627
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2628
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2629
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2630
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2631\snapshot\Repository
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2632
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2633
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2634
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2635
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2636
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2637
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2638\snapshot\Repository
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2639
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2640
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2641
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2642
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2643
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2644
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2645
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2646
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2647
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2648
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2651\snapshot\Repository
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2652
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2653
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2654
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2655
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2656
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2657
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2658
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2659
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2660
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2661
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2662
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2663
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2664
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2665
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2666
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2667
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2668
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2669\snapshot
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2670
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2671
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2672
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2673\snapshot
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2674
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2675
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2676
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2677
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2678
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2679
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2680
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2681
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2682
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2683
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2684
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2685
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2686
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2687
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2688
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2689
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2690
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2737
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2738
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2739
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2740
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2741
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2742
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2743
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2744
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2745
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2746\snapshot\Repository
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2754
!-->[Hidden] C:\Temp
!-->[Hidden] C:\videooutput
!-->[Hidden] C:\ViewPro
!-->[Hidden] C:\WINDOWS
!-->[Hidden] C:\WTablet
!-->[Hidden] C:\WUTemp
==============================================
>Hooks
==============================================
ntoskrnl.exe+0x00004AA2, Type: Inline - RelativeJump 0x804DBAA2-->804DBAA9 [ntoskrnl.exe]
ntoskrnl.exe+0x0000B7C8, Type: Inline - PushRet 0x804E27C8-->CBB555D5 [unknown_code_page]
[1680]explorer.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll]
[1680]explorer.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]
[1680]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001268-->00000000 [shimeng.dll]
[1680]explorer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]
[1680]explorer.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll]
[1680]explorer.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x3D931480-->00000000 [shimeng.dll]
[1680]explorer.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71AB109C-->00000000 [shimeng.dll]

!!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)

SuperDave · « **Reply #17 on:** October 07, 2010, 01:10:45 PM »

How's your computer running now?

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the

button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

Click on to download the ESET Smart Installer. Save it to your desktop.
Double click on the icon on your desktop.

•Check

•Click the

button.
•Accept any security warnings from your browser.
•Check

•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push

•Push

, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the

button.
•Push

A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

jwfilion · « **Reply #18 on:** October 07, 2010, 10:03:52 PM »

Hey SuperDave, for what it's worth, the computer seems a bit faster overall, but I'm still being hijacked. In fact, it just happened as I was coming to this site to post the scan report. As follows...

C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2567\A0323516.exe   multiple threats   deleted - quarantined
C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2599\A0327822.exe   multiple threats   deleted - quarantined
C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2718\A0337528.exe   Win32/Adware.ADON application   deleted - quarantined

SuperDave · « **Reply #19 on:** October 08, 2010, 01:18:27 PM »

I would like to run another Rootkit tool. Please try this one.

Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.

Click NO
In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
Now click the Scan button.
Once the scan is complete, you may receive another notice about rootkit activity.
Click OK.
GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
Save it where you can easily find it, such as your desktop.

jwfilion · « **Reply #20 on:** October 09, 2010, 02:30:23 AM »

Thanks SuperDave. Gawd, this one took forever.

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-10-09 01:02:19
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Wayne\LOCALS~1\Temp\afroruob.sys

---- System - GMER 1.0.15 ----

SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools) ZwAllocateVirtualMemory [0xB4EC4752]
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools) ZwAssignProcessToJobObject [0xB4EC4440]
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools) ZwConnectPort [0xB4EC4482]
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools) ZwCreateFile [0xB4EC4530]
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools) ZwCreateProcess [0xB4EC4DD8]
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools) ZwCreateProcessEx [0xB4EC4E64]
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools) ZwCreateThread [0xB4EC4EF4]
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools) ZwDebugActiveProcess [0xB4EC4580]
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools) ZwDuplicateObject [0xB4EC45C2]
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools) ZwLoadDriver [0xB4EC4606]
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools) ZwOpenKey [0xB4EC4648]
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools) ZwOpenSection [0xB4EC468A]
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools) ZwOpenThread [0xB4EC46CC]
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools) ZwProtectVirtualMemory [0xB4EC479A]
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools) ZwRequestWaitReplyPort [0xB4EC470E]
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools) ZwRestoreKey [0xB4EC47DC]
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools) ZwResumeThread [0xB4EC4824]
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools) ZwSecureConnectPort [0xB4EC48B4]
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools) ZwSetValueKey [0xB4EC4866]
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools) ZwSuspendProcess [0xB4EC4958]
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools) ZwSystemDebugControl [0xB4EC499A]
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools) ZwTerminateProcess [0xB4EC49DC]
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools) ZwWriteVirtualMemory [0xB4EC4A2A]

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + 229 804E2895 3 Bytes [46, EC, B4]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs szkgfs.sys (STOPzilla Kernel Guard File System, x86-32 /iS3, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)
AttachedDevice \Driver\Tcpip \Device\Tcp pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)
AttachedDevice \Driver\Tcpip \Device\Udp pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)
AttachedDevice \Driver\Tcpip \Device\RawIp pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)
AttachedDevice \FileSystem\Fastfat \Fat szkgfs.sys (STOPzilla Kernel Guard File System, x86-32 /iS3, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@NoPopUpsOnBoot 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Error Mode 2
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@RequireSignedAppInit_DLLs 1
Reg HKLM\SOFTWARE\Classes\CLSID\{8F7EC739-D5DE-8DF0-851B2E09AF27478A}\{9DB8FF8F-3E0D-CA6E-8233451919EA27FD}\{89229253-B827-099C-CFFB852028D69EA1}
Reg HKLM\SOFTWARE\Classes\CLSID\{8F7EC739-D5DE-8DF0-851B2E09AF27478A}\{9DB8FF8F-3E0D-CA6E-8233451919EA27FD}\{89229253-B827-099C-CFFB852028D69EA1}@WE6X3HNHJXRI2CPMH2OUMP32VF1 0x01 0x00 0x01 0x00 ...

---- EOF - GMER 1.0.15 ----

SuperDave · « **Reply #21 on:** October 09, 2010, 01:03:32 PM »

Ok. How's your computer running?

jwfilion · « **Reply #22 on:** October 09, 2010, 01:35:15 PM »

SuperDave, it seems to be running quicker. The mouse response is faster as well. I have been surfing the net for a few hours now, without being hijacked, and that is unusual. That's not to say it won't happen again, but I'm hopeful. Thank you kindly for all your help so far.

jwfilion · « **Reply #23 on:** October 09, 2010, 02:22:36 PM »

Sorry, I spoke too soon. Just got jacked again. This is a real pain!

SuperDave · « **Reply #24 on:** October 09, 2010, 05:45:44 PM »

Download OTL to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Under the Custom Scan box paste this in

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%systemroot%\*. /mp /s
c:\$recycle.bin\*.* /s
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
nvstor32.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
explorer.exe
svchost.exe
userinit.exe
qmgr.dll
ws2_32.dll
proquota.exe
imm32.dll
kernel32.dll
ndis.sys
autochk.exe
spoolsv.exe
xmlprov.dll
ntmssvc.dll
mswsock.dll
Beep.SYS
ntfs.sys
termsrv.dll
sfcfiles.dll
st3shark.sys
ahcix86.sys
srsvc.dll
nvrd32.sys
/md5stop
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time

jwfilion · « **Reply #25 on:** October 09, 2010, 08:30:28 PM »

Hey SuperDave, I noticed that in the "Firefox" section of the log, it shows the link
"http://www.veerboo.com/results.php?q="
This is the link that takes me to the redirected page!
Here are the logs...

OTL logfile created on: 10/9/2010 8:27:40 PM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\Wayne\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 61.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): C:\pagefile.sys 360 720 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 262.56 Gb Free Space | 88.08% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OWNER-X35LSKRDA
Current User Name: Wayne
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/10/09 20:17:44 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Wayne\Desktop\OTL.exe
PRC - [2010/10/04 13:14:48 | 002,067,808 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/09/24 19:03:18 | 000,621,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/09/24 19:03:05 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/09/20 18:08:28 | 000,177,616 | R--- | M] (iS3, Inc.) -- C:\Program Files\STOPzilla!\STOPzilla.exe
PRC - [2010/09/20 18:08:22 | 000,062,928 | R--- | M] (iS3, Inc.) -- C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
PRC - [2010/07/18 19:47:59 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/07/18 19:47:55 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/07/18 19:46:18 | 000,921,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/07/18 19:46:16 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/01/12 11:41:00 | 003,168,216 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
PRC - [2009/11/09 11:20:14 | 000,818,432 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Firewall Plus\FWService.exe
PRC - [2008/07/18 15:15:30 | 000,976,792 | ---- | M] (Propel Software Corporation) -- C:\Program Files\MTS Accelerator\PropelAC.exe
PRC - [2008/05/02 03:44:08 | 000,805,392 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2008/05/02 03:40:56 | 000,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2008/04/23 18:55:56 | 000,098,488 | ---- | M] (SiSoftware) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/09 16:21:02 | 000,124,280 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
PRC - [2006/07/25 02:01:00 | 000,114,688 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Sonic Shared\CineTray.exe
PRC - [2004/05/05 14:53:08 | 000,237,568 | ---- | M] (BTC) -- C:\Program Files\KMaestro\Kmaestro.exe
PRC - [2002/05/31 10:34:36 | 000,167,936 | ---- | M] () -- C:\WINDOWS\essspk.exe
PRC - [2002/05/20 09:17:08 | 000,086,016 | ---- | M] (Visioneer Inc) -- C:\Program Files\Visioneer OneTouch\OneTouchMon.exe

========== Modules (SafeList) ==========

MOD - [2010/10/09 20:17:44 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Wayne\Desktop\OTL.exe
MOD - [2009/07/12 02:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
MOD - [2008/05/02 03:42:50 | 000,045,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\lgscroll.dll
MOD - [2008/04/14 05:41:56 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\hid.dll
MOD - [2008/04/14 05:40:22 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2004/04/13 16:58:58 | 000,018,476 | ---- | M] (BTC) -- C:\Program Files\KMaestro\HidKeybd.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/09/20 18:08:22 | 000,062,928 | R--- | M] (iS3, Inc.) [Auto | Running] -- C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe -- (szserver)
SRV - [2010/07/18 19:47:55 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/07/18 19:46:18 | 000,921,440 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2009/11/09 11:20:14 | 000,818,432 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools Firewall Plus\FWService.exe -- (PCToolsFirewallPlus)
SRV - [2008/05/02 03:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2008/04/23 18:55:56 | 000,098,488 | ---- | M] (SiSoftware) [Auto | Running] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe -- (SandraAgentSrv)
SRV - [2007/11/06 15:22:26 | 000,092,792 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2007/10/09 16:21:02 | 000,124,280 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe -- (Basics Service)
SRV - [2005/11/14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\usbndis.sys -- (USBNDIS)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\nuvaudio.sys -- (nuvaudio)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\LMouKE.sys -- (LMouKE)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\LHidUsbK.Sys -- (LHidUsbK)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\CoachVc.sys -- (Dual Mode)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\Drivers\DPCUSB.sys -- (DPCUSB)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\CoachUsb.sys -- (CoachUsb)
DRV - [2010/09/27 01:45:14 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/09/27 01:45:14 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/09/27 01:45:13 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/07/18 19:48:01 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/07/18 19:46:17 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/06/03 08:24:56 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/05/12 18:01:06 | 000,059,280 | R--- | M] (iS3, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\szkgfs.sys -- (szkgfs)
DRV - [2010/05/11 12:00:34 | 000,020,072 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpuz133_x32.sys -- (cpuz133)
DRV - [2010/01/13 08:59:28 | 000,115,216 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctplfw.sys -- (pctplfw)
DRV - [2010/01/12 09:34:14 | 000,070,664 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctNdis-PacketFilter.sys -- (PCTFW-PacketFilter)
DRV - [2010/01/07 12:40:26 | 000,233,136 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pctgntdi.sys -- (pctgntdi)
DRV - [2010/01/07 11:35:06 | 000,058,816 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctNdis.sys -- (pctNDIS)
DRV - [2009/12/07 17:59:32 | 000,061,328 | R--- | M] (iS3 Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\szkg.sys -- (szkg5)
DRV - [2009/12/07 17:59:32 | 000,061,328 | R--- | M] (iS3 Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\is3srv.sys -- (is3srv)
DRV - [2009/11/23 13:54:20 | 000,088,040 | ---- | M] (PC Tools) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PCTAppEvent.sys -- (PCTAppEvent)
DRV - [2009/01/14 16:00:28 | 000,009,688 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emFilter.sys -- (FiltUSBEMPIA)
DRV - [2009/01/14 16:00:28 | 000,009,560 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emScan.sys -- (ScanUSBEMPIA)
DRV - [2009/01/14 16:00:26 | 000,175,576 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emDevice.sys -- (DCamUSBEMPIA)
DRV - [2008/04/14 00:23:10 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/04/14 00:16:24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2008/04/14 00:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/03/10 19:30:36 | 000,021,408 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\WNt500x86\sandra.sys -- (SANDRA)
DRV - [2008/02/29 04:13:46 | 000,028,944 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2008/02/29 04:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008/02/29 04:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2007/11/06 15:22:06 | 000,034,064 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2007/09/21 04:10:20 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2007/01/29 20:20:04 | 000,361,728 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emBDA.sys -- (USB28xxBGA)
DRV - [2007/01/29 20:19:48 | 000,039,680 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emOEM.sys -- (USB28xxOEM)
DRV - [2007/01/12 16:55:24 | 000,022,912 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emAudio.sys -- (emAudio)
DRV - [2006/11/10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2006/10/17 20:22:26 | 000,009,216 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\videX32.sys -- (videX32)
DRV - [2006/04/13 14:09:00 | 000,204,160 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vinyl97.sys -- (VIAudio) Vinyl AC'97 Audio Controller (WDM)
DRV - [2005/07/08 16:40:42 | 000,260,144 | ---- | M] (Hauppauge Computer Works) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Nuvision.sys -- (NuVision)
DRV - [2004/03/02 14:02:30 | 000,167,040 | ---- | M] (S3 Graphics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\s3gnbm.sys -- (S3Psddr)
DRV - [2003/03/24 11:32:08 | 000,702,188 | ---- | M] (ESS Technology, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\es56hpi.sys -- (Edspport)
DRV - [2002/12/22 18:25:52 | 000,005,248 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\giveio.sys -- (giveio)
DRV - [2002/07/24 04:30:00 | 000,032,128 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\viaagp1.sys -- (viaagp1)
DRV - [2001/12/18 14:45:04 | 000,003,279 | ---- | M] (VIA Technologies. Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\VIAPFD.SYS -- (VIAPFD)
DRV - [2001/10/18 12:00:00 | 000,006,144 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\DRIVERS\viaidexp.sys -- (ViaIde)
DRV - [2001/08/17 14:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 09:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [1998/02/23 17:56:50 | 000,031,104 | ---- | M] (Play Incorporated) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\SNAPTHN.SYS -- (SnapTHN)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.canoe.ca/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=localhost:8080

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginen ame: "www.google-feed.net"
FF - prefs.js..browser.search.selectedEngine: "Yahoo! Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://en.canoe.ca/home.html"
FF - prefs.js..extensions.enabledItems: {34274bf4-1d97-a289-e984-17e546307e4f}:0.5.3.043
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.0
FF - prefs.js..extensions.enabledItems: {1d5287d1-8a92-0001-1f31-1cec198018d8}:2.0.20080718
FF - prefs.js..extensions.enabledItems: {F8CC37C3-CBEB-4A00-8CBF-26A88693F0C5}:2.2008.5.13
FF - prefs.js..extensions.enabledItems: {62760FD6-B943-48C9-AB09-F99C6FE96088}:1.6.4
FF - prefs.js..extensions.enabledItems: {EF522540-89F5-46b9-B6FE-1829E2B572C6}:3.13
FF - prefs.js..extensions.enabledItems: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.3.1
FF - prefs.js..keyword.URL: "http://www.veerboo.com/results.php?q="

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/09/24 19:05:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/30 23:33:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/30 23:33:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/09/29 14:13:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010/10/05 13:21:09 | 000,000,000 | ---D | M]

[2010/09/22 13:59:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\Mozilla\Extensions
[2010/09/22 13:59:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Wayne\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/10/09 03:31:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\Mozilla\Firefox\Profiles\d1lib2qr.default\extensions
[2008/09/07 19:21:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\Mozilla\Firefox\Profiles\d1lib2qr.default\extensions\[email protected]
[2010/09/15 19:52:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\Mozilla\Firefox\Profiles\d1lib2qr.default\extensions\SearchHelper
[2008/05/27 22:59:05 | 000,001,162 | ---- | M] () -- C:\Documents and Settings\Wayne\Application Data\Mozilla\Firefox\Profiles\d1lib2qr.default\searchplugins\dictionary.xml
[2010/09/15 19:51:59 | 000,000,003 | ---- | M] () -- C:\Documents and Settings\Wayne\Application Data\Mozilla\Firefox\Profiles\d1lib2qr.default\searchplugins\GoogleFeed.xml
[2010/10/09 03:31:20 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/23 00:24:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/21 02:47:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2008/12/20 00:22:20 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2008/12/21 14:43:06 | 000,067,688 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jar50.dll
[2008/12/21 14:43:06 | 000,054,368 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jsd3250.dll
[2008/12/21 14:43:06 | 000,034,944 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\myspell.dll
[2008/12/21 14:43:06 | 000,046,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\spellchk.dll
[2008/12/21 14:43:07 | 000,172,136 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\xpinstal.dll
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/10/05 13:18:11 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

O1 HOSTS File: ([2010/10/04 00:00:36 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Accelerator Plugin) - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\Program Files\MTS Accelerator\prpl_IePopupBlocker.dll (Propel Software Corporation)
O2 - BHO: (STOPzilla Browser Helper Object) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll (iS3, Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O4 - HKLM..\Run: [00PCTFW] C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe (PC Tools)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [basicsmssmenu] C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe (Maxtor Corporation)
O4 - HKLM..\Run: [BtcMaestro] C:\Program Files\KMaestro\Kmaestro.exe (BTC)
O4 - HKLM..\Run: [CXMon] C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [EssSpkPhone] C:\WINDOWS\essspk.exe ()
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [OneTouch Monitor] C:\Program Files\Visioneer OneTouch\OneTouchMon.exe (Visioneer Inc)
O4 - HKLM..\Run: [VTPreset] C:\WINDOWS\System32\VTPreset.exe (S3 Graphics, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Sonic CinePlayer Quick Launch.lnk = C:\Program Files\Common Files\Sonic Shared\CineTray.exe (Sonic Solutions)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictRun = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictRun = 0
O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\MTS Accelerator\pac-page.html ()
O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\MTS Accelerator\pac-image.html ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {33363249-0000-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/i263_32.cab (Reg Error: Key error.)
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} http://a1540.g.akamai.net/7/1540/52/20021205/qtinstall.info.apple.com/borris/us/win/QuickTimeInstaller.exe (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37623.4285648148 (Reg Error: Key error.)
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://www.crucial.com/controls/cpcScanner.cab (Crucial cpcScan)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Preponvue2.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Preponvue2.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/10/08 09:25:20 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Cloudmark SpamNet for OE.lnk - Reg Error: Value error. - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^dpcstart.lnk - Reg Error: Value error. - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^Wayne^Start Menu^Programs^Startup^ClickTray Calendar.lnk - Reg Error: Value error. - File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

SafeBootMin: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: WdfLoadGroup -
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: hitmanpro35 - Reg Error: Value error.
SafeBootNet: hitmanpro35.sys - Reg Error: Value error.
SafeBootNet: HitmanPro35Crusader - Reg Error: Value error.
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PEVSystemStart - Service
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: procexp90.Sys - Driver
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: WdfLoadGroup -
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {032A6019-9DAA-40f9-A3B3-34ABB0AA0947} - Q813951
ActiveX: {057997dd-71e4-43cc-b161-3f8180691a9e} - Q824145
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {2298d453-bcae-4519-bf33-1cbf3faf1524} - Q867801
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.2
ActiveX: {2757B1D6-0367-4663-877C-93ECC5C01BF6} - Q324929
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.2
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2cc9d512-6db6-4f1c-8979-9a41fae88de0} - Q837009
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {377483c2-e4b4-4ee8-b577-9aed264c8735} - Q822925
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5f3c70b3-ac2f-432c-8f9c-1624df61f54f} - Microsoft Data Access Components KB870669
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {795d0712-722c-43ec-906a-fc5e678eada9} - Q831167
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {96543d59-497a-4801-a1f3-5936aacaf7b1} - Q828750
ActiveX: {abcdf74f-9a64-4e6e-b8eb-6e5a41de6550} -
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C34F4917-ED43-439f-9023-97B0024A2B3B} - Q810847
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player 9 ActiveX
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {eddbec60-89cb-44ef-8291-0850fd28ff6a} - Q832894
ActiveX: {f5173cf0-1dfb-4978-8e50-a90169ee7ca9} - Q823353
ActiveX: {F5776D81-AE53-4935-8E84-B0B283D8BCEF} - Q330994
ActiveX: {f5de1b93-9d38-416b-b09e-aa85a8e84309} - Q818529
ActiveX: {F9C174E3-3E87-40bc-AA94-B8974F2B9222} - Q813489
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.dvacm - C:\Program Files\Common Files\Ulead Systems\Vio\DVACM.acm ()
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVIDEO - C:\WINDOWS\System32\SnapVNT.drv (Play Incorporated)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.ffds - C:\Program Files\Combined Community Codec Pack\Filters\FFDShow\ff_vfw.dll ()
Drivers32: VIDC.HFYU - C:\WINDOWS\System32\HUFFYUV.DLL (Disappearing Inc.)
Drivers32: VIDC.I263 - C:\WINDOWS\System32\i263_32.drv (Intel Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.LAGS - C:\WINDOWS\System32\lagarith.dll ( )
Drivers32: VIDC.MJPG - C:\Program Files\Common Files\Pegasus Imaging\pvmjpg40.dll (Accusoft Pegasus)
Drivers32: VIDC.MP42 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: VIDC.MPG4 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: VIDC.NTN1 - C:\WINDOWS\System32\nuvision.ax (Zoran Ltd.)
Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvid.dll ()
Drivers32: VIDC.YV12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)
Drivers32: wave1 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

========== Files/Folders - Created Within 90 Days ==========

[2010/10/09 20:15:07 | 000,576,512 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Wayne\Desktop\OTL.exe
[2010/10/09 15:07:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne\Desktop\remove-tdss-tdl3-alureon-rootkit-using-tdsskiller_files
[2010/10/06 19:41:15 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2010/10/06 00:33:51 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/10/06 00:02:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/10/05 23:03:20 | 000,000,000 | ---D | C] -- C:\ViewPro
[2010/10/05 13:22:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne\Application Data\Foxit Software
[2010/10/03 23:37:50 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/10/03 23:13:33 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/10/03 23:13:33 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/10/03 22:48:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne\My Documents\New Folder
[2010/09/30 20:34:29 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Wayne\Recent
[2010/09/29 14:13:05 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2010/09/26 15:50:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne\Application Data\PCToolsFirewallPlus
[2010/09/26 15:46:02 | 000,207,792 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2010/09/26 15:46:02 | 000,088,040 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2010/09/26 15:45:54 | 000,233,136 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2010/09/26 15:44:31 | 000,070,664 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctNdis-PacketFilter.sys
[2010/09/26 15:44:31 | 000,058,816 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctNdis.sys
[2010/09/26 15:44:31 | 000,032,680 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctNdis-DNS.sys
[2010/09/26 15:44:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/09/26 15:44:28 | 000,115,216 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplfw.sys
[2010/09/26 15:44:25 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Firewall Plus
[2010/09/26 04:53:45 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/09/25 10:42:24 | 000,000,000 | ---D | C] -- C:\Program Files\STOPzilla!
[2010/09/25 10:42:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2010/09/25 10:42:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
[2010/09/25 00:00:27 | 000,000,000 | ---D | C] -- C:\671feffc3b70b88a397bd6f620fbac40
[2010/09/24 11:25:08 | 000,000,000 | ---D | C] -- C:\Program Files\UnHackMe
[2010/09/24 10:54:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne\My Documents\RegRun2
[2010/09/23 20:33:42 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2010/09/23 20:23:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/09/23 20:23:20 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2010/09/21 01:28:15 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/09/20 18:08:16 | 000,546,256 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\SZComp5.dll
[2010/09/20 18:08:16 | 000,132,560 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3HTUI5.dll
[2010/09/20 18:08:16 | 000,022,992 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\SZIO5.dll
[2010/09/20 18:08:14 | 000,452,048 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\SZBase5.dll
[2010/09/20 18:08:14 | 000,398,800 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3DBA5.dll
[2010/09/20 18:08:14 | 000,099,792 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Svc5.dll
[2010/09/20 18:08:14 | 000,067,024 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Hks5.dll
[2010/09/20 18:08:14 | 000,028,624 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3XDat5.dll
[2010/09/20 18:08:12 | 000,738,768 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Base5.dll
[2010/09/20 18:08:12 | 000,390,608 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3UI5.dll
[2010/09/20 18:08:12 | 000,230,864 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Win325.dll
[2010/09/20 18:08:12 | 000,099,792 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Inet5.dll
[2010/09/15 19:51:20 | 000,000,000 | ---D | C] -- C:\Program Files\WinPcap
[2010/08/19 17:55:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne\.gimp-2.6
[2010/08/19 17:55:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne\My Documents\gegl-0.0
[2010/08/19 17:54:23 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP-2.0
[2010/07/31 10:54:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2010/07/31 10:29:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne\Application Data\Leadertech
[2010/07/31 09:40:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Sonic Shared
[2010/07/31 09:40:13 | 000,000,000 | ---D | C] -- C:\Program Files\Sonic
[2010/07/30 16:35:08 | 000,036,864 | ---- | C] (Robdogg Inc.) -- C:\WINDOWS\System32\trayicon_handler.ocx
[2010/07/30 16:35:08 | 000,028,672 | ---- | C] (-) -- C:\WINDOWS\System32\mousewheel.ocx
[2010/07/30 12:32:35 | 000,000,000 | ---D | C] -- C:\Program Files\XviD
[2010/07/30 12:32:35 | 000,000,000 | ---D | C] -- C:\Program Files\AC3Filter
[2010/07/30 12:32:29 | 000,000,000 | ---D | C] -- C:\Program Files\Combined Community Codec Pack
[2010/07/30 12:32:28 | 000,000,000 | ---D | C] -- C:\Program Files\ffdshow
[2010/07/29 22:40:21 | 000,000,000 | ---D | C] -- C:\Program Files\FinalBurner
[2010/07/29 22:34:02 | 000,839,680 | ---- | C] (http://www.mp3dev.org/) -- C:\WINDOWS\System32\lameACM.acm
[2010/07/29 21:02:54 | 000,000,000 | ---D | C] -- C:\videodvdmaker
[2010/07/29 20:30:33 | 000,000,000 | ---D | C] -- C:\Program Files\Video DVD Maker
[2010/07/29 10:43:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne\Application Data\DVD Flick
[2010/07/29 10:42:54 | 000,000,000 | ---D | C] -- C:\Program Files\DVD Flick
[2010/07/28 23:12:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne\My Documents\GFDOutDir
[2010/07/27 20:04:29 | 000,000,000 | ---D | C] -- C:\Program Files\MPC HomeCinema
[2010/07/26 21:32:05 | 000,000,000 | ---D | C] -- C:\Temp
[2010/07/26 21:32:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne\.thumb
[2010/07/26 21:31:55 | 000,000,000 | ---D | C] -- C:\Program Files\DVDStyler
[2010/07/18 19:47:58 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/07/13 01:06:50 | 000,000,000 | ---D | C] -- C:\DECCHECK
[2010/07/12 13:33:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/07/12 11:47:58 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2010/07/12 11:18:49 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Resource Kits
[2010/07/12 01:34:28 | 000,000,000 | ---D | C] -- C:\Program Files\Messenger
[2010/07/12 01:34:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2010/07/12 01:33:54 | 000,000,000 | ---D | C] -- C:\Program Files\msn
[2010/07/12 01:33:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2010/07/12 01:33:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2010/07/12 01:27:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2010/07/12 01:23:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2010/05/26 00:21:38 | 000,121,344 | ---- | C] ( ) -- C:\WINDOWS\System32\lagarith.dll
[2001/07/06 16:59:54 | 000,372,736 | ---- | C] (Ed Halley - http://www.halley.cc/stuff/) -- C:\Program Files\Dragnifier.exe
[943 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[24 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]
[15 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[126 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/10/09 20:17:44 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Wayne\Desktop\OTL.exe
[2010/10/09 15:35:18 | 000,000,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2010/10/09 15:34:41 | 000,000,339 | ---- | M] () -- C:\WINDOWS\vuepro32.ini
[2010/10/09 15:07:29 | 000,035,368 | ---- | M] () -- C:\Documents and Settings\Wayne\Desktop\remove-tdss-tdl3-alureon-rootkit-using-tdsskiller.htm
[2010/10/09 12:17:51 | 065,803,277 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/10/09 11:18:33 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/09 11:17:26 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/10/09 11:17:18 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/09 11:16:04 | 017,825,792 | ---- | M] () -- C:\Documents and Settings\Wayne\ntuser.dat
[2010/10/09 11:15:41 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Wayne\ntuser.ini
[2010/10/08 14:27:04 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Wayne\Desktop\gmer.zip
[2010/10/08 14:12:56 | 000,081,069 | ---- | M] () -- C:\Documents and Settings\Wayne\Desktop\aptera-electric-car.jpg
[2010/10/08 12:36:21 | 000,736,854 | ---- | M] () -- C:\WINDOWS\Preponvue2.bmp
[2010/10/08 00:49:40 | 000,736,854 | ---- | M] () -- C:\WINDOWS\Preponvue.bmp
[2010/10/07 18:05:51 | 000,736,854 | ---- | M] () -- C:\WINDOWS\EmmaB.bmp
[2010/10/07 14:39:21 | 000,736,854 | ---- | M] () -- C:\WINDOWS\Alicia2.bmp
[2010/10/07 00:23:32 | 000,736,854 | ---- | M] () -- C:\WINDOWS\Abbyvue2.bmp
[2010/10/06 19:37:43 | 000,629,057 | ---- | M] () -- C:\Documents and Settings\Wayne\Desktop\RkU3.8.388.590.rar
[2010/10/06 13:06:11 | 000,736,854 | ---- | M] () -- C:\WINDOWS\Abbyvue.bmp
[2010/10/05 23:56:46 | 000,002,297 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/10/05 17:46:40 | 000,736,854 | ---- | M] () -- C:\WINDOWS\Nikkivue2.bmp
[2010/10/05 15:25:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/10/05 14:22:00 | 000,736,854 | ---- | M] () -- C:\WINDOWS\Nikkivue.bmp
[2010/10/05 13:21:29 | 000,000,901 | ---- | M] () -- C:\Documents and Settings\Wayne\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
[2010/10/04 00:00:36 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/10/03 23:37:58 | 000,000,337 | RHS- | M] () -- C:\boot.ini
[2010/10/01 23:35:41 | 000,960,054 | ---- | M] () -- C:\WINDOWS\Bugatti.bmp
[2010/10/01 14:35:35 | 000,000,657 | ---- | M] () -- C:\Documents and Settings\Wayne\Desktop\Shortcut to PropelAC.exe.lnk
[2010/09/30 17:48:29 | 000,979,254 | ---- | M] () -- C:\WINDOWS\ssc-ultimate-aero.bmp
[2010/09/30 11:42:57 | 001,274,454 | ---- | M] () -- C:\WINDOWS\Roadster2.bmp
[2010/09/30 10:31:47 | 001,200,054 | ---- | M] () -- C:\WINDOWS\Saleen_S7.bmp
[2010/09/30 08:43:24 | 001,440,054 | ---- | M] () -- C:\WINDOWS\car0.bmp
[2010/09/29 14:13:10 | 000,001,686 | ---- | M] () -- C:\Documents and Settings\Wayne\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2010/09/25 14:34:23 | 003,181,242 | -H-- | M] () -- C:\Documents and Settings\Wayne\Local Settings\Application Data\IconCache.db
[2010/09/24 18:39:07 | 000,016,968 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/09/24 11:26:37 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/09/24 11:26:37 | 000,001,688 | ---- | M] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2010/09/24 11:26:37 | 000,000,002 | RHS- | M] () -- C:\WINDOWS\winstart.bat
[2010/09/23 20:33:42 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2010/09/23 17:00:03 | 001,440,998 | ---- | M] () -- C:\WINDOWS\car00.bmp
[2010/09/20 18:08:16 | 000,546,256 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\SZComp5.dll
[2010/09/20 18:08:16 | 000,132,560 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3HTUI5.dll
[2010/09/20 18:08:16 | 000,022,992 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\SZIO5.dll
[2010/09/20 18:08:14 | 000,452,048 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\SZBase5.dll
[2010/09/20 18:08:14 | 000,398,800 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3DBA5.dll
[2010/09/20 18:08:14 | 000,099,792 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Svc5.dll
[2010/09/20 18:08:14 | 000,067,024 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Hks5.dll
[2010/09/20 18:08:14 | 000,028,624 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3XDat5.dll
[2010/09/20 18:08:12 | 000,738,768 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Base5.dll
[2010/09/20 18:08:12 | 000,390,608 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3UI5.dll
[2010/09/20 18:08:12 | 000,230,864 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Win325.dll
[2010/09/20 18:08:12 | 000,099,792 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Inet5.dll
[2010/09/20 17:17:05 | 001,296,998 | ---- | M] () -- C:\WINDOWS\car10.bmp
[2010/09/20 14:56:40 | 001,440,998 | ---- | M] () -- C:\WINDOWS\Pagani-Zonda-Roadster.bmp
[2010/09/19 14:45:35 | 000,016,826 | -H-- | M] () -- C:\WINDOWS\vuepro32.GID
[2010/09/18 15:12:24 | 001,121,798 | ---- | M] () -- C:\WINDOWS\Bugatti Veyron2.bmp
[2010/09/18 14:45:20 | 000,896,198 | ---- | M] () -- C:\WINDOWS\Bugatti Veyron.bmp
[2010/09/18 02:11:51 | 001,356,054 | ---- | M] () -- C:\WINDOWS\McLaren2.bmp
[2010/09/18 01:39:44 | 001,083,398 | ---- | M] () -- C:\WINDOWS\McLaren3.bmp
[2010/09/12 15:54:42 | 001,440,054 | ---- | M] () -- C:\WINDOWS\carmen2.bmp
[2010/09/12 15:54:13 | 001,440,054 | ---- | M] () -- C:\WINDOWS\carmen.bmp
[2010/09/12 02:52:36 | 001,275,398 | ---- | M] () -- C:\WINDOWS\car5.bmp
[2010/09/10 15:02:58 | 001,016,198 | ---- | M] () -- C:\WINDOWS\car4.bmp
[2010/09/10 14:47:53 | 001,275,398 | ---- | M] () -- C:\WINDOWS\car3.bmp
[2010/09/09 13:14:33 | 000,004,681 | ---- | M] () -- C:\Documents and Settings\Wayne\.recently-used.xbel
[2010/09/07 14:21:59 | 000,063,109 | ---- | M] () -- C:\Documents and Settings\Wayne\Desktop\Puppy2.jpg
[2010/09/01 20:40:00 | 000,878,454 | ---- | M] () -- C:\WINDOWS\car.bmp
[2010/08/31 13:32:29 | 001,440,054 | ---- | M] () -- C:\WINDOWS\1982_lamborghini.bmp
[2010/08/31 13:18:53 | 000,050,502 | ---- | M] () -- C:\Documents and Settings\Wayne\Desktop\slutclass3.jpg
[2010/08/28 21:40:00 | 000,000,300 | ---- | M] () -- C:\WINDOWS\vuesav32.ini
[2010/08/19 17:54:52 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\GIMP 2.lnk
[2010/08/18 18:12:33 | 001,413,654 | ---- | M] () -- C:\WINDOWS\Murcielago.bmp
[2010/08/16 18:01:06 | 000,444,932 | ---- | M] () -- C:\Documents and Settings\Wayne\Desktop\Puppy.jpg
[2010/08/14 00:04:33 | 000,658,640 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/12 15:45:04 | 000,001,248 | ---- | M] () -- C:\WINDOWS\goldwave.ini
[2010/08/04 21:33:52 | 000,000,610 | ---- | M] () -- C:\Documents and Settings\Wayne\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2010/08/04 21:33:52 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2010/07/31 15:25:12 | 000,001,140 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/07/31 09:43:56 | 000,004,673 | ---- | M] () -- C:\WINDOWS\WININIT.INI
[2010/07/31 09:40:15 | 000,000,773 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Sonic CinePlayer Quick Launch.lnk
[2010/07/27 20:04:31 | 000,000,648 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Media Player Classic - Home Cinema.lnk
[2010/07/25 02:10:09 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/24 18:52:58 | 000,254,632 | ---- | M] () -- C:\Documents and Settings\Wayne\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/07/24 09:58:52 | 000,000,014 | ---- | M] () -- C:\Documents and Settings\Wayne\My Documents\PDVD_MediaDisc.PlayList
[2010/07/22 23:00:44 | 000,173,056 | ---- | M] () -- C:\Documents and Settings\Wayne\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/18 19:48:01 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/07/18 19:47:58 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/07/18 19:46:17 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/07/12 13:46:00 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/07/12 13:45:27 | 000,000,800 | ---- | M] () -- C:\Documents and Settings\Wayne\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/07/12 13:43:59 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/07/12 13:43:59 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/07/12 13:38:01 | 000,465,086 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/07/12 13:38:01 | 000,402,610 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/07/12 13:38:01 | 000,055,312 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/07/12 11:54:49 | 000,250,048 | RHS- | M] () -- C:\ntldr
[943 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[15 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[126 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/09 15:07:27 | 000,035,368 | ---- | C] () -- C:\Documents and Settings\Wayne\Desktop\remove-tdss-tdl3-alureon-rootkit-using-tdsskiller.htm
[2010/10/09 11:18:57 | 000,000,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2010/10/09 02:27:47 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Wayne\Desktop\gmer.exe
[2010/10/08 14:26:11 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Wayne\Desktop\gmer.zip
[2010/10/08 14:12:56 | 000,081,069 | ---- | C] () -- C:\Documents and Settings\Wayne\Desktop\aptera-electric-car.jpg
[2010/10/08 01:02:05 | 000,736,854 | ---- | C] () -- C:\WINDOWS\Preponvue2.bmp
[2010/10/07 14:50:51 | 000,736,854 | ---- | C] () -- C:\WINDOWS\EmmaB.bmp
[2010/10/07 14:18:08 | 000,736,854 | ---- | C] () -- C:\WINDOWS\Alicia2.bmp
[2010/10/07 00:23:32 | 000,736,854 | ---- | C] () -- C:\WINDOWS\Abbyvue2.bmp
[2010/10/06 19:36:33 | 000,629,057 | ---- | C] () -- C:\Documents and Settings\Wayne\Desktop\RkU3.8.388.590.rar
[2010/10/05 22:03:47 | 000,736,854 | ---- | C] () -- C:\WINDOWS\Abbyvue.bmp
[2010/10/05 18:59:39 | 000,736,854 | ---- | C] () -- C:\WINDOWS\Preponvue.bmp
[2010/10/04 19:47:56 | 000,736,854 | ---- | C] () -- C:\WINDOWS\Nikkivue2.bmp
[2010/10/03 23:37:52 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/10/03 23:13:33 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/10/03 23:13:33 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/10/03 23:13:33 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/10/03 03:02:05 | 000,736,854 | ---- | C] () -- C:\WINDOWS\Nikkivue.bmp
[2010/10/01 14:35:35 | 000,000,657 | ---- | C] () -- C:\Documents and Settings\Wayne\Desktop\Shortcut to PropelAC.exe.lnk
[2010/09/28 18:29:34 | 001,274,454 | ---- | C] () -- C:\WINDOWS\Roadster2.bmp
[2010/09/26 15:46:02 | 000,007,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCTAppEvent.cat
[2010/09/26 15:46:02 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat
[2010/09/26 15:45:54 | 000,007,387 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctgntdi.cat
[2010/09/26 15:44:31 | 000,007,435 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctNdis-PacketFilter.cat
[2010/09/26 15:44:31 | 000,007,399 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctNdis-DNS.cat
[2010/09/26 15:44:28 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctplfw.cat
[2010/09/24 10:57:40 | 000,000,002 | RHS- | C] () -- C:\WINDOWS\winstart.bat
[2010/09/23 20:26:06 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/09/23 17:00:03 | 001,440,998 | ---- | C] () -- C:\WINDOWS\car00.bmp
[2010/09/22 12:54:42 | 001,440,054 | ---- | C] () -- C:\WINDOWS\car0.bmp
[2010/09/20 17:17:05 | 001,296,998 | ---- | C] () -- C:\WINDOWS\car10.bmp
[2010/09/20 14:56:40 | 001,440,998 | ---- | C] () -- C:\WINDOWS\Pagani-Zonda-Roadster.bmp
[2010/09/18 15:12:25 | 001,121,798 | ---- | C] () -- C:\WINDOWS\Bugatti Veyron2.bmp
[2010/09/18 14:45:20 | 000,896,198 | ---- | C] () -- C:\WINDOWS\Bugatti Veyron.bmp
[2010/09/18 01:39:44 | 001,083,398 | ---- | C] () -- C:\WINDOWS\McLaren3.bmp
[2010/09/18 01:06:40 | 001,356,054 | ---- | C] () -- C:\WINDOWS\McLaren2.bmp
[2010/09/12 15:54:42 | 001,440,054 | ---- | C] () -- C:\WINDOWS\carmen2.bmp
[2010/09/12 02:52:36 | 001,275,398 | ---- | C] () -- C:\WINDOWS\car5.bmp
[2010/09/10 15:02:58 | 001,016,198 | ---- | C] () -- C:\WINDOWS\car4.bmp
[2010/09/10 14:47:53 | 001,275,398 | ---- | C] () -- C:\WINDOWS\car3.bmp
[2010/09/09 13:14:33 | 000,004,681 | ---- | C] () -- C:\Documents and Settings\Wayne\.recently-used.xbel
[2010/09/07 14:21:59 | 000,063,109 | ---- | C] () -- C:\Documents and Settings\Wayne\Desktop\Puppy2.jpg
[2010/08/31 01:47:35 | 001,440,054 | ---- | C] () -- C:\WINDOWS\1982_lamborghini.bmp
[2010/08/19 17:54:52 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\GIMP 2.lnk
[2010/08/18 18:25:45 | 002,311,601 | ---- | C] () -- C:\Documents and Settings\Wayne\Desktop\ENGLISH.pdf
[2010/08/11 17:37:06 | 000,960,054 | ---- | C] () -- C:\WINDOWS\Bugatti.bmp
[2010/07/31 09:40:15 | 000,000,773 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Sonic CinePlayer Quick Launch.lnk
[2010/07/29 08:00:47 | 017,825,792 | ---- | C] () -- C:\Documents and Settings\Wayne\ntuser.dat
[2010/07/27 20:04:31 | 000,000,648 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Media Player Classic - Home Cinema.lnk
[2010/07/24 11:30:49 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\ac3filter.cpl
[2010/07/12 13:46:00 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/07/12 13:45:27 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\Wayne\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/05/26 00:36:35 | 000,000,085 | ---- | C] () -- C:\WINDOWS\lagarith.ini
[2010/05/10 22:47:00 | 000,000,090 | ---- | C] () -- C:\WINDOWS\huffyuv.ini
[2010/04/21 22:46:50 | 000,000,568 | ---- | C] () -- C:\WINDOWS\HCWPNP.INI
[2010/01/17 03:44:57 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/01/17 03:44:57 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010/01/17 03:44:54 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/01/17 03:44:54 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/01/17 03:44:51 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/01/17 03:44:51 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/12/15 00:38:54 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2009/08/01 20:55:29 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2009/08/01 20:55:29 | 000,038,912 | ---- | C] () -- C:\WINDOWS\System32\KPSYS32.DLL
[2008/05/30 13:31:47 | 007,151,616 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\sandra.mda
[2007/11/06 15:19:28 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2007/02/11 16:39:25 | 000,004,535 | ---- | C

jwfilion · « **Reply #26 on:** October 09, 2010, 08:43:17 PM »

[2007/02/11 16:39:25 | 000,004,535 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/02/07 00:58:00 | 000,000,846 | ---- | C] () -- C:\WINDOWS\xxclone.ini
[2005/05/20 13:25:42 | 000,000,339 | ---- | C] () -- C:\WINDOWS\vuepro32.ini
[2005/05/16 19:40:23 | 000,000,433 | ---- | C] () -- C:\WINDOWS\System32\imgdatwin.dll
[2005/05/16 19:40:22 | 000,000,052 | ---- | C] () -- C:\WINDOWS\System32\imgstpath.dll
[2005/05/16 19:39:28 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\LtDlgRes14n.dll
[2005/05/08 19:17:22 | 000,024,575 | ---- | C] () -- C:\WINDOWS\System32\Winapppiobas50.dll
[2005/05/08 19:16:02 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\lfkodak.dll
[2005/05/08 19:16:01 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[2004/09/30 18:23:07 | 000,000,052 | ---- | C] () -- C:\WINDOWS\Pex.INI
[2004/09/30 18:15:44 | 000,000,440 | ---- | C] () -- C:\WINDOWS\Ulead32.ini
[2004/09/17 17:37:42 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2004/09/06 19:04:09 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2004/09/01 10:49:17 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2004/08/27 01:00:32 | 000,000,086 | ---- | C] () -- C:\WINDOWS\POSTER.INI
[2004/08/19 16:33:08 | 000,000,155 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2004/07/13 12:12:22 | 000,000,583 | ---- | C] () -- C:\WINDOWS\videoimp.ini
[2004/04/06 14:28:53 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Wayne\Application Data\sversion.ini
[2004/04/01 12:40:14 | 000,000,263 | ---- | C] () -- C:\WINDOWS\phedit.ini
[2004/03/24 15:52:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\jppc.INI
[2004/03/19 15:36:51 | 002,270,720 | ---- | C] () -- C:\WINDOWS\Mgxrdr32.dll
[2004/03/19 15:36:51 | 000,046,080 | ---- | C] () -- C:\WINDOWS\LFTIF60N.DLL
[2004/03/19 15:36:51 | 000,043,008 | ---- | C] () -- C:\WINDOWS\LTFIL60N.DLL
[2004/03/19 15:36:51 | 000,019,968 | ---- | C] () -- C:\WINDOWS\LFTGA60N.DLL
[2004/03/19 15:36:50 | 000,141,824 | ---- | C] () -- C:\WINDOWS\LFCMP60N.DLL
[2004/03/19 15:36:50 | 000,110,080 | ---- | C] () -- C:\WINDOWS\LFPNG60N.DLL
[2004/03/19 15:36:50 | 000,023,552 | ---- | C] () -- C:\WINDOWS\LFPCX60N.DLL
[2004/03/19 15:36:50 | 000,022,016 | ---- | C] () -- C:\WINDOWS\LFGIF60N.DLL
[2004/03/19 15:36:50 | 000,020,480 | ---- | C] () -- C:\WINDOWS\LFPSD60N.DLL
[2004/03/19 15:36:50 | 000,018,432 | ---- | C] () -- C:\WINDOWS\LFRAS60N.DLL
[2004/03/19 15:36:18 | 000,399,350 | ---- | C] () -- C:\WINDOWS\ACCUGLD5.DLL
[2004/03/19 15:36:18 | 000,026,233 | ---- | C] () -- C:\WINDOWS\ACCUIFGL.DLL
[2004/02/09 04:25:28 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/11/08 18:43:56 | 000,000,005 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DirectCDUserNameD.txt
[2003/07/12 14:19:54 | 000,000,107 | ---- | C] () -- C:\WINDOWS\WEBLINK.INI
[2003/05/14 21:48:41 | 000,000,300 | ---- | C] () -- C:\WINDOWS\vuesav32.ini
[2003/05/14 11:03:50 | 000,004,673 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2003/02/08 21:41:09 | 000,000,036 | ---- | C] () -- C:\WINDOWS\cosdtp.ini
[2003/01/07 00:06:48 | 000,000,026 | ---- | C] () -- C:\WINDOWS\Magic40.INI
[2003/01/01 22:39:36 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2002/12/23 17:11:27 | 000,001,056 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2002/12/23 17:11:26 | 000,000,090 | ---- | C] () -- C:\WINDOWS\calera.ini
[2002/12/22 20:46:27 | 000,006,592 | ---- | C] () -- C:\WINDOWS\gwpreset.ini
[2002/12/22 20:46:27 | 000,001,248 | ---- | C] () -- C:\WINDOWS\goldwave.ini
[2002/12/22 18:25:52 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
[2002/12/21 20:37:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MTSTACK.INI
[2002/12/21 15:19:17 | 000,007,411 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2002/12/19 15:56:11 | 000,009,206 | ---- | C] () -- C:\WINDOWS\NTTuner.ini
[2002/12/19 15:04:25 | 000,269,312 | ---- | C] () -- C:\WINDOWS\System32\FPXIG.DLL
[2002/12/19 15:04:25 | 000,068,096 | ---- | C] () -- C:\WINDOWS\System32\IGFPX32P.DLL
[2002/12/19 15:04:25 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\JPEGACC.DLL
[2002/12/19 15:04:02 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\WELSOF32.DLL
[2002/12/19 00:52:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MusicEditor.INI
[2002/12/19 00:52:36 | 000,001,871 | ---- | C] () -- C:\WINDOWS\mp3maker.INI
[2002/12/19 00:50:45 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2002/12/18 15:13:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\dpcnav.INI
[2002/12/18 15:05:00 | 000,026,112 | ---- | C] () -- C:\WINDOWS\System32\inavevnt.dll
[2002/12/17 19:49:46 | 000,000,896 | ---- | C] () -- C:\WINDOWS\ACROREAD.INI
[2002/12/17 19:49:46 | 000,000,027 | ---- | C] () -- C:\WINDOWS\ACROGRAF.INI
[2002/12/17 00:20:57 | 000,001,952 | ---- | C] () -- C:\WINDOWS\SCANFX.INI
[2002/12/15 20:17:09 | 000,173,056 | ---- | C] () -- C:\Documents and Settings\Wayne\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2002/10/30 15:49:12 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2002/10/08 11:02:24 | 000,001,112 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2002/09/10 10:10:05 | 000,495,616 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2001/07/06 23:47:50 | 000,003,149 | ---- | C] () -- C:\Program Files\ReadMe.txt
[1999/10/06 17:48:28 | 000,016,476 | ---- | C] () -- C:\WINDOWS\System32\Snapv16.drv

========== LOP Check ==========

[2009/11/18 12:51:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2008/08/08 16:59:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eBay
[2010/09/23 20:33:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2009/01/08 23:44:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MediaMonkey
[2009/07/20 23:42:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2008/05/31 14:07:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2009/07/03 20:16:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2010/10/09 20:26:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2010/10/09 11:18:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/05/03 14:59:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2004/09/30 18:25:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2008/08/08 16:43:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WholeSecurity
[2006/11/27 21:24:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\101 Software
[2010/06/06 19:14:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\DeepBurner
[2008/08/08 16:59:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\eBay
[2008/02/19 17:30:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\Forte
[2009/04/01 02:19:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\Foxit
[2010/10/05 13:22:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\Foxit Software
[2009/03/07 02:27:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\GrabPro
[2010/09/09 13:14:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\gtk-2.0
[2009/04/24 13:09:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\hott notes 4
[2010/02/18 22:56:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\ImTOO Software Studio
[2008/09/22 15:35:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\IrfanView
[2009/05/01 13:35:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\K-Meleon
[2010/07/31 10:29:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\Leadertech
[2010/01/18 23:11:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\Leawo
[2006/11/28 09:48:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\M8 Software
[2008/01/25 12:27:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\MP3Rocket
[2010/05/24 15:17:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\Opera
[2009/03/07 03:03:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\Orbit
[2010/09/26 15:51:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\PCToolsFirewallPlus
[2010/01/13 22:34:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\Pegasys Inc
[2010/05/11 05:12:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\STOIK
[2010/09/22 13:59:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\Thunderbird
[2010/05/03 17:02:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\Trusteer
[2002/12/18 03:38:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\Ulead Systems
[2008/12/24 01:59:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\XnView

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< %systemroot%\*. /mp /s >

< c:\$recycle.bin\*.* /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-09-29 23:45:45

< MD5 for: AGP440.SYS >
[2004/10/07 21:22:29 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/10/07 21:22:29 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/10/01 13:04:16 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\sp3.cab:AGP440.sys
[2008/04/14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\agp440.sys
[2008/04/14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 01:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2002/08/29 03:50:10 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2004/10/07 21:22:29 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2002/08/29 03:50:10 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp1.cab:atapi.sys
[2004/10/07 21:22:29 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/10/01 13:04:16 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\sp3.cab:atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 00:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2008/04/14 05:42:14 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\cmdcons\autochk.exe
[2008/04/14 05:42:14 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\WINDOWS\ServicePackFiles\i386\autochk.exe
[2008/04/13 19:12:12 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\autochk.exe
[2008/04/14 05:42:14 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\WINDOWS\system32\autochk.exe
[2004/08/04 02:56:47 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=B3415B9D6026F65E43089ABED096C38C -- C:\WINDOWS\$NtServicePackUninstall$\autochk.exe

< MD5 for: BEEP.SYS >
[2001/08/18 07:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\ERDNT\cache\beep.sys
[2001/08/18 07:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\dllcache\beep.sys
[2001/08/18 07:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\eventlog.dll
[2008/04/14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 02:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\explorer.exe
[2007/06/13 06:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004/08/04 02:56:49 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

< MD5 for: IMM32.DLL >
[2008/04/14 05:41:56 | 000,110,080 | ---- | M] (Microsoft Corporation) MD5=0DA85218E92526972A821587E6A8BF8F -- C:\WINDOWS\ERDNT\cache\imm32.dll
[2008/04/14 05:41:56 | 000,110,080 | ---- | M] (Microsoft Corporation) MD5=0DA85218E92526972A821587E6A8BF8F -- C:\WINDOWS\ServicePackFiles\i386\imm32.dll
[2008/04/13 19:11:54 | 000,110,080 | ---- | M] (Microsoft Corporation) MD5=0DA85218E92526972A821587E6A8BF8F -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\imm32.dll
[2008/04/14 05:41:56 | 000,110,080 | ---- | M] (Microsoft Corporation) MD5=0DA85218E92526972A821587E6A8BF8F -- C:\WINDOWS\system32\imm32.dll
[2004/08/04 02:56:42 | 000,110,080 | ---- | M] (Microsoft Corporation) MD5=87CA7CE6469577F059297B9D6556D66D -- C:\WINDOWS\$NtServicePackUninstall$\imm32.dll

< MD5 for: KERNEL32.DLL >
[2007/04/16 11:07:27 | 000,986,112 | ---- | M] (Microsoft Corporation) MD5=09F7CB3687F86EDAA4CA081F7AB66C03 -- C:\WINDOWS\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[2006/07/05 05:57:10 | 000,985,088 | ---- | M] (Microsoft Corporation) MD5=0FDD84928A5DDE2510761B7EC76CCEC9 -- C:\WINDOWS\$hf_mig$\KB917422\SP2QFE\kernel32.dll
[2009/03/21 08:54:07 | 000,989,184 | ---- | M] (Microsoft Corporation) MD5=80202858D245FF07DAA1739C57A3E19B -- C:\WINDOWS\$hf_mig$\KB959426\SP2QFE\kernel32.dll
[2004/08/04 02:56:42 | 000,983,552 | ---- | M] (Microsoft Corporation) MD5=888190E31455FAD793312F8D087146EB -- C:\WINDOWS\$NtUninstallKB917422$\kernel32.dll
[2007/04/16 10:52:53 | 000,984,576 | ---- | M] (Microsoft Corporation) MD5=A01F9CA902A88F7CED06884174D6419D -- C:\WINDOWS\$NtUninstallKB959426_0$\kernel32.dll
[2009/03/21 09:18:57 | 000,986,112 | ---- | M] (Microsoft Corporation) MD5=B6ACAED7588295129791E0E6A2B0FADE -- C:\WINDOWS\$NtServicePackUninstall$\kernel32.dll
[2009/03/21 09:06:58 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=B921FB870C9AC0D509B2CCABBBBE95F3 -- C:\WINDOWS\$hf_mig$\KB959426\SP3GDR\kernel32.dll
[2009/03/21 09:06:58 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=B921FB870C9AC0D509B2CCABBBBE95F3 -- C:\WINDOWS\ERDNT\cache\kernel32.dll
[2009/03/21 09:06:58 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=B921FB870C9AC0D509B2CCABBBBE95F3 -- C:\WINDOWS\system32\dllcache\kernel32.dll
[2009/03/21 09:06:58 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=B921FB870C9AC0D509B2CCABBBBE95F3 -- C:\WINDOWS\system32\kernel32.dll
[2008/04/14 05:41:58 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=C24B983D211C34DA8FCC1AC38477971D -- C:\WINDOWS\$NtUninstallKB959426$\kernel32.dll
[2008/04/14 05:41:58 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=C24B983D211C34DA8FCC1AC38477971D -- C:\WINDOWS\ServicePackFiles\i386\kernel32.dll
[2008/04/13 19:11:56 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=C24B983D211C34DA8FCC1AC38477971D -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\kernel32.dll
[2006/07/05 05:55:01 | 000,984,064 | ---- | M] (Microsoft Corporation) MD5=D8DB5397DE07577C1CB50BA6D23B3AD4 -- C:\WINDOWS\$NtUninstallKB935839$\kernel32.dll
[2009/03/21 08:59:23 | 000,991,744 | ---- | M] (Microsoft Corporation) MD5=DA11D9D6ECBDF0F93436A4B7C13F7BEC -- C:\WINDOWS\$hf_mig$\KB959426\SP3QFE\kernel32.dll

< MD5 for: MSWSOCK.DLL >
[2008/06/20 12:41:10 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=097722F235A1FB698BF9234E01B52637 -- C:\WINDOWS\$NtServicePackUninstall$\mswsock.dll
[2008/06/20 12:36:11 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=1DFCA7713EA5A70D5D93B436AEA0317A -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\mswsock.dll
[2004/08/04 02:56:44 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=4E74AF063C3271FBEA20DD940CFD1184 -- C:\WINDOWS\$NtUninstallKB951748_0$\mswsock.dll
[2008/06/20 12:46:57 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\mswsock.dll
[2008/06/20 12:46:57 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\ERDNT\cache\mswsock.dll
[2008/06/20 12:46:57 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\system32\dllcache\mswsock.dll
[2008/06/20 12:46:57 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\system32\mswsock.dll
[2008/04/14 05:42:02 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=B4138E99236F0F57D4CF49BAE98A0746 -- C:\WINDOWS\$NtUninstallKB951748$\mswsock.dll
[2008/04/14 05:42:02 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=B4138E99236F0F57D4CF49BAE98A0746 -- C:\WINDOWS\ServicePackFiles\i386\mswsock.dll
[2008/04/13 19:12:01 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=B4138E99236F0F57D4CF49BAE98A0746 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\mswsock.dll
[2008/06/20 12:43:05 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=FCEE5FCB99F7C724593365C706D28388 -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\mswsock.dll

< MD5 for: NDIS.SYS >
[2008/04/14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ERDNT\cache\ndis.sys
[2008/04/14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008/04/13 14:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ndis.sys
[2008/04/14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
[2004/08/04 01:14:28 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys

< MD5 for: NETLOGON.DLL >
[2008/04/14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\netlogon.dll
[2008/04/14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2009/02/06 13:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 13:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2004/08/04 02:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: NTFS.SYS >
[2007/02/09 06:23:36 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=05AB81909514BFD69CBB1F2C147CF6B9 -- C:\WINDOWS\$hf_mig$\KB930916\SP2QFE\ntfs.sys
[2007/02/09 06:10:35 | 000,574,464 | ---- | M] (Microsoft Corporation) MD5=19A811EF5F1ED5C926A028CE107FF1AF -- C:\WINDOWS\$NtServicePackUninstall$\ntfs.sys
[2008/04/14 00:45:54 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\ERDNT\cache\ntfs.sys
[2008/04/14 00:45:54 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\ServicePackFiles\i386\ntfs.sys
[2008/04/13 14:15:53 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ntfs.sys
[2008/04/14 00:45:54 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\system32\drivers\ntfs.sys
[2004/08/03 23:15:10 | 000,574,592 | ---- | M] (Microsoft Corporation) MD5=B78BE402C3F63DD55521F73876951CDD -- C:\cmdcons\NTFS.SYS
[2004/08/04 01:15:09 | 000,574,592 | ---- | M] (Microsoft Corporation) MD5=B78BE402C3F63DD55521F73876951CDD -- C:\WINDOWS\$NtUninstallKB930916$\ntfs.sys

< MD5 for: NTMSSVC.DLL >
[2008/04/14 05:42:04 | 000,435,200 | ---- | M] (Microsoft Corporation) MD5=156F64A3345BD23C600655FB4D10BC08 -- C:\WINDOWS\ERDNT\cache\ntmssvc.dll
[2008/04/14 05:42:04 | 000,435,200 | ---- | M] (Microsoft Corporation) MD5=156F64A3345BD23C600655FB4D10BC08 -- C:\WINDOWS\ServicePackFiles\i386\ntmssvc.dll
[2008/04/13 19:12:02 | 000,435,200 | ---- | M] (Microsoft Corporation) MD5=156F64A3345BD23C600655FB4D10BC08 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ntmssvc.dll
[2008/04/14 05:42:04 | 000,435,200 | ---- | M] (Microsoft Corporation) MD5=156F64A3345BD23C600655FB4D10BC08 -- C:\WINDOWS\system32\ntmssvc.dll
[2004/08/04 02:56:44 | 000,435,200 | ---- | M] (Microsoft Corporation) MD5=B62F29C00AC55A761B2E45877D85EA0F -- C:\WINDOWS\$NtServicePackUninstall$\ntmssvc.dll

< MD5 for: PROQUOTA.EXE >
[2004/08/04 02:56:55 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=4D9D45A4370E0C2AD00C362B7118E2A4 -- C:\WINDOWS\$NtServicePackUninstall$\proquota.exe
[2008/04/14 05:42:34 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=F6465A2EEF75468988A4FCF124148FA8 -- C:\WINDOWS\ServicePackFiles\i386\proquota.exe
[2008/04/13 19:12:32 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=F6465A2EEF75468988A4FCF124148FA8 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\proquota.exe
[2008/04/14 05:42:34 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=F6465A2EEF75468988A4FCF124148FA8 -- C:\WINDOWS\system32\proquota.exe

< MD5 for: QMGR.DLL >
[2004/08/04 02:56:44 | 000,382,464 | ---- | M] (Microsoft Corporation) MD5=2C69EC7E5A311334D10DD95F338FCCEA -- C:\WINDOWS\$NtServicePackUninstall$\qmgr.dll
[2008/04/14 05:42:04 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\ERDNT\cache\qmgr.dll
[2008/04/14 05:42:04 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\ServicePackFiles\i386\qmgr.dll
[2008/04/13 19:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\qmgr.dll
[2008/04/14 05:42:04 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\bits\qmgr.dll
[2008/04/14 05:42:04 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\qmgr.dll
[2002/08/29 03:41:10 | 000,221,696 | ---- | M] (Microsoft Corporation) MD5=6A1CF14D0E7D0B2241F552223769C8A7 -- C:\WINDOWS\$NtUninstallKB842773$\qmgr.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 02:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/14 05:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/14 05:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\scecli.dll
[2008/04/14 05:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SFCFILES.DLL >
[2004/08/04 02:56:45 | 001,580,544 | ---- | M] (Microsoft Corporation) MD5=30A609E00BD1D4FFC49D6B5A432BE7F2 -- C:\WINDOWS\$NtServicePackUninstall$\sfcfiles.dll
[2008/04/14 05:42:06 | 001,614,848 | ---- | M] (Microsoft Corporation) MD5=9DD07AF82244867CA36681EA2D29CE79 -- C:\WINDOWS\ERDNT\cache\sfcfiles.dll
[2008/04/14 05:42:06 | 001,614,848 | ---- | M] (Microsoft Corporation) MD5=9DD07AF82244867CA36681EA2D29CE79 -- C:\WINDOWS\ServicePackFiles\i386\sfcfiles.dll
[2008/04/13 19:12:05 | 001,614,848 | ---- | M] (Microsoft Corporation) MD5=9DD07AF82244867CA36681EA2D29CE79 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\sfcfiles.dll
[2008/04/14 05:42:06 | 001,614,848 | ---- | M] (Microsoft Corporation) MD5=9DD07AF82244867CA36681EA2D29CE79 -- C:\WINDOWS\system32\sfcfiles.dll

< MD5 for: SPOOLSV.EXE >
[2010/08/17 08:19:36 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=258DD5D4283FD9F9A7166BE9AE45CE73 -- C:\WINDOWS\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe
[2010/08/17 08:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=60784F891563FB1B767F70117FC2428F -- C:\WINDOWS\ERDNT\cache\spoolsv.exe
[2010/08/17 08:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=60784F891563FB1B767F70117FC2428F -- C:\WINDOWS\system32\dllcache\spoolsv.exe
[2010/08/17 08:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=60784F891563FB1B767F70117FC2428F -- C:\WINDOWS\system32\spoolsv.exe
[2004/08/04 02:56:57 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=7435B108B935E42EA92CA94F59C8E717 -- C:\WINDOWS\$NtUninstallKB896423$\spoolsv.exe
[2005/06/10 19:17:13 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=AD3D9D191AEA7B5445FE1D82FFBB4788 -- C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[2008/04/14 05:42:38 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=D8E14A61ACC1D4A6CD0D38AEBAC7FA3B -- C:\WINDOWS\$NtUninstallKB2347290$\spoolsv.exe
[2008/04/14 05:42:38 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=D8E14A61ACC1D4A6CD0D38AEBAC7FA3B -- C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe
[2008/04/13 19:12:36 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=D8E14A61ACC1D4A6CD0D38AEBAC7FA3B -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\spoolsv.exe
[2005/06/10 18:53:32 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=DA81EC57ACD4CDC3D4C51CF3D409AF9F -- C:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe

< MD5 for: SRSVC.DLL >
[2008/04/14 05:42:08 | 000,171,008 | ---- | M] (Microsoft Corporation) MD5=3805DF0AC4296A34BA4BF93B346CC378 -- C:\WINDOWS\ERDNT\cache\srsvc.dll
[2008/04/14 05:42:08 | 000,171,008 | ---- | M] (Microsoft Corporation) MD5=3805DF0AC4296A34BA4BF93B346CC378 -- C:\WINDOWS\ServicePackFiles\i386\srsvc.dll
[2008/04/13 19:12:07 | 000,171,008 | ---- | M] (Microsoft Corporation) MD5=3805DF0AC4296A34BA4BF93B346CC378 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\srsvc.dll
[2008/04/14 05:42:08 | 000,171,008 | ---- | M] (Microsoft Corporation) MD5=3805DF0AC4296A34BA4BF93B346CC378 -- C:\WINDOWS\system32\srsvc.dll
[2004/08/04 02:56:45 | 000,170,496 | ---- | M] (Microsoft Corporation) MD5=92BDF74F12D6CBEC43C94D4B7F804838 -- C:\WINDOWS\$NtServicePackUninstall$\srsvc.dll

< MD5 for: SVCHOST.EXE >
[2008/04/14 05:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008/04/14 05:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\svchost.exe
[2008/04/14 05:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/04 02:56:57 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: TERMSRV.DLL >
[2004/08/04 02:56:46 | 000,295,424 | ---- | M] (Microsoft Corporation) MD5=B60C877D16D9C880B952FDA04ADF16E6 -- C:\WINDOWS\$NtServicePackUninstall$\termsrv.dll
[2008/04/14 05:42:08 | 000,295,424 | ---- | M] (Microsoft Corporation) MD5=FF3477C03BE7201C294C35F684B3479F -- C:\WINDOWS\ERDNT\cache\termsrv.dll
[2008/04/14 05:42:08 | 000,295,424 | ---- | M] (Microsoft Corporation) MD5=FF3477C03BE7201C294C35F684B3479F -- C:\WINDOWS\ServicePackFiles\i386\termsrv.dll
[2008/04/13 19:12:07 | 000,295,424 | ---- | M] (Microsoft Corporation) MD5=FF3477C03BE7201C294C35F684B3479F -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\termsrv.dll
[2008/04/14 05:42:08 | 000,295,424 | ---- | M] (Microsoft Corporation) MD5=FF3477C03BE7201C294C35F684B3479F -- C:\WINDOWS\system32\termsrv.dll

< MD5 for: USERINIT.EXE >
[2004/08/04 02:56:57 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\userinit.exe
[2008/04/14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: VIAMRAID.SYS >
[2008/07/10 11:19:02 | 000,117,248 | ---- | M] (VIA Technologies inc,.ltd) MD5=00046AA2E396EDC2238556E740A8E5AF -- C:\DRIVERS\VIA_HyperionPro_V520A\VRAIDDrv\2K\viamraid.sys
[2008/07/10 11:19:02 | 000,117,248 | ---- | M] (VIA Technologies inc,.ltd) MD5=00046AA2E396EDC2238556E740A8E5AF -- C:\DRIVERS\VIA_HyperionPro_V520A\VRAIDDrv\drvdisk\x86\NT5\viamraid.sys
[2008/07/10 11:19:02 | 000,117,248 | ---- | M] (VIA Technologies inc,.ltd) MD5=00046AA2E396EDC2238556E740A8E5AF -- C:\DRIVERS\VIA_HyperionPro_V520A\VRAIDDrv\SRV2003\x86\viamraid.sys
[2008/07/10 11:19:02 | 000,117,248 | ---- | M] (VIA Technologies inc,.ltd) MD5=00046AA2E396EDC2238556E740A8E5AF -- C:\DRIVERS\VIA_HyperionPro_V520A\VRAIDDrv\XP\x86\viamraid.sys
[2008/07/23 20:18:28 | 000,137,880 | ---- | M] (VIA Technologies Inc.,Ltd) MD5=0C619F1C0F1D0150C155C3CD7687DC87 -- C:\DRIVERS\VIA_HyperionPro_V520A\VRAIDDrv\drvdisk\VISTA\x86\viamraid.sys
[2008/07/23 20:18:28 | 000,137,880 | ---- | M] (VIA Technologies Inc.,Ltd) MD5=0C619F1C0F1D0150C155C3CD7687DC87 -- C:\DRIVERS\VIA_HyperionPro_V520A\VRAIDDrv\VISTA\x86\viamraid.sys
[2007/12/20 10:02:18 | 000,117,872 | ---- | M] (VIA Technologies inc,.ltd) MD5=923C74DE7CB0B4E060B8748968F9A620 -- C:\DRIVERS\VIA_HyperionPro_V520A\VRAIDDrv\drvdisk\x86\NT4\viamraid.sys
[2007/12/20 10:02:18 | 000,117,872 | ---- | M] (VIA Technologies inc,.ltd) MD5=923C74DE7CB0B4E060B8748968F9A620 -- C:\DRIVERS\VIA_HyperionPro_V520A\VRAIDDrv\NT4\viamraid.sys

< MD5 for: WS2_32.DLL >
[2008/04/14 05:42:12 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\ERDNT\cache\ws2_32.dll
[2008/04/14 05:42:12 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
[2008/04/13 19:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ws2_32.dll
[2008/04/14 05:42:12 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll
[2004/08/04 02:56:46 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=2ED0B7F12A60F90092081C50FA0EC2B2 -- C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll
[2005/10/08 18:36:08 | 000,032,768 | ---- | M] () MD5=EFE5D9AF9156C2E9D92EA1078D529753 -- C:\Program Files\WinMX\ws2_32.dll

< MD5 for: XMLPROV.DLL >
[2008/04/14 05:42:12 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=295D21F14C335B53CB8154E5B1F892B9 -- C:\WINDOWS\ERDNT\cache\xmlprov.dll
[2008/04/14 05:42:12 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=295D21F14C335B53CB8154E5B1F892B9 -- C:\WINDOWS\ServicePackFiles\i386\xmlprov.dll
[2008/04/13 19:12:11 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=295D21F14C335B53CB8154E5B1F892B9 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\xmlprov.dll
[2008/04/14 05:42:12 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=295D21F14C335B53CB8154E5B1F892B9 -- C:\WINDOWS\system32\xmlprov.dll
[2004/08/04 02:56:46 | 000,129,536 | ---- | M] (Microsoft Corporation) MD5=EEF46DAB68229A14DA3D8E73C99E2959 -- C:\WINDOWS\$NtServicePackUninstall$\xmlprov.dll

< %systemroot%\system32\*.dll /lockedfiles >
[943 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8CE646EE
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C31F31E6
< End of report >

OTL Extras logfile created on: 10/9/2010 8:27:40 PM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\Wayne\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 61.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): C:\pagefile.sys 360 720 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 262.56 Gb Free Space | 88.08% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OWNER-X35LSKRDA
Current User Name: Wayne
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- C:\PROGRA~1\MOZILL~2\FIREFOX.EXE -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- C:\PROGRA~1\MOZILL~2\FIREFOX.EXE -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with XnView] -- Reg Error: Value error.
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\PROGRA~1\MEDIAM~1\MEDIAM~2.EXE" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\PROGRA~1\MEDIAM~1\MEDIAM~2.EXE" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\PROGRA~1\MEDIAM~1\MEDIAM~2.EXE" /ADD "%1" (Ventis Media Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UpdatesDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" = C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:Malwarebytes' Anti-Malware -- (Malwarebytes Corporation)
"C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe" = C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe:*:Enabled:SiSoftware Deployment Agent Service -- (SiSoftware)
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Disabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" = C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe:*:Enabled:SUPERAntiSpyware Free Edition -- (SUPERAntiSpyware.com)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\AVG\AVG9\avgemc.exe" = C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\WNt500x86\RpcSandraSrv.exe" = C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\WNt500x86\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service -- (SiSoftware)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0E66AFD6-5E76-4FDB-BB7B-05871F5CDFE3}" = ArcSoft ShowBiz DVD 2
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1D2C96C3-A3F3-49E7-B839-95279DED837F}" = Opera 10.60
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F85CAAA-B786-4E5B-AADD-638856992EF3}" = Opera 10.53
"{22DEF4A1-7A4E-42C8-BC27-6F14CA63E6FF}" = Accusoft PICVideo Motion JPEG 4
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v. 1.3.1249.0
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 21
"{2BA00471-0328-3743-93BD-FA813353A783}" = Microsoft .NET Framework 3.0 Service Pack 1
"{2FC099BD-AC9B-33EB-809C-D332E1B27C40}" = Microsoft .NET Framework 3.5
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3A1AB8E6-748E-4B95-AA2D-FE9952EB3106}" = OLYMPUS Master 2
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{428102E6-8A39-48B9-8389-847F5A44A600}" = MSXML 4.0
"{48B0F38D-1913-44F3-99AA-D4C55A2B038E}" = Drive Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{54BB0384-1C33-488F-A95B-877E480D3EDC}" = MSXML 4.0
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{647AC9E7-F65F-45B6-ADB1-17786D222247}" = STOPzilla
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{7D42B43A-EA63-4234-B00A-757C15B2B185}_is1" = Leawo AVI Converter version 2.2.0.2
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{838F0053-8744-4B63-8819-CC44C06308AC}" = Visualizer Photo Resize
"{85F49DC5-81F1-11D5-B626-0010B5557563}" = Ulead DVD MovieFactory SE
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{9604876E-6DF3-11D9-9526-CC60569E6209}" = DupDetector
"{9C4DE53B-FF00-4213-9C7A-8771877CCA72}" = CSTDT600MA
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AAF4238F-7C29-451D-9925-C753271A5728}" = Microsoft Visual C++ Run Time Lib Setup
"{AC76BA86-7AD7-1033-7B44-A70900000002}" = Adobe Reader 7.0.9
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B8B4D43C-EAA0-4EEC-B93E-D4D012316286}" = Free DWG Viewer 6.3
"{BCC5DC79-2275-4171-8CEA-39F0DD9ADF58}" = USB Video/Audio Device Driver
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2196}_is1" = SiSoftware Sandra Lite XII.SP2c
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}" = Windows Resource Kit Tools - SubInAcl.exe
"{D4576E0D-2295-4B8E-B663-B68086B00EE5}" = Sonic CinePlayer DVD Pack
"{E1E502E2-C006-49DB-9C0C-F2196E51826F}_is1" = Rootkit Unhooker LE 3.8 SR 2
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F59AC46C-10C3-4023-882C-4212A92283B3}_is1" = Lagarith Lossless Codec (1.3.20)
"7-Zip" = 7-Zip 4.65
"A Simple Unit Converter_is1" = A Simple Unit Converter 0.97.00 Beta
"AbiWord2" = "AbiWord 2.0.6 (remove only)"
"AC3Filter" = AC3Filter (remove only)
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"AltoMP3 Gold" = AltoMP3 Gold 5.20
"Audacity_is1" = Audacity 1.2.3
"AutoCAD R14.0 Uninstall" = AutoCAD R14.0
"AVG9Uninstall" = AVG Free 9.0
"Battle Master_is1" = Battle Master 2.0
"BtcMaestro" = KeyMaestro Input Device Driver V2.1.1-126A6 MUL
"CANONBJ_Deinstall" = BJ Printer Driver
"CCleaner" = CCleaner
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2009-09-09
"Cool Timer_is1" = Cool Timer 3.6
"CPUID HWMonitor_is1" = CPUID HWMonitor 1.16
"CutePDF Writer Installation" = CutePDF Writer 2.2
"DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DVD Flick_is1" = DVD Flick 1.3.0.7
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDStyler_is1" = DVDStyler v1.8.1
"EndItAll_is1" = EndItAll 2.0
"ERUNT_is1" = ERUNT 1.1j
"ESET Online Scanner" = ESET Online Scanner v3
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"ffdshow" = ffdshow (remove only)
"Forte Agent" = Forté Agent
"Foxit PDF Editor" = Foxit PDF Editor
"Foxit Reader" = Foxit Reader
"Free Mp3/Wma/Ogg Converter_is1" = Free Mp3/Wma/Ogg Converter 4.0.1
"Free Video Converter_is1" = Free Video Converter V 1.0
"Free WMV to AVI MPEG Converter_is1" = Free WMV to AVI MPEG Converter v1.2
"GoldWave v4.26" = GoldWave v4.26
"HijackThis" = HijackThis 2.0.2
"HitmanPro35" = Hitman Pro 3.5
"hott notes 4" = hott notes 4
"HP Photo Imaging Software" = HP Photo Imaging Software
"HUFFYUV" = Huffyuv AVI lossless video codec (Remove Only)
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{22DEF4A1-7A4E-42C8-BC27-6F14CA63E6FF}" = Accusoft PICVideo Motion JPEG 4
"InstallShield_{48B0F38D-1913-44F3-99AA-D4C55A2B038E}" = Drive Manager
"InstallShield_{BCC5DC79-2275-4171-8CEA-39F0DD9ADF58}" = USB Video/Audio Device Driver
"IrfanView" = IrfanView (remove only)
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.6.1 (Full)
"LarrysAnyTextFileIndexer" = Larry's Any Text File Indexer
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaMonkey_is1" = MediaMonkey 3.1
"Microsoft .NET Framework 3.5" = Microsoft .NET Framework 3.5
"MoffFreeCalc_is1" = Moffsoft FreeCalc
"MovieJoiner" = Movie Joiner
"Mozilla Firefox (2.0.0.20)" = Mozilla Firefox (2.0.0.20)
"Mozilla Thunderbird (2.0.0.24)" = Mozilla Thunderbird (2.0.0.24)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MTS Accelerator" = MTS Accelerator
"Neat Video for VirtualDub_is1" = Neat Video v2.2 Home plug-in for VirtualDub
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OneTouch Version 3.0" = OneTouch Version 3.0
"OpticPro Key" = OpticPro 4830P
"P4M266" = ProSavageDDR and Utilities
"PaperPort 7.02" = PaperPort 7.02
"PC Tools Firewall Plus" = PC Tools Firewall Plus 6.0
"POSTER_is1" = 7.9
"QuickPar" = QuickPar 0.9
"RealAlt_is1" = Real Alternative 1.9.0
"Revo Uninstaller" = Revo Uninstaller 1.88
"S3Display" = S3Display
"S3Gamma2" = S3Gamma2
"S3Info2" = S3Info2
"S3Overlay" = S3Overlay
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"Snowflakes_is1" = Snowflakes Screensaver
"SpywareBlaster_is1" = SpywareBlaster 4.4
"Super Video Joiner_is1" = Super Video Joiner 2.0
"Ultra QuickTime Converter_is1" = Ultra QuickTime Converter 1.3.6
"UndeletePlus_is1" = Undelete Plus 2.94
"Unlocker" = Unlocker 1.8.7
"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast-Ethernet Adapter
"VuePrint" = VuePrint
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.10
"WinGTK-2_is1" = GTK+ 2.6.7 runtime environment
"WinPcapInst" = WinPcap 4.0.2
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XviD" = XviD MPEG-4 Codec
"XXClone" = XXClone ver 0.58.0
"Yule Log" = Yule Log Screen Saver

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/29/2010 7:33:25 PM | Computer Name = OWNER-X35LSKRDA | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb982865,
P2 1033, P3 1605, P4 msi, P5 f, P6 9.0.40302.0, P7 install, P8 x86, P9 xp, P10
0.

Error - 9/29/2010 7:45:32 PM | Computer Name = OWNER-X35LSKRDA | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb983582,
P2 1033, P3 1605, P4 msi, P5 f, P6 9.0.40302.0, P7 install, P8 x86, P9 xp, P10
0.

Error - 9/29/2010 7:45:43 PM | Computer Name = OWNER-X35LSKRDA | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb982865,
P2 1033, P3 1605, P4 msi, P5 f, P6 9.0.40302.0, P7 install, P8 x86, P9 xp, P10
0.

Error - 9/30/2010 11:15:03 AM | Computer Name = OWNER-X35LSKRDA | Source = Ci | ID = 4128
Description = Error 2147942414 detected in content index on c:\system volume information\catalog.wci.

Error - 9/30/2010 8:11:48 PM | Computer Name = OWNER-X35LSKRDA | Source = Application Error | ID = 1000
Description = Faulting application javara.exe, version 1.16.1.1763, faulting module
ntdll.dll, version 5.1.2600.5755, fault address 0x0000100b.

Error - 9/30/2010 8:12:17 PM | Computer Name = OWNER-X35LSKRDA | Source = Application Error | ID = 1001
Description = Fault bucket 1987575260.

Error - 9/30/2010 9:47:45 PM | Computer Name = OWNER-X35LSKRDA | Source = Ci | ID = 4128
Description = Error 2147942414 detected in content index on c:\system volume information\catalog.wci.

Error - 10/1/2010 3:32:19 PM | Computer Name = OWNER-X35LSKRDA | Source = Ci | ID = 4128
Description = Error 2147942414 detected in content index on c:\system volume information\catalog.wci.

Error - 10/2/2010 10:58:24 AM | Computer Name = OWNER-X35LSKRDA | Source = Ci | ID = 4128
Description = Error 2147942414 detected in content index on c:\system volume information\catalog.wci.

Error - 10/3/2010 12:31:36 PM | Computer Name = OWNER-X35LSKRDA | Source = Ci | ID = 4128
Description = Error 2147942414 detected in content index on c:\system volume information\catalog.wci.

[ System Events ]
Error - 10/7/2010 1:06:46 PM | Computer Name = OWNER-X35LSKRDA | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
viaagp ViaIde

Error - 10/8/2010 1:15:42 PM | Computer Name = OWNER-X35LSKRDA | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%126

Error - 10/8/2010 1:16:04 PM | Computer Name = OWNER-X35LSKRDA | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
viaagp ViaIde

Error - 10/8/2010 3:35:57 PM | Computer Name = OWNER-X35LSKRDA | Source = Service Control Manager | ID = 7000
Description = The afroruob service failed to start due to the following error: %%2

Error - 10/9/2010 3:08:10 AM | Computer Name = OWNER-X35LSKRDA | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%126

Error - 10/9/2010 3:08:26 AM | Computer Name = OWNER-X35LSKRDA | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
viaagp ViaIde

Error - 10/9/2010 3:20:56 AM | Computer Name = OWNER-X35LSKRDA | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%126

Error - 10/9/2010 3:21:17 AM | Computer Name = OWNER-X35LSKRDA | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
viaagp ViaIde

Error - 10/9/2010 12:17:53 PM | Computer Name = OWNER-X35LSKRDA | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%126

Error - 10/9/2010 12:18:15 PM | Computer Name = OWNER-X35LSKRDA | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
viaagp ViaIde

< End of report >

SuperDave · « **Reply #27 on:** October 10, 2010, 06:50:14 PM »

* Open OTL
* Copy and Paste the following text in the codebox into the Custom Scans/Fixes window.

Code: [Select]

:OTL
FF - prefs.js..keyword.URL: "http://www.veerboo.com/results.php?q="
O15 - HKCU\..Trusted Domains:   ([]msn in My Computer)
:Files
C:\Temp

:COMMANDS
[resethosts]
[purity]
[clearrestorepoints]
[emptytemp]
[start explorer]

* Click Run Fix
* OTLI2 may ask to reboot the machine. Please do so if asked.
* Click OK
* A report will open. Copy and Paste that report in your next reply.

jwfilion · « **Reply #28 on:** October 11, 2010, 03:36:25 AM »

SuperDave, something has happened, something serious I think. I did as you asked, I copied and pasted the lines into OTL and ran the fix. Almost immediately, an error window popped up saying that the host file could not be found or opened. I don't remember the exact wording. I did a PrintScreen to post it, however the computer locked up when I clicked the OK button. The interface remained and the bottom bar said that OTL was resetting the host files and not to interrupt it. I left it to do it's job, as I was called away on business. Five hours later, when I returned, it was still running. I finally took the hint that it wasn't working properly. When I minimized it, to see if there was another screen beneath it, I found that all my desktop icons had disappeared, and then discovered that I could not restore OTL. There was no response from my computer at all. I finally had to turn it off. On reboot, I discovered the log from OTL on the desktop. When I went online to try and report it, I also found that all my proxy server settings were disabled or changed. I tried to restore them, but they can't be saved, I have to input them each time I go online. Something has definitely happened. Below is the OTL report...

Files\Folders moved on Reboot...
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.

Registry entries deleted on Reboot...

I hope you can figure this out.

jwfilion · « **Reply #29 on:** October 11, 2010, 12:18:09 PM »

Apparently, there was no "fix". I just got jacked again, but at least my setting were saved. No problem with proxy server today.

SuperDave · « **Reply #30 on:** October 11, 2010, 01:51:54 PM »

Quote

I just got jacked again

To the same site? Please run this scan and post the results. It's a bit different than the first OTL.

Download OTL to your desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* When the window appears, underneath Output at the top change it to Minimal Output.
* Check the boxes beside LOP Check and Purity Check.
* Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

Please copy and pate the contents of these files, one at a time, into your next reply.

Note: You may need two or more posts to fit them all in.

jwfilion · « **Reply #31 on:** October 11, 2010, 04:08:24 PM »

SuperDave, OTL will not run! I removed the old one and any folder/files I could find in the C directory after it stalled the last time. I rebooted and downloaded it again as you posted. When I tried to open it, I keep getting the message "OTL has encountered a problem and needs to close" I've tried this 3 times. Will renaming it to a .bat file work for this as well?
Yes, it did hijack to the same site.

jwfilion · « **Reply #32 on:** October 11, 2010, 11:30:45 PM »

Hi SuperDave, It seems I got OTL running again. I turned the computer off for a few hours, rebooted and tried another download. It seemed to work, however, it only produced one report, the OTL.txt. I will put it in 2 seperate posts.

OTL logfile created on: 10/11/2010 11:47:03 PM - Run 3
OTL by OldTimer - Version 3.2.15.1 Folder = C:\Documents and Settings\Wayne\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 68.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 360 720 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 257.06 Gb Free Space | 86.24% Space Free | Partition Type: NTFS

Computer Name: OWNER-X35LSKRDA | User Name: Wayne | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Wayne\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Documents and Settings\Wayne\Local Settings\Application Data\Google\Update\1.2.183.29\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\STOPzilla!\STOPzilla.exe (iS3, Inc.)
PRC - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe (iS3, Inc.)
PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe (PC Tools)
PRC - C:\Program Files\PC Tools Firewall Plus\FWService.exe (PC Tools)
PRC - C:\Program Files\MTS Accelerator\PropelAC.exe (Propel Software Corporation)
PRC - C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
PRC - C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.)
PRC - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe (SiSoftware)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe (Seagate Technology LLC)
PRC - C:\Program Files\Common Files\Sonic Shared\CineTray.exe (Sonic Solutions)
PRC - C:\Program Files\KMaestro\Kmaestro.exe (BTC)
PRC - C:\WINDOWS\essspk.exe ()
PRC - C:\Program Files\Visioneer OneTouch\OneTouchMon.exe (Visioneer Inc)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Wayne\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll (Microsoft Corporation)
MOD - C:\Program Files\Logitech\SetPoint\lgscroll.dll (Logitech, Inc.)
MOD - C:\WINDOWS\system32\hid.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
MOD - C:\Program Files\KMaestro\HidKeybd.dll (BTC)

========== Win32 Services (SafeList) ==========

SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found
SRV - (szserver) -- C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe (iS3, Inc.)
SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg9emc) -- C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (PCToolsFirewallPlus) -- C:\Program Files\PC Tools Firewall Plus\FWService.exe (PC Tools)
SRV - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (SandraAgentSrv) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe (SiSoftware)
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies)
SRV - (Basics Service) -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe (Seagate Technology LLC)
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)

========== Driver Services (SafeList) ==========

DRV - (USBNDIS) -- C:\WINDOWS\System32\DRIVERS\usbndis.sys File not found
DRV - (nuvaudio) -- C:\WINDOWS\System32\DRIVERS\nuvaudio.sys File not found
DRV - (LMouKE) -- C:\WINDOWS\System32\Drivers\LMouKE.sys File not found
DRV - (LHidUsbK) -- C:\WINDOWS\System32\Drivers\LHidUsbK.Sys File not found
DRV - (Dual Mode) -- C:\WINDOWS\System32\DRIVERS\CoachVc.sys File not found
DRV - (DPCUSB) -- C:\WINDOWS\System32\Drivers\DPCUSB.sys File not found
DRV - (CoachUsb) -- C:\WINDOWS\System32\DRIVERS\CoachUsb.sys File not found
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (AvgTdiX) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgLdx86) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (szkgfs) -- C:\WINDOWS\system32\drivers\szkgfs.sys (iS3, Inc.)
DRV - (cpuz133) -- C:\WINDOWS\system32\drivers\cpuz133_x32.sys (Windows (R) Win 7 DDK provider)
DRV - (pctplfw) -- C:\WINDOWS\system32\drivers\pctplfw.sys (PC Tools)
DRV - (PCTFW-PacketFilter) -- C:\WINDOWS\system32\drivers\pctNdis-PacketFilter.sys (PC Tools)
DRV - (pctgntdi) -- C:\WINDOWS\system32\drivers\pctgntdi.sys (PC Tools)
DRV - (pctNDIS) -- C:\WINDOWS\system32\drivers\pctNdis.sys (PC Tools)
DRV - (szkg5) -- C:\WINDOWS\system32\DRIVERS\szkg.sys (iS3 Inc.)
DRV - (is3srv) -- C:\WINDOWS\system32\drivers\is3srv.sys (iS3 Inc.)
DRV - (PCTAppEvent) -- C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools)
DRV - (FiltUSBEMPIA) -- C:\WINDOWS\system32\drivers\emFilter.sys (eMPIA Technology, Inc.)
DRV - (ScanUSBEMPIA) -- C:\WINDOWS\system32\drivers\emScan.sys (eMPIA Technology, Inc.)
DRV - (DCamUSBEMPIA) -- C:\WINDOWS\system32\drivers\emDevice.sys (eMPIA Technology, Inc.)
DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
DRV - (MPE) -- C:\WINDOWS\system32\drivers\mpe.sys (Microsoft Corporation)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (SANDRA) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\WNt500x86\sandra.sys (SiSoftware)
DRV - (LUsbFilt) -- C:\WINDOWS\system32\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV - (LMouFilt) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (NPF) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies)
DRV - (L8042Kbd) -- C:\WINDOWS\system32\drivers\L8042Kbd.sys (Logitech, Inc.)
DRV - (USB28xxBGA) -- C:\WINDOWS\system32\drivers\emBDA.sys (eMPIA Technology, Inc.)
DRV - (USB28xxOEM) -- C:\WINDOWS\system32\drivers\emOEM.sys (eMPIA Technology, Inc.)
DRV - (emAudio) -- C:\WINDOWS\system32\drivers\emAudio.sys (eMPIA Technology, Inc.)
DRV - (Afc) -- C:\WINDOWS\system32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (videX32) -- C:\WINDOWS\system32\DRIVERS\videX32.sys (VIA Technologies, Inc.)
DRV - (VIAudio) Vinyl AC'97 Audio Controller (WDM) -- C:\WINDOWS\system32\drivers\vinyl97.sys (VIA Technologies, Inc.)
DRV - (NuVision) -- C:\WINDOWS\system32\drivers\Nuvision.sys (Hauppauge Computer Works)
DRV - (S3Psddr) -- C:\WINDOWS\system32\drivers\s3gnbm.sys (S3 Graphics, Inc.)
DRV - (Edspport) -- C:\WINDOWS\system32\drivers\es56hpi.sys (ESS Technology, Inc.)
DRV - (giveio) -- C:\WINDOWS\system32\giveio.sys ()
DRV - (viaagp1) -- C:\WINDOWS\System32\DRIVERS\viaagp1.sys (VIA Technologies, Inc.)
DRV - (VIAPFD) -- C:\WINDOWS\System32\Drivers\VIAPFD.SYS (VIA Technologies. Inc.)
DRV - (ViaIde) -- C:\WINDOWS\System32\DRIVERS\viaidexp.sys (VIA Technologies, Inc.)
DRV - (ms_mpu401) -- C:\WINDOWS\system32\drivers\msmpu401.sys (Microsoft Corporation)
DRV - (SnapTHN) -- C:\WINDOWS\System32\drivers\SNAPTHN.SYS (Play Incorporated)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.canoe.ca/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=localhost:8080

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginen ame: "www.google-feed.net"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://en.canoe.ca/home.html"
FF - prefs.js..extensions.enabledItems: {34274bf4-1d97-a289-e984-17e546307e4f}:0.5.3.043
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.0
FF - prefs.js..extensions.enabledItems: {1d5287d1-8a92-0001-1f31-1cec198018d8}:2.0.20080718
FF - prefs.js..extensions.enabledItems: {F8CC37C3-CBEB-4A00-8CBF-26A88693F0C5}:2.2008.5.13
FF - prefs.js..extensions.enabledItems: {62760FD6-B943-48C9-AB09-F99C6FE96088}:1.6.4
FF - prefs.js..extensions.enabledItems: {EF522540-89F5-46b9-B6FE-1829E2B572C6}:3.13
FF - prefs.js..extensions.enabledItems: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.3.1
FF - prefs.js..keyword.URL: "http://www.veerboo.com/results.php?q="

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/09/24 19:05:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/30 23:33:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/30 23:33:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/09/29 14:13:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010/10/05 13:21:09 | 000,000,000 | ---D | M]

[2010/09/22 13:59:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\Mozilla\Extensions
[2010/09/22 13:59:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Wayne\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/10/11 14:17:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\Mozilla\Firefox\Profiles\d1lib2qr.default\extensions
[2008/09/07 19:21:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\Mozilla\Firefox\Profiles\d1lib2qr.default\extensions\[email protected]
[2010/09/15 19:52:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\Mozilla\Firefox\Profiles\d1lib2qr.default\extensions\SearchHelper
[2008/05/27 22:59:05 | 000,001,162 | ---- | M] () -- C:\Documents and Settings\Wayne\Application Data\Mozilla\Firefox\Profiles\d1lib2qr.default\searchplugins\dictionary.xml
[2010/09/15 19:51:59 | 000,000,003 | ---- | M] () -- C:\Documents and Settings\Wayne\Application Data\Mozilla\Firefox\Profiles\d1lib2qr.default\searchplugins\GoogleFeed.xml
[2010/10/11 14:17:10 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/23 00:24:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/21 02:47:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2008/12/20 00:22:20 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2008/12/21 14:43:06 | 000,067,688 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jar50.dll
[2008/12/21 14:43:06 | 000,054,368 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jsd3250.dll
[2008/12/21 14:43:06 | 000,034,944 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\myspell.dll
[2008/12/21 14:43:06 | 000,046,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\spellchk.dll
[2008/12/21 14:43:07 | 000,172,136 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\xpinstal.dll
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/10/05 13:18:11 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

O1 HOSTS File: ([2010/10/11 03:40:25 | 000,000,021 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Accelerator Plugin) - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\Program Files\MTS Accelerator\prpl_IePopupBlocker.dll (Propel Software Corporation)
O2 - BHO: (STOPzilla Browser Helper Object) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll (iS3, Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O4 - HKLM..\Run: [00PCTFW] C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe (PC Tools)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [basicsmssmenu] C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe (Maxtor Corporation)
O4 - HKLM..\Run: [BtcMaestro] C:\Program Files\KMaestro\Kmaestro.exe (BTC)
O4 - HKLM..\Run: [CXMon] C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [EssSpkPhone] C:\WINDOWS\essspk.exe ()
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [OneTouch Monitor] C:\Program Files\Visioneer OneTouch\OneTouchMon.exe (Visioneer Inc)
O4 - HKLM..\Run: [VTPreset] C:\WINDOWS\System32\VTPreset.exe (S3 Graphics, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Sonic CinePlayer Quick Launch.lnk = C:\Program Files\Common Files\Sonic Shared\CineTray.exe (Sonic Solutions)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictRun = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictRun = 0
O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\MTS Accelerator\pac-page.html ()
O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\MTS Accelerator\pac-image.html ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {33363249-0000-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/i263_32.cab (Reg Error: Key error.)
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} http://a1540.g.akamai.net/7/1540/52/20021205/qtinstall.info.apple.com/borris/us/win/QuickTimeInstaller.exe (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37623.4285648148 (Reg Error: Key error.)
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://www.crucial.com/controls/cpcScanner.cab (Crucial cpcScan)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Nikkivue2.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Nikkivue2.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/10/08 09:25:20 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*

jwfilion · « **Reply #33 on:** October 11, 2010, 11:32:02 PM »

========== Files/Folders - Created Within 30 Days ==========

[2010/10/11 23:42:12 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Wayne\Desktop\OTL.exe
[2010/10/10 14:10:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne\Local Settings\Application Data\Temp
[2010/10/10 00:52:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne\Desktop\Art Stuff
[2010/10/10 00:50:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne\Desktop\Desktop Nudes
[2010/10/10 00:44:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne\Desktop\Fixed Folder
[2010/10/10 00:21:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne\Desktop\MyStuff
[2010/10/10 00:16:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne\Desktop\Recipes
[2010/10/10 00:10:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne\Desktop\Video Editing
[2010/10/10 00:10:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne\Desktop\Desktop
[2010/10/06 19:41:15 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2010/10/06 00:33:51 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/10/06 00:02:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/10/05 13:22:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne\Application Data\Foxit Software
[2010/10/03 23:37:50 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/10/03 23:13:33 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/10/03 23:13:33 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/10/03 22:48:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne\My Documents\New Folder
[2010/09/30 20:34:29 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Wayne\Recent
[2010/09/29 14:13:05 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2010/09/26 15:50:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne\Application Data\PCToolsFirewallPlus
[2010/09/26 15:46:02 | 000,207,792 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2010/09/26 15:46:02 | 000,088,040 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2010/09/26 15:45:54 | 000,233,136 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2010/09/26 15:44:31 | 000,070,664 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctNdis-PacketFilter.sys
[2010/09/26 15:44:31 | 000,058,816 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctNdis.sys
[2010/09/26 15:44:31 | 000,032,680 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctNdis-DNS.sys
[2010/09/26 15:44:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/09/26 15:44:28 | 000,115,216 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplfw.sys
[2010/09/26 15:44:25 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Firewall Plus
[2010/09/26 04:53:45 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/09/25 10:42:24 | 000,000,000 | ---D | C] -- C:\Program Files\STOPzilla!
[2010/09/25 10:42:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2010/09/25 10:42:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
[2010/09/25 00:00:27 | 000,000,000 | ---D | C] -- C:\671feffc3b70b88a397bd6f620fbac40
[2010/09/24 11:25:08 | 000,000,000 | ---D | C] -- C:\Program Files\UnHackMe
[2010/09/24 10:54:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne\My Documents\RegRun2
[2010/09/23 20:33:42 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2010/09/23 20:23:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/09/23 20:23:20 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2010/09/21 01:28:15 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/09/20 18:08:16 | 000,546,256 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\SZComp5.dll
[2010/09/20 18:08:16 | 000,132,560 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3HTUI5.dll
[2010/09/20 18:08:16 | 000,022,992 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\SZIO5.dll
[2010/09/20 18:08:14 | 000,452,048 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\SZBase5.dll
[2010/09/20 18:08:14 | 000,398,800 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3DBA5.dll
[2010/09/20 18:08:14 | 000,099,792 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Svc5.dll
[2010/09/20 18:08:14 | 000,067,024 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Hks5.dll
[2010/09/20 18:08:14 | 000,028,624 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3XDat5.dll
[2010/09/20 18:08:12 | 000,738,768 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Base5.dll
[2010/09/20 18:08:12 | 000,390,608 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3UI5.dll
[2010/09/20 18:08:12 | 000,230,864 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Win325.dll
[2010/09/20 18:08:12 | 000,099,792 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Inet5.dll
[2010/09/15 19:51:20 | 000,000,000 | ---D | C] -- C:\Program Files\WinPcap
[2010/05/26 00:21:38 | 000,121,344 | ---- | C] ( ) -- C:\WINDOWS\System32\lagarith.dll
[2001/07/06 16:59:54 | 000,372,736 | ---- | C] (Ed Halley - http://www.halley.cc/stuff/) -- C:\Program Files\Dragnifier.exe
[943 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[24 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]
[15 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[126 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/10/11 23:43:37 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Wayne\Desktop\OTL.exe
[2010/10/11 23:15:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3025990876-1698683601-3399203189-1006UA.job
[2010/10/11 23:02:12 | 000,000,240 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2010/10/11 23:01:44 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/11 23:00:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/11 19:34:34 | 000,016,968 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/10/11 18:36:15 | 080,770,650 | ---- | M] () -- C:\Documents and Settings\Wayne\Desktop\Northern Lights in Oil.avi
[2010/10/11 17:44:10 | 066,015,643 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/10/11 15:27:44 | 361,609,728 | ---- | M] () -- C:\Documents and Settings\Wayne\Desktop\Charlize Theron_Ass.AVI
[2010/10/11 15:18:15 | 866,899,968 | ---- | M] () -- C:\Documents and Settings\Wayne\Desktop\Daryll Hanna_At Play.AVI
[2010/10/11 14:15:02 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3025990876-1698683601-3399203189-1006Core.job
[2010/10/11 05:43:37 | 000,000,317 | ---- | M] () -- C:\WINDOWS\vuepro32.ini
[2010/10/11 03:40:25 | 000,000,021 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/10/10 15:26:55 | 000,002,284 | ---- | M] () -- C:\Documents and Settings\Wayne\Desktop\Google Chrome.lnk
[2010/10/10 15:26:55 | 000,002,262 | ---- | M] () -- C:\Documents and Settings\Wayne\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/10/10 13:33:15 | 000,736,854 | ---- | M] () -- C:\WINDOWS\CNorris.bmp
[2010/10/09 23:20:30 | 000,736,854 | ---- | M] () -- C:\WINDOWS\Preponvue2.bmp
[2010/10/08 00:49:40 | 000,736,854 | ---- | M] () -- C:\WINDOWS\Preponvue.bmp
[2010/10/07 18:05:51 | 000,736,854 | ---- | M] () -- C:\WINDOWS\EmmaB.bmp
[2010/10/07 14:39:21 | 000,736,854 | ---- | M] () -- C:\WINDOWS\Alicia2.bmp
[2010/10/07 00:23:32 | 000,736,854 | ---- | M] () -- C:\WINDOWS\Abbyvue2.bmp
[2010/10/06 13:06:11 | 000,736,854 | ---- | M] () -- C:\WINDOWS\Abbyvue.bmp
[2010/10/05 17:46:40 | 000,736,854 | ---- | M] () -- C:\WINDOWS\Nikkivue2.bmp
[2010/10/05 15:25:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/10/05 14:22:00 | 000,736,854 | ---- | M] () -- C:\WINDOWS\Nikkivue.bmp
[2010/10/05 13:21:29 | 000,000,901 | ---- | M] () -- C:\Documents and Settings\Wayne\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
[2010/10/03 23:37:58 | 000,000,337 | RHS- | M] () -- C:\boot.ini
[2010/10/01 23:35:41 | 000,960,054 | ---- | M] () -- C:\WINDOWS\Bugatti.bmp
[2010/10/01 14:35:35 | 000,000,657 | ---- | M] () -- C:\Documents and Settings\Wayne\Desktop\Shortcut to PropelAC.exe.lnk
[2010/09/30 17:48:29 | 000,979,254 | ---- | M] () -- C:\WINDOWS\ssc-ultimate-aero.bmp
[2010/09/30 11:42:57 | 001,274,454 | ---- | M] () -- C:\WINDOWS\Roadster2.bmp
[2010/09/30 10:31:47 | 001,200,054 | ---- | M] () -- C:\WINDOWS\Saleen_S7.bmp
[2010/09/30 08:43:24 | 001,440,054 | ---- | M] () -- C:\WINDOWS\car0.bmp
[2010/09/29 14:13:10 | 000,001,686 | ---- | M] () -- C:\Documents and Settings\Wayne\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2010/09/24 11:26:37 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/09/24 11:26:37 | 000,001,688 | ---- | M] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2010/09/24 11:26:37 | 000,000,002 | RHS- | M] () -- C:\WINDOWS\winstart.bat
[2010/09/23 20:33:42 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2010/09/23 17:00:03 | 001,440,998 | ---- | M] () -- C:\WINDOWS\car00.bmp
[2010/09/20 18:08:16 | 000,546,256 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\SZComp5.dll
[2010/09/20 18:08:16 | 000,132,560 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3HTUI5.dll
[2010/09/20 18:08:16 | 000,022,992 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\SZIO5.dll
[2010/09/20 18:08:14 | 000,452,048 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\SZBase5.dll
[2010/09/20 18:08:14 | 000,398,800 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3DBA5.dll
[2010/09/20 18:08:14 | 000,099,792 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Svc5.dll
[2010/09/20 18:08:14 | 000,067,024 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Hks5.dll
[2010/09/20 18:08:14 | 000,028,624 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3XDat5.dll
[2010/09/20 18:08:12 | 000,738,768 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Base5.dll
[2010/09/20 18:08:12 | 000,390,608 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3UI5.dll
[2010/09/20 18:08:12 | 000,230,864 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Win325.dll
[2010/09/20 18:08:12 | 000,099,792 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Inet5.dll
[2010/09/20 17:17:05 | 001,296,998 | ---- | M] () -- C:\WINDOWS\car10.bmp
[2010/09/20 14:56:40 | 001,440,998 | ---- | M] () -- C:\WINDOWS\Pagani-Zonda-Roadster.bmp
[2010/09/19 14:45:35 | 000,016,826 | -H-- | M] () -- C:\WINDOWS\vuepro32.GID
[2010/09/18 15:12:24 | 001,121,798 | ---- | M] () -- C:\WINDOWS\Bugatti Veyron2.bmp
[2010/09/18 14:45:20 | 000,896,198 | ---- | M] () -- C:\WINDOWS\Bugatti Veyron.bmp
[2010/09/18 02:11:51 | 001,356,054 | ---- | M] () -- C:\WINDOWS\McLaren2.bmp
[2010/09/18 01:39:44 | 001,083,398 | ---- | M] () -- C:\WINDOWS\McLaren3.bmp
[2010/09/12 15:54:42 | 001,440,054 | ---- | M] () -- C:\WINDOWS\carmen2.bmp
[2010/09/12 15:54:13 | 001,440,054 | ---- | M] () -- C:\WINDOWS\carmen.bmp
[2010/09/12 02:52:36 | 001,275,398 | ---- | M] () -- C:\WINDOWS\car5.bmp
[943 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[15 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[126 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/11 23:02:12 | 000,000,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2010/10/11 15:26:25 | 361,609,728 | ---- | C] () -- C:\Documents and Settings\Wayne\Desktop\Charlize Theron_Ass.AVI
[2010/10/11 15:15:13 | 866,899,968 | ---- | C] () -- C:\Documents and Settings\Wayne\Desktop\Daryll Hanna_At Play.AVI
[2010/10/11 15:06:11 | 080,770,650 | ---- | C] () -- C:\Documents and Settings\Wayne\Desktop\Northern Lights in Oil.avi
[2010/10/10 15:26:55 | 000,002,262 | ---- | C] () -- C:\Documents and Settings\Wayne\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/10/10 15:26:54 | 000,002,284 | ---- | C] () -- C:\Documents and Settings\Wayne\Desktop\Google Chrome.lnk
[2010/10/10 14:10:50 | 000,000,978 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3025990876-1698683601-3399203189-1006UA.job
[2010/10/10 14:10:50 | 000,000,926 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3025990876-1698683601-3399203189-1006Core.job
[2010/10/10 13:29:25 | 000,736,854 | ---- | C] () -- C:\WINDOWS\CNorris.bmp
[2010/10/08 01:02:05 | 000,736,854 | ---- | C] () -- C:\WINDOWS\Preponvue2.bmp
[2010/10/07 14:50:51 | 000,736,854 | ---- | C] () -- C:\WINDOWS\EmmaB.bmp
[2010/10/07 14:18:08 | 000,736,854 | ---- | C] () -- C:\WINDOWS\Alicia2.bmp
[2010/10/07 00:23:32 | 000,736,854 | ---- | C] () -- C:\WINDOWS\Abbyvue2.bmp
[2010/10/05 22:03:47 | 000,736,854 | ---- | C] () -- C:\WINDOWS\Abbyvue.bmp
[2010/10/05 18:59:39 | 000,736,854 | ---- | C] () -- C:\WINDOWS\Preponvue.bmp
[2010/10/04 19:47:56 | 000,736,854 | ---- | C] () -- C:\WINDOWS\Nikkivue2.bmp
[2010/10/03 23:37:52 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/10/03 23:13:33 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/10/03 23:13:33 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/10/03 23:13:33 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/10/03 03:02:05 | 000,736,854 | ---- | C] () -- C:\WINDOWS\Nikkivue.bmp
[2010/10/01 14:35:35 | 000,000,657 | ---- | C] () -- C:\Documents and Settings\Wayne\Desktop\Shortcut to PropelAC.exe.lnk
[2010/09/28 18:29:34 | 001,274,454 | ---- | C] () -- C:\WINDOWS\Roadster2.bmp
[2010/09/26 15:46:02 | 000,007,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCTAppEvent.cat
[2010/09/26 15:46:02 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat
[2010/09/26 15:45:54 | 000,007,387 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctgntdi.cat
[2010/09/26 15:44:31 | 000,007,435 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctNdis-PacketFilter.cat
[2010/09/26 15:44:31 | 000,007,399 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctNdis-DNS.cat
[2010/09/26 15:44:28 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctplfw.cat
[2010/09/24 10:57:40 | 000,000,002 | RHS- | C] () -- C:\WINDOWS\winstart.bat
[2010/09/23 20:26:06 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/09/23 17:00:03 | 001,440,998 | ---- | C] () -- C:\WINDOWS\car00.bmp
[2010/09/22 12:54:42 | 001,440,054 | ---- | C] () -- C:\WINDOWS\car0.bmp
[2010/09/20 17:17:05 | 001,296,998 | ---- | C] () -- C:\WINDOWS\car10.bmp
[2010/09/20 14:56:40 | 001,440,998 | ---- | C] () -- C:\WINDOWS\Pagani-Zonda-Roadster.bmp
[2010/09/18 15:12:25 | 001,121,798 | ---- | C] () -- C:\WINDOWS\Bugatti Veyron2.bmp
[2010/09/18 14:45:20 | 000,896,198 | ---- | C] () -- C:\WINDOWS\Bugatti Veyron.bmp
[2010/09/18 01:39:44 | 001,083,398 | ---- | C] () -- C:\WINDOWS\McLaren3.bmp
[2010/09/18 01:06:40 | 001,356,054 | ---- | C] () -- C:\WINDOWS\McLaren2.bmp
[2010/09/12 15:54:42 | 001,440,054 | ---- | C] () -- C:\WINDOWS\carmen2.bmp
[2010/09/12 02:52:36 | 001,275,398 | ---- | C] () -- C:\WINDOWS\car5.bmp
[2010/05/26 00:36:35 | 000,000,085 | ---- | C] () -- C:\WINDOWS\lagarith.ini
[2010/05/10 22:47:00 | 000,000,090 | ---- | C] () -- C:\WINDOWS\huffyuv.ini
[2010/04/21 22:46:50 | 000,000,568 | ---- | C] () -- C:\WINDOWS\HCWPNP.INI
[2010/01/17 03:44:57 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/01/17 03:44:57 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010/01/17 03:44:54 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/01/17 03:44:54 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/01/17 03:44:51 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/12/15 00:38:54 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2009/08/01 20:55:29 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2009/08/01 20:55:29 | 000,038,912 | ---- | C] () -- C:\WINDOWS\System32\KPSYS32.DLL
[2008/05/30 13:31:47 | 007,151,616 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\sandra.mda
[2007/11/06 15:19:28 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2007/02/11 16:39:25 | 000,004,535 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/02/07 00:58:00 | 000,000,846 | ---- | C] () -- C:\WINDOWS\xxclone.ini
[2005/05/20 13:25:42 | 000,000,317 | ---- | C] () -- C:\WINDOWS\vuepro32.ini
[2005/05/16 19:40:23 | 000,000,433 | ---- | C] () -- C:\WINDOWS\System32\imgdatwin.dll
[2005/05/16 19:40:22 | 000,000,052 | ---- | C] () -- C:\WINDOWS\System32\imgstpath.dll
[2005/05/16 19:39:28 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\LtDlgRes14n.dll
[2005/05/08 19:17:22 | 000,024,575 | ---- | C] () -- C:\WINDOWS\System32\Winapppiobas50.dll
[2005/05/08 19:16:02 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\lfkodak.dll
[2005/05/08 19:16:01 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[2004/09/30 18:23:07 | 000,000,052 | ---- | C] () -- C:\WINDOWS\Pex.INI
[2004/09/30 18:15:44 | 000,000,440 | ---- | C] () -- C:\WINDOWS\Ulead32.ini
[2004/09/17 17:37:42 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2004/09/06 19:04:09 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2004/09/01 10:49:17 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2004/08/27 01:00:32 | 000,000,086 | ---- | C] () -- C:\WINDOWS\POSTER.INI
[2004/08/19 16:33:08 | 000,000,155 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2004/07/13 12:12:22 | 000,000,583 | ---- | C] () -- C:\WINDOWS\videoimp.ini
[2004/04/06 14:28:53 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Wayne\Application Data\sversion.ini
[2004/04/01 12:40:14 | 000,000,263 | ---- | C] () -- C:\WINDOWS\phedit.ini
[2004/03/24 15:52:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\jppc.INI
[2004/03/19 15:36:51 | 002,270,720 | ---- | C] () -- C:\WINDOWS\Mgxrdr32.dll
[2004/03/19 15:36:51 | 000,046,080 | ---- | C] () -- C:\WINDOWS\LFTIF60N.DLL
[2004/03/19 15:36:51 | 000,043,008 | ---- | C] () -- C:\WINDOWS\LTFIL60N.DLL
[2004/03/19 15:36:51 | 000,019,968 | ---- | C] () -- C:\WINDOWS\LFTGA60N.DLL
[2004/03/19 15:36:50 | 000,141,824 | ---- | C] () -- C:\WINDOWS\LFCMP60N.DLL
[2004/03/19 15:36:50 | 000,110,080 | ---- | C] () -- C:\WINDOWS\LFPNG60N.DLL
[2004/03/19 15:36:50 | 000,023,552 | ---- | C] () -- C:\WINDOWS\LFPCX60N.DLL
[2004/03/19 15:36:50 | 000,022,016 | ---- | C] () -- C:\WINDOWS\LFGIF60N.DLL
[2004/03/19 15:36:50 | 000,020,480 | ---- | C] () -- C:\WINDOWS\LFPSD60N.DLL
[2004/03/19 15:36:50 | 000,018,432 | ---- | C] () -- C:\WINDOWS\LFRAS60N.DLL
[2004/03/19 15:36:18 | 000,399,350 | ---- | C] () -- C:\WINDOWS\ACCUGLD5.DLL
[2004/03/19 15:36:18 | 000,026,233 | ---- | C] () -- C:\WINDOWS\ACCUIFGL.DLL
[2004/02/09 04:25:28 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/11/08 18:43:56 | 000,000,005 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DirectCDUserNameD.txt
[2003/07/12 14:19:54 | 000,000,107 | ---- | C] () -- C:\WINDOWS\WEBLINK.INI
[2003/05/14 21:48:41 | 000,000,300 | ---- | C] () -- C:\WINDOWS\vuesav32.ini
[2003/05/14 11:03:50 | 000,004,673 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2003/02/08 21:41:09 | 000,000,036 | ---- | C] () -- C:\WINDOWS\cosdtp.ini
[2003/01/07 00:06:48 | 000,000,026 | ---- | C] () -- C:\WINDOWS\Magic40.INI
[2003/01/01 22:39:36 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2002/12/23 17:11:27 | 000,001,056 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2002/12/23 17:11:26 | 000,000,090 | ---- | C] () -- C:\WINDOWS\calera.ini
[2002/12/22 20:46:27 | 000,006,592 | ---- | C] () -- C:\WINDOWS\gwpreset.ini
[2002/12/22 20:46:27 | 000,001,248 | ---- | C] () -- C:\WINDOWS\goldwave.ini
[2002/12/22 18:25:52 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
[2002/12/21 20:37:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MTSTACK.INI
[2002/12/21 15:19:17 | 000,007,411 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2002/12/19 15:56:11 | 000,009,206 | ---- | C] () -- C:\WINDOWS\NTTuner.ini
[2002/12/19 15:04:25 | 000,269,312 | ---- | C] () -- C:\WINDOWS\System32\FPXIG.DLL
[2002/12/19 15:04:25 | 000,068,096 | ---- | C] () -- C:\WINDOWS\System32\IGFPX32P.DLL
[2002/12/19 15:04:25 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\JPEGACC.DLL
[2002/12/19 15:04:02 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\WELSOF32.DLL
[2002/12/19 00:52:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MusicEditor.INI
[2002/12/19 00:52:36 | 000,001,871 | ---- | C] () -- C:\WINDOWS\mp3maker.INI
[2002/12/19 00:50:45 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2002/12/18 15:13:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\dpcnav.INI
[2002/12/18 15:05:00 | 000,026,112 | ---- | C] () -- C:\WINDOWS\System32\inavevnt.dll
[2002/12/17 19:49:46 | 000,000,896 | ---- | C] () -- C:\WINDOWS\ACROREAD.INI
[2002/12/17 19:49:46 | 000,000,027 | ---- | C] () -- C:\WINDOWS\ACROGRAF.INI
[2002/12/17 00:20:57 | 000,001,952 | ---- | C] () -- C:\WINDOWS\SCANFX.INI
[2002/12/15 20:17:09 | 000,173,056 | ---- | C] () -- C:\Documents and Settings\Wayne\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2002/10/30 15:49:12 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2002/10/08 11:02:24 | 000,001,112 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2002/10/08 04:14:05 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2002/09/10 10:10:05 | 000,495,616 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2001/07/06 23:47:50 | 000,003,149 | ---- | C] () -- C:\Program Files\ReadMe.txt
[1999/10/06 17:48:28 | 000,016,476 | ---- | C] () -- C:\WINDOWS\System32\Snapv16.drv

========== LOP Check ==========

[2009/11/18 12:51:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2008/08/08 16:59:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eBay
[2010/09/23 20:33:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2009/01/08 23:44:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MediaMonkey
[2009/07/20 23:42:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2008/05/31 14:07:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2009/07/03 20:16:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2010/10/11 23:46:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2010/10/11 23:01:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/05/03 14:59:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2004/09/30 18:25:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2008/08/08 16:43:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WholeSecurity
[2006/11/27 21:24:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\101 Software
[2010/06/06 19:14:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\DeepBurner
[2008/08/08 16:59:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\eBay
[2008/02/19 17:30:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\Forte
[2009/04/01 02:19:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\Foxit
[2010/10/05 13:22:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\Foxit Software
[2009/03/07 02:27:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\GrabPro
[2010/09/09 13:14:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\gtk-2.0
[2009/04/24 13:09:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\hott notes 4
[2010/02/18 22:56:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\ImTOO Software Studio
[2008/09/22 15:35:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\IrfanView
[2009/05/01 13:35:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\K-Meleon
[2010/07/31 10:29:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\Leadertech
[2010/01/18 23:11:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\Leawo
[2006/11/28 09:48:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\M8 Software
[2008/01/25 12:27:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\MP3Rocket
[2010/10/10 14:10:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\Opera
[2009/03/07 03:03:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\Orbit
[2010/09/26 15:51:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\PCToolsFirewallPlus
[2010/01/13 22:34:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\Pegasys Inc
[2010/05/11 05:12:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\STOIK
[2010/09/22 13:59:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\Thunderbird
[2010/05/03 17:02:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\Trusteer
[2002/12/18 03:38:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\Ulead Systems
[2008/12/24 01:59:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\XnView

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8CE646EE
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C31F31E6

< End of report >

SuperDave · « **Reply #34 on:** October 12, 2010, 04:14:09 PM »

Ok. Let's try this again. I've removed the Reset Hosts command.

* Open OTL
* Copy and Paste the following text in the codebox into the Custom Scans/Fixes window.

Code: [Select]

:OTL
FF - prefs.js..keyword.URL: "http://www.veerboo.com/results.php?q="
FF - prefs.js..browser.search.defaultenginen ame: "www.google-feed.net"

:COMMANDS
[purity]
[clearrestorepoints]
[emptytemp]
[start explorer]

* Click Run Fix
* OTLI2 may ask to reboot the machine. Please do so if asked.
* Click OK
* A report will open. Copy and Paste that report in your next reply.

jwfilion · « **Reply #35 on:** October 12, 2010, 06:36:59 PM »

*censored*! *censored*! *censored*! I did as you said. My computer rebooted and I got the report, but got jacked again coming here. The same page, always the same page. One thing I should remark upon. After the reboot, I could not get to the internet with Firefox. It is supposed to use a proxy server and the server refused connection. I had to bypass the server and connect directly to get here. I wonder if doing so, brought this on. Any way, here is the report...

All processes killed
========== OTL ==========
Prefs.js: "http://www.veerboo.com/results.php?q=" removed from keyword.URL
Prefs.js: "www.google-feed.net" removed from browser.search.defaultenginen ame
========== COMMANDS ==========
Error: Unable to interpret <[clearrestorepoints]> in the current context!

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: Default User
->Temp folder emptied: 82368 bytes
->Temporary Internet Files folder emptied: 198991 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Wayne
->Temp folder emptied: 2337262 bytes
->Temporary Internet Files folder emptied: 7072611 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 70323293 bytes
->Google Chrome cache emptied: 14782966 bytes
->Flash cache emptied: 4593 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 5371183 bytes
%systemroot%\System32 .tmp files removed: 226660785 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 9104248 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 67 bytes
RecycleBin emptied: 65186563 bytes

Total Files Cleaned = 383.00 mb

OTL by OldTimer - Version 3.2.15.1 log created on 10122010_185751

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

SuperDave · « **Reply #36 on:** October 13, 2010, 12:20:46 PM »

Ok. Please run OTL again and post the logs. I want to see if anything is left over.

jwfilion · « **Reply #37 on:** October 13, 2010, 01:27:48 PM »

SuperDave, I was about to post the following when you just responded. The first thing this morning, I ran the last OTL "fix" you posted, again. After it rebooted the computer, it displayed the "kill" report. I immediately ran the OTL scan and the report showed that the offending web page was gone. I went online for several minutes. Got jacked again. Same page, as always. Went offline. Ran the OTL scan again, and the report showed the page was back. I had no problem with any proxy server, so I assume that was not a problem.

Not sure which OTL scan you mean. I just ran the OTL Standard Output scan. Again, there was just the one report.
Thanks again for you patience.

Here is the report...

OTL logfile created on: 10/13/2010 1:29:02 PM - Run 7
OTL by OldTimer - Version 3.2.15.1 Folder = C:\Documents and Settings\Wayne\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 69.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): C:\pagefile.sys 360 720 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 256.64 Gb Free Space | 86.09% Space Free | Partition Type: NTFS

Computer Name: OWNER-X35LSKRDA | User Name: Wayne | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/10/11 23:43:37 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Wayne\Desktop\OTL.exe
PRC - [2010/10/11 18:56:35 | 002,424,560 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2010/10/10 14:10:40 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Wayne\Local Settings\Application Data\Google\Update\1.2.183.29\GoogleCrashHandler.exe
PRC - [2010/10/04 13:14:48 | 002,067,808 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/09/24 19:03:18 | 000,621,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/09/24 19:03:05 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/09/20 18:08:28 | 000,177,616 | R--- | M] (iS3, Inc.) -- C:\Program Files\STOPzilla!\STOPzilla.exe
PRC - [2010/09/20 18:08:22 | 000,062,928 | R--- | M] (iS3, Inc.) -- C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
PRC - [2010/07/18 19:47:59 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/07/18 19:47:55 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/07/18 19:46:18 | 000,921,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/07/18 19:46:16 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/01/12 11:41:00 | 003,168,216 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
PRC - [2009/11/09 11:20:14 | 000,818,432 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Firewall Plus\FWService.exe
PRC - [2008/05/02 03:44:08 | 000,805,392 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2008/05/02 03:40:56 | 000,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2008/04/23 18:55:56 | 000,098,488 | ---- | M] (SiSoftware) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/09 16:21:02 | 000,124,280 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
PRC - [2006/07/25 02:01:00 | 000,114,688 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Sonic Shared\CineTray.exe
PRC - [2004/05/05 14:53:08 | 000,237,568 | ---- | M] (BTC) -- C:\Program Files\KMaestro\Kmaestro.exe
PRC - [2002/05/31 10:34:36 | 000,167,936 | ---- | M] () -- C:\WINDOWS\essspk.exe
PRC - [2002/05/20 09:17:08 | 000,086,016 | ---- | M] (Visioneer Inc) -- C:\Program Files\Visioneer OneTouch\OneTouchMon.exe

========== Modules (SafeList) ==========

MOD - [2010/10/11 23:43:37 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Wayne\Desktop\OTL.exe
MOD - [2009/07/12 02:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
MOD - [2008/05/02 03:42:50 | 000,045,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\lgscroll.dll
MOD - [2008/04/14 05:41:56 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\hid.dll
MOD - [2008/04/14 05:40:22 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2004/04/13 16:58:58 | 000,018,476 | ---- | M] (BTC) -- C:\Program Files\KMaestro\HidKeybd.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/09/20 18:08:22 | 000,062,928 | R--- | M] (iS3, Inc.) [Auto | Running] -- C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe -- (szserver)
SRV - [2010/07/18 19:47:55 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/07/18 19:46:18 | 000,921,440 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2009/11/09 11:20:14 | 000,818,432 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools Firewall Plus\FWService.exe -- (PCToolsFirewallPlus)
SRV - [2008/05/02 03:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2008/04/23 18:55:56 | 000,098,488 | ---- | M] (SiSoftware) [Auto | Running] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe -- (SandraAgentSrv)
SRV - [2007/11/06 15:22:26 | 000,092,792 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2007/10/09 16:21:02 | 000,124,280 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe -- (Basics Service)
SRV - [2005/11/14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\usbndis.sys -- (USBNDIS)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\nuvaudio.sys -- (nuvaudio)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\LMouKE.sys -- (LMouKE)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\LHidUsbK.Sys -- (LHidUsbK)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\CoachVc.sys -- (Dual Mode)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\Drivers\DPCUSB.sys -- (DPCUSB)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\CoachUsb.sys -- (CoachUsb)
DRV - [2010/09/27 01:45:14 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/09/27 01:45:14 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/09/27 01:45:13 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/07/18 19:48:01 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/07/18 19:46:17 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/06/03 08:24:56 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/05/12 18:01:06 | 000,059,280 | R--- | M] (iS3, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\szkgfs.sys -- (szkgfs)
DRV - [2010/05/11 12:00:34 | 000,020,072 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpuz133_x32.sys -- (cpuz133)
DRV - [2010/01/13 08:59:28 | 000,115,216 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctplfw.sys -- (pctplfw)
DRV - [2010/01/12 09:34:14 | 000,070,664 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctNdis-PacketFilter.sys -- (PCTFW-PacketFilter)
DRV - [2010/01/07 12:40:26 | 000,233,136 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pctgntdi.sys -- (pctgntdi)
DRV - [2010/01/07 11:35:06 | 000,058,816 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctNdis.sys -- (pctNDIS)
DRV - [2009/12/07 17:59:32 | 000,061,328 | R--- | M] (iS3 Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\szkg.sys -- (szkg5)
DRV - [2009/12/07 17:59:32 | 000,061,328 | R--- | M] (iS3 Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\is3srv.sys -- (is3srv)
DRV - [2009/11/23 13:54:20 | 000,088,040 | ---- | M] (PC Tools) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PCTAppEvent.sys -- (PCTAppEvent)
DRV - [2009/01/14 16:00:28 | 000,009,688 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emFilter.sys -- (FiltUSBEMPIA)
DRV - [2009/01/14 16:00:28 | 000,009,560 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emScan.sys -- (ScanUSBEMPIA)
DRV - [2009/01/14 16:00:26 | 000,175,576 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emDevice.sys -- (DCamUSBEMPIA)
DRV - [2008/04/14 00:23:10 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/04/14 00:16:24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2008/04/14 00:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/03/10 19:30:36 | 000,021,408 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\WNt500x86\sandra.sys -- (SANDRA)
DRV - [2008/02/29 04:13:46 | 000,028,944 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2008/02/29 04:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008/02/29 04:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2007/11/06 15:22:06 | 000,034,064 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2007/09/21 04:10:20 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2007/01/29 20:20:04 | 000,361,728 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emBDA.sys -- (USB28xxBGA)
DRV - [2007/01/29 20:19:48 | 000,039,680 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emOEM.sys -- (USB28xxOEM)
DRV - [2007/01/12 16:55:24 | 000,022,912 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emAudio.sys -- (emAudio)
DRV - [2006/11/10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2006/10/17 20:22:26 | 000,009,216 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\videX32.sys -- (videX32)
DRV - [2006/04/13 14:09:00 | 000,204,160 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vinyl97.sys -- (VIAudio) Vinyl AC'97 Audio Controller (WDM)
DRV - [2005/07/08 16:40:42 | 000,260,144 | ---- | M] (Hauppauge Computer Works) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Nuvision.sys -- (NuVision)
DRV - [2004/03/02 14:02:30 | 000,167,040 | ---- | M] (S3 Graphics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\s3gnbm.sys -- (S3Psddr)
DRV - [2003/03/24 11:32:08 | 000,702,188 | ---- | M] (ESS Technology, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\es56hpi.sys -- (Edspport)
DRV - [2002/12/22 18:25:52 | 000,005,248 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\giveio.sys -- (giveio)
DRV - [2002/07/24 04:30:00 | 000,032,128 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\viaagp1.sys -- (viaagp1)
DRV - [2001/12/18 14:45:04 | 000,003,279 | ---- | M] (VIA Technologies. Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\VIAPFD.SYS -- (VIAPFD)
DRV - [2001/10/18 12:00:00 | 000,006,144 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\DRIVERS\viaidexp.sys -- (ViaIde)
DRV - [2001/08/17 09:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [1998/02/23 17:56:50 | 000,031,104 | ---- | M] (Play Incorporated) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\SNAPTHN.SYS -- (SnapTHN)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.canoe.ca/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginen ame: "www.google-feed.net"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://en.canoe.ca/home.html"
FF - prefs.js..extensions.enabledItems: {34274bf4-1d97-a289-e984-17e546307e4f}:0.5.3.043
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.0
FF - prefs.js..extensions.enabledItems: {1d5287d1-8a92-0001-1f31-1cec198018d8}:2.0.20080718
FF - prefs.js..extensions.enabledItems: {F8CC37C3-CBEB-4A00-8CBF-26A88693F0C5}:2.2008.5.13
FF - prefs.js..extensions.enabledItems: {62760FD6-B943-48C9-AB09-F99C6FE96088}:1.6.4
FF - prefs.js..extensions.enabledItems: {EF522540-89F5-46b9-B6FE-1829E2B572C6}:3.13
FF - prefs.js..extensions.enabledItems: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.3.1
FF - prefs.js..keyword.URL: "http://www.veerboo.com/results.php?q="

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/09/24 19:05:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/30 23:33:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/30 23:33:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/09/29 14:13:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010/10/05 13:21:09 | 000,000,000 | ---D | M]

[2010/09/22 13:59:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\Mozilla\Extensions
[2010/09/22 13:59:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Wayne\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/10/12 19:19:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\Mozilla\Firefox\Profiles\d1lib2qr.default\extensions
[2008/09/07 19:21:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\Mozilla\Firefox\Profiles\d1lib2qr.default\extensions\[email protected]
[2010/09/15 19:52:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\Mozilla\Firefox\Profiles\d1lib2qr.default\extensions\SearchHelper
[2008/05/27 22:59:05 | 000,001,162 | ---- | M] () -- C:\Documents and Settings\Wayne\Application Data\Mozilla\Firefox\Profiles\d1lib2qr.default\searchplugins\dictionary.xml
[2010/09/15 19:51:59 | 000,000,003 | ---- | M] () -- C:\Documents and Settings\Wayne\Application Data\Mozilla\Firefox\Profiles\d1lib2qr.default\searchplugins\GoogleFeed.xml
[2010/10/12 19:19:20 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/23 00:24:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/21 02:47:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2008/12/20 00:22:20 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2008/12/21 14:43:06 | 000,067,688 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jar50.dll
[2008/12/21 14:43:06 | 000,054,368 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jsd3250.dll
[2008/12/21 14:43:06 | 000,034,944 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\myspell.dll
[2008/12/21 14:43:06 | 000,046,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\spellchk.dll
[2008/12/21 14:43:07 | 000,172,136 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\xpinstal.dll
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/10/05 13:18:11 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

O1 HOSTS File: ([2010/10/11 03:40:25 | 000,000,021 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Accelerator Plugin) - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\Program Files\MTS Accelerator\prpl_IePopupBlocker.dll (Propel Software Corporation)
O2 - BHO: (STOPzilla Browser Helper Object) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll (iS3, Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O4 - HKLM..\Run: [00PCTFW] C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe (PC Tools)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [basicsmssmenu] C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe (Maxtor Corporation)
O4 - HKLM..\Run: [BtcMaestro] C:\Program Files\KMaestro\Kmaestro.exe (BTC)
O4 - HKLM..\Run: [CXMon] C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [EssSpkPhone] C:\WINDOWS\essspk.exe ()
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [OneTouch Monitor] C:\Program Files\Visioneer OneTouch\OneTouchMon.exe (Visioneer Inc)
O4 - HKLM..\Run: [VTPreset] C:\WINDOWS\System32\VTPreset.exe (S3 Graphics, Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Sonic CinePlayer Quick Launch.lnk = C:\Program Files\Common Files\Sonic Shared\CineTray.exe (Sonic Solutions)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictRun = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictRun = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {33363249-0000-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/i263_32.cab (Reg Error: Key error.)
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} http://a1540.g.akamai.net/7/1540/52/20021205/qtinstall.info.apple.com/borris/us/win/QuickTimeInstaller.exe (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37623.4285648148 (Reg Error: Key error.)
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://www.crucial.com/controls/cpcScanner.cab (Crucial cpcScan)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\car.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\car.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/10/08 09:25:20 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*

jwfilion · « **Reply #38 on:** October 13, 2010, 01:38:24 PM »

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Cloudmark SpamNet for OE.lnk - Reg Error: Value error. - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^dpcstart.lnk - Reg Error: Value error. - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^Wayne^Start Menu^Programs^Startup^ClickTray Calendar.lnk - Reg Error: Value error. - File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

SafeBootMin: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: WdfLoadGroup -
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: hitmanpro35 - Reg Error: Value error.
SafeBootNet: hitmanpro35.sys - Reg Error: Value error.
SafeBootNet: HitmanPro35Crusader - Reg Error: Value error.
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PEVSystemStart - Service
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: procexp90.Sys - Driver
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: WdfLoadGroup -
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {032A6019-9DAA-40f9-A3B3-34ABB0AA0947} - Q813951
ActiveX: {057997dd-71e4-43cc-b161-3f8180691a9e} - Q824145
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {2298d453-bcae-4519-bf33-1cbf3faf1524} - Q867801
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.2
ActiveX: {2757B1D6-0367-4663-877C-93ECC5C01BF6} - Q324929
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.2
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2cc9d512-6db6-4f1c-8979-9a41fae88de0} - Q837009
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {377483c2-e4b4-4ee8-b577-9aed264c8735} - Q822925
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5f3c70b3-ac2f-432c-8f9c-1624df61f54f} - Microsoft Data Access Components KB870669
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {795d0712-722c-43ec-906a-fc5e678eada9} - Q831167
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {96543d59-497a-4801-a1f3-5936aacaf7b1} - Q828750
ActiveX: {abcdf74f-9a64-4e6e-b8eb-6e5a41de6550} -
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C34F4917-ED43-439f-9023-97B0024A2B3B} - Q810847
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player 9 ActiveX
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {eddbec60-89cb-44ef-8291-0850fd28ff6a} - Q832894
ActiveX: {f5173cf0-1dfb-4978-8e50-a90169ee7ca9} - Q823353
ActiveX: {F5776D81-AE53-4935-8E84-B0B283D8BCEF} - Q330994
ActiveX: {f5de1b93-9d38-416b-b09e-aa85a8e84309} - Q818529
ActiveX: {F9C174E3-3E87-40bc-AA94-B8974F2B9222} - Q813489
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.dvacm - C:\Program Files\Common Files\Ulead Systems\Vio\DVACM.acm ()
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVIDEO - C:\WINDOWS\System32\SnapVNT.drv (Play Incorporated)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.ffds - C:\Program Files\Combined Community Codec Pack\Filters\FFDShow\ff_vfw.dll ()
Drivers32: VIDC.HFYU - C:\WINDOWS\System32\HUFFYUV.DLL (Disappearing Inc.)
Drivers32: VIDC.I263 - C:\WINDOWS\System32\i263_32.drv (Intel Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.LAGS - C:\WINDOWS\System32\lagarith.dll ( )
Drivers32: VIDC.MJPG - C:\Program Files\Common Files\Pegasus Imaging\pvmjpg40.dll (Accusoft Pegasus)
Drivers32: VIDC.NTN1 - C:\WINDOWS\System32\nuvision.ax (Zoran Ltd.)
Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvid.dll ()
Drivers32: VIDC.YV12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)
Drivers32: wave1 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

========== Files/Folders - Created Within 90 Days ==========

[2010/10/12 18:57:51 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/10/11 23:42:12 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Wayne\Desktop\OTL.exe
[2010/10/10 14:10:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne\Local Settings\Application Data\Temp
[2010/10/10 00:52:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne\Desktop\Art Stuff
[2010/10/10 00:50:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne\Desktop\Desktop Nudes
[2010/10/10 00:44:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne\Desktop\Fixed Folder
[2010/10/10 00:21:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne\Desktop\MyStuff
[2010/10/10 00:16:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne\Desktop\Recipes
[2010/10/10 00:10:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne\Desktop\Video Editing
[2010/10/10 00:10:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne\Desktop\Desktop
[2010/10/06 19:41:15 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2010/10/06 00:33:51 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/10/06 00:02:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/10/05 13:22:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne\Application Data\Foxit Software
[2010/10/03 23:37:50 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/10/03 23:13:33 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/10/03 23:13:33 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/10/03 22:48:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne\My Documents\New Folder
[2010/09/30 20:34:29 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Wayne\Recent
[2010/09/29 14:13:05 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2010/09/26 15:50:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne\Application Data\PCToolsFirewallPlus
[2010/09/26 15:46:02 | 000,207,792 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2010/09/26 15:46:02 | 000,088,040 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2010/09/26 15:45:54 | 000,233,136 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2010/09/26 15:44:31 | 000,070,664 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctNdis-PacketFilter.sys
[2010/09/26 15:44:31 | 000,058,816 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctNdis.sys
[2010/09/26 15:44:31 | 000,032,680 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctNdis-DNS.sys
[2010/09/26 15:44:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/09/26 15:44:28 | 000,115,216 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplfw.sys
[2010/09/26 15:44:25 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Firewall Plus
[2010/09/26 04:53:45 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/09/25 10:42:24 | 000,000,000 | ---D | C] -- C:\Program Files\STOPzilla!
[2010/09/25 10:42:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2010/09/25 10:42:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
[2010/09/25 00:00:27 | 000,000,000 | ---D | C] -- C:\671feffc3b70b88a397bd6f620fbac40
[2010/09/24 11:25:08 | 000,000,000 | ---D | C] -- C:\Program Files\UnHackMe
[2010/09/24 10:54:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne\My Documents\RegRun2
[2010/09/23 20:33:42 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2010/09/23 20:23:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/09/23 20:23:20 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2010/09/21 01:28:15 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/09/20 18:08:16 | 000,546,256 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\SZComp5.dll
[2010/09/20 18:08:16 | 000,132,560 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3HTUI5.dll
[2010/09/20 18:08:16 | 000,022,992 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\SZIO5.dll
[2010/09/20 18:08:14 | 000,452,048 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\SZBase5.dll
[2010/09/20 18:08:14 | 000,398,800 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3DBA5.dll
[2010/09/20 18:08:14 | 000,099,792 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Svc5.dll
[2010/09/20 18:08:14 | 000,067,024 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Hks5.dll
[2010/09/20 18:08:14 | 000,028,624 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3XDat5.dll
[2010/09/20 18:08:12 | 000,738,768 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Base5.dll
[2010/09/20 18:08:12 | 000,390,608 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3UI5.dll
[2010/09/20 18:08:12 | 000,230,864 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Win325.dll
[2010/09/20 18:08:12 | 000,099,792 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Inet5.dll
[2010/09/15 19:51:20 | 000,000,000 | ---D | C] -- C:\Program Files\WinPcap
[2010/08/19 17:55:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne\.gimp-2.6
[2010/08/19 17:55:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne\My Documents\gegl-0.0
[2010/08/19 17:54:23 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP-2.0
[2010/07/31 10:54:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2010/07/31 10:29:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne\Application Data\Leadertech
[2010/07/31 09:40:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Sonic Shared
[2010/07/31 09:40:13 | 000,000,000 | ---D | C] -- C:\Program Files\Sonic
[2010/07/30 16:35:08 | 000,036,864 | ---- | C] (Robdogg Inc.) -- C:\WINDOWS\System32\trayicon_handler.ocx
[2010/07/30 16:35:08 | 000,028,672 | ---- | C] (-) -- C:\WINDOWS\System32\mousewheel.ocx
[2010/07/30 12:32:35 | 000,000,000 | ---D | C] -- C:\Program Files\XviD
[2010/07/30 12:32:35 | 000,000,000 | ---D | C] -- C:\Program Files\AC3Filter
[2010/07/30 12:32:29 | 000,000,000 | ---D | C] -- C:\Program Files\Combined Community Codec Pack
[2010/07/30 12:32:28 | 000,000,000 | ---D | C] -- C:\Program Files\ffdshow
[2010/07/29 22:40:21 | 000,000,000 | ---D | C] -- C:\Program Files\FinalBurner
[2010/07/29 22:34:02 | 000,839,680 | ---- | C] (http://www.mp3dev.org/) -- C:\WINDOWS\System32\lameACM.acm
[2010/07/29 20:30:33 | 000,000,000 | ---D | C] -- C:\Program Files\Video DVD Maker
[2010/07/29 10:43:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne\Application Data\DVD Flick
[2010/07/29 10:42:54 | 000,000,000 | ---D | C] -- C:\Program Files\DVD Flick
[2010/07/28 23:12:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne\My Documents\GFDOutDir
[2010/07/27 20:04:29 | 000,000,000 | ---D | C] -- C:\Program Files\MPC HomeCinema
[2010/07/26 21:32:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne\.thumb
[2010/07/26 21:31:55 | 000,000,000 | ---D | C] -- C:\Program Files\DVDStyler
[2010/07/18 19:47:58 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/05/26 00:21:38 | 000,121,344 | ---- | C] ( ) -- C:\WINDOWS\System32\lagarith.dll
[2001/07/06 16:59:54 | 000,372,736 | ---- | C] (Ed Halley - http://www.halley.cc/stuff/) -- C:\Program Files\Dragnifier.exe
[24 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]
[126 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/10/13 13:15:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3025990876-1698683601-3399203189-1006UA.job
[2010/10/13 12:33:59 | 000,000,240 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2010/10/13 12:33:35 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/13 12:32:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/12 21:41:45 | 000,000,302 | ---- | M] () -- C:\WINDOWS\vuepro32.ini
[2010/10/12 21:41:20 | 000,131,898 | ---- | M] () -- C:\Documents and Settings\Wayne\Desktop\bondarms.jpg
[2010/10/12 18:54:20 | 066,162,207 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/10/12 15:25:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/10/12 14:15:01 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3025990876-1698683601-3399203189-1006Core.job
[2010/10/12 00:58:10 | 000,001,257 | ---- | M] () -- C:\WINDOWS\goldwave.ini
[2010/10/11 23:43:37 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Wayne\Desktop\OTL.exe
[2010/10/11 19:34:34 | 000,016,968 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/10/11 03:40:25 | 000,000,021 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/10/10 15:26:55 | 000,002,284 | ---- | M] () -- C:\Documents and Settings\Wayne\Desktop\Google Chrome.lnk
[2010/10/10 15:26:55 | 000,002,262 | ---- | M] () -- C:\Documents and Settings\Wayne\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/10/10 13:33:15 | 000,736,854 | ---- | M] () -- C:\WINDOWS\CNorris.bmp
[2010/10/09 23:20:30 | 000,736,854 | ---- | M] () -- C:\WINDOWS\Preponvue2.bmp
[2010/10/08 00:49:40 | 000,736,854 | ---- | M] () -- C:\WINDOWS\Preponvue.bmp
[2010/10/07 18:05:51 | 000,736,854 | ---- | M] () -- C:\WINDOWS\EmmaB.bmp
[2010/10/07 14:39:21 | 000,736,854 | ---- | M] () -- C:\WINDOWS\Alicia2.bmp
[2010/10/07 00:23:32 | 000,736,854 | ---- | M] () -- C:\WINDOWS\Abbyvue2.bmp
[2010/10/06 13:06:11 | 000,736,854 | ---- | M] () -- C:\WINDOWS\Abbyvue.bmp
[2010/10/05 17:46:40 | 000,736,854 | ---- | M] () -- C:\WINDOWS\Nikkivue2.bmp
[2010/10/05 14:22:00 | 000,736,854 | ---- | M] () -- C:\WINDOWS\Nikkivue.bmp
[2010/10/05 13:21:29 | 000,000,901 | ---- | M] () -- C:\Documents and Settings\Wayne\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
[2010/10/03 23:37:58 | 000,000,337 | RHS- | M] () -- C:\boot.ini
[2010/10/01 23:35:41 | 000,960,054 | ---- | M] () -- C:\WINDOWS\Bugatti.bmp
[2010/10/01 14:35:35 | 000,000,657 | ---- | M] () -- C:\Documents and Settings\Wayne\Desktop\Shortcut to PropelAC.exe.lnk
[2010/09/30 17:48:29 | 000,979,254 | ---- | M] () -- C:\WINDOWS\ssc-ultimate-aero.bmp
[2010/09/30 11:42:57 | 001,274,454 | ---- | M] () -- C:\WINDOWS\Roadster2.bmp
[2010/09/30 10:31:47 | 001,200,054 | ---- | M] () -- C:\WINDOWS\Saleen_S7.bmp
[2010/09/30 08:43:24 | 001,440,054 | ---- | M] () -- C:\WINDOWS\car0.bmp
[2010/09/29 14:13:10 | 000,001,686 | ---- | M] () -- C:\Documents and Settings\Wayne\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2010/09/24 11:26:37 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/09/24 11:26:37 | 000,001,688 | ---- | M] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2010/09/24 11:26:37 | 000,000,002 | RHS- | M] () -- C:\WINDOWS\winstart.bat
[2010/09/23 20:33:42 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2010/09/23 17:00:03 | 001,440,998 | ---- | M] () -- C:\WINDOWS\car00.bmp
[2010/09/20 18:08:16 | 000,546,256 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\SZComp5.dll
[2010/09/20 18:08:16 | 000,132,560 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3HTUI5.dll
[2010/09/20 18:08:16 | 000,022,992 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\SZIO5.dll
[2010/09/20 18:08:14 | 000,452,048 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\SZBase5.dll
[2010/09/20 18:08:14 | 000,398,800 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3DBA5.dll
[2010/09/20 18:08:14 | 000,099,792 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Svc5.dll
[2010/09/20 18:08:14 | 000,067,024 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Hks5.dll
[2010/09/20 18:08:14 | 000,028,624 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3XDat5.dll
[2010/09/20 18:08:12 | 000,738,768 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Base5.dll
[2010/09/20 18:08:12 | 000,390,608 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3UI5.dll
[2010/09/20 18:08:12 | 000,230,864 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Win325.dll
[2010/09/20 18:08:12 | 000,099,792 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Inet5.dll
[2010/09/20 17:17:05 | 001,296,998 | ---- | M] () -- C:\WINDOWS\car10.bmp
[2010/09/20 14:56:40 | 001,440,998 | ---- | M] () -- C:\WINDOWS\Pagani-Zonda-Roadster.bmp
[2010/09/19 14:45:35 | 000,016,826 | -H-- | M] () -- C:\WINDOWS\vuepro32.GID
[2010/09/18 15:12:24 | 001,121,798 | ---- | M] () -- C:\WINDOWS\Bugatti Veyron2.bmp
[2010/09/18 14:45:20 | 000,896,198 | ---- | M] () -- C:\WINDOWS\Bugatti Veyron.bmp
[2010/09/18 02:11:51 | 001,356,054 | ---- | M] () -- C:\WINDOWS\McLaren2.bmp
[2010/09/18 01:39:44 | 001,083,398 | ---- | M] () -- C:\WINDOWS\McLaren3.bmp
[2010/09/12 15:54:42 | 001,440,054 | ---- | M] () -- C:\WINDOWS\carmen2.bmp
[2010/09/12 15:54:13 | 001,440,054 | ---- | M] () -- C:\WINDOWS\carmen.bmp
[2010/09/12 02:52:36 | 001,275,398 | ---- | M] () -- C:\WINDOWS\car5.bmp
[2010/09/10 15:02:58 | 001,016,198 | ---- | M] () -- C:\WINDOWS\car4.bmp
[2010/09/10 14:47:53 | 001,275,398 | ---- | M] () -- C:\WINDOWS\car3.bmp
[2010/09/09 13:14:33 | 000,004,681 | ---- | M] () -- C:\Documents and Settings\Wayne\.recently-used.xbel
[2010/09/07 14:21:59 | 000,063,109 | ---- | M] () -- C:\Documents and Settings\Wayne\Desktop\Puppy2.jpg
[2010/09/01 20:40:00 | 000,878,454 | ---- | M] () -- C:\WINDOWS\car.bmp
[2010/08/31 13:32:29 | 001,440,054 | ---- | M] () -- C:\WINDOWS\1982_lamborghini.bmp
[2010/08/31 13:18:53 | 000,050,502 | ---- | M] () -- C:\Documents and Settings\Wayne\Desktop\slutclass3.jpg
[2010/08/28 21:40:00 | 000,000,300 | ---- | M] () -- C:\WINDOWS\vuesav32.ini
[2010/08/18 18:12:33 | 001,413,654 | ---- | M] () -- C:\WINDOWS\Murcielago.bmp
[2010/08/16 18:01:06 | 000,444,932 | ---- | M] () -- C:\Documents and Settings\Wayne\Desktop\Puppy.jpg
[2010/08/14 00:04:33 | 000,658,640 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/07/31 09:43:56 | 000,004,673 | ---- | M] () -- C:\WINDOWS\WININIT.INI
[2010/07/31 09:40:15 | 000,000,773 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Sonic CinePlayer Quick Launch.lnk
[2010/07/27 20:04:31 | 000,000,648 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Media Player Classic - Home Cinema.lnk
[2010/07/25 02:10:09 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/24 09:58:52 | 000,000,014 | ---- | M] () -- C:\Documents and Settings\Wayne\My Documents\PDVD_MediaDisc.PlayList
[2010/07/22 23:00:44 | 000,173,056 | ---- | M] () -- C:\Documents and Settings\Wayne\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/18 19:48:01 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/07/18 19:47:58 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/07/18 19:46:17 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[126 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/13 12:33:59 | 000,000,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2010/10/12 21:25:14 | 000,131,898 | ---- | C] () -- C:\Documents and Settings\Wayne\Desktop\bondarms.jpg
[2010/10/10 15:26:55 | 000,002,262 | ---- | C] () -- C:\Documents and Settings\Wayne\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/10/10 15:26:54 | 000,002,284 | ---- | C] () -- C:\Documents and Settings\Wayne\Desktop\Google Chrome.lnk
[2010/10/10 14:10:50 | 000,000,978 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3025990876-1698683601-3399203189-1006UA.job
[2010/10/10 14:10:50 | 000,000,926 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3025990876-1698683601-3399203189-1006Core.job
[2010/10/10 13:29:25 | 000,736,854 | ---- | C] () -- C:\WINDOWS\CNorris.bmp
[2010/10/08 01:02:05 | 000,736,854 | ---- | C] () -- C:\WINDOWS\Preponvue2.bmp
[2010/10/07 14:50:51 | 000,736,854 | ---- | C] () -- C:\WINDOWS\EmmaB.bmp
[2010/10/07 14:18:08 | 000,736,854 | ---- | C] () -- C:\WINDOWS\Alicia2.bmp
[2010/10/07 00:23:32 | 000,736,854 | ---- | C] () -- C:\WINDOWS\Abbyvue2.bmp
[2010/10/05 22:03:47 | 000,736,854 | ---- | C] () -- C:\WINDOWS\Abbyvue.bmp
[2010/10/05 18:59:39 | 000,736,854 | ---- | C] () -- C:\WINDOWS\Preponvue.bmp
[2010/10/04 19:47:56 | 000,736,854 | ---- | C] () -- C:\WINDOWS\Nikkivue2.bmp
[2010/10/03 23:37:52 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/10/03 23:13:33 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/10/03 23:13:33 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/10/03 23:13:33 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/10/03 03:02:05 | 000,736,854 | ---- | C] () -- C:\WINDOWS\Nikkivue.bmp
[2010/10/01 14:35:35 | 000,000,657 | ---- | C] () -- C:\Documents and Settings\Wayne\Desktop\Shortcut to PropelAC.exe.lnk
[2010/09/28 18:29:34 | 001,274,454 | ---- | C] () -- C:\WINDOWS\Roadster2.bmp
[2010/09/26 15:46:02 | 000,007,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCTAppEvent.cat
[2010/09/26 15:46:02 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat
[2010/09/26 15:45:54 | 000,007,387 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctgntdi.cat
[2010/09/26 15:44:31 | 000,007,435 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctNdis-PacketFilter.cat
[2010/09/26 15:44:31 | 000,007,399 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctNdis-DNS.cat
[2010/09/26 15:44:28 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctplfw.cat
[2010/09/24 10:57:40 | 000,000,002 | RHS- | C] () -- C:\WINDOWS\winstart.bat
[2010/09/23 20:26:06 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/09/23 17:00:03 | 001,440,998 | ---- | C] () -- C:\WINDOWS\car00.bmp
[2010/09/22 12:54:42 | 001,440,054 | ---- | C] () -- C:\WINDOWS\car0.bmp
[2010/09/20 17:17:05 | 001,296,998 | ---- | C] () -- C:\WINDOWS\car10.bmp
[2010/09/20 14:56:40 | 001,440,998 | ---- | C] () -- C:\WINDOWS\Pagani-Zonda-Roadster.bmp
[2010/09/18 15:12:25 | 001,121,798 | ---- | C] () -- C:\WINDOWS\Bugatti Veyron2.bmp
[2010/09/18 14:45:20 | 000,896,198 | ---- | C] () -- C:\WINDOWS\Bugatti Veyron.bmp
[2010/09/18 01:39:44 | 001,083,398 | ---- | C] () -- C:\WINDOWS\McLaren3.bmp
[2010/09/18 01:06:40 | 001,356,054 | ---- | C] () -- C:\WINDOWS\McLaren2.bmp
[2010/09/12 15:54:42 | 001,440,054 | ---- | C] () -- C:\WINDOWS\carmen2.bmp
[2010/09/12 02:52:36 | 001,275,398 | ---- | C] () -- C:\WINDOWS\car5.bmp
[2010/09/10 15:02:58 | 001,016,198 | ---- | C] () -- C:\WINDOWS\car4.bmp
[2010/09/10 14:47:53 | 001,275,398 | ---- | C] () -- C:\WINDOWS\car3.bmp
[2010/09/09 13:14:33 | 000,004,681 | ---- | C] () -- C:\Documents and Settings\Wayne\.recently-used.xbel
[2010/09/07 14:21:59 | 000,063,109 | ---- | C] () -- C:\Documents and Settings\Wayne\Desktop\Puppy2.jpg
[2010/08/31 01:47:35 | 001,440,054 | ---- | C] () -- C:\WINDOWS\1982_lamborghini.bmp
[2010/08/11 17:37:06 | 000,960,054 | ---- | C] () -- C:\WINDOWS\Bugatti.bmp
[2010/07/31 09:40:15 | 000,000,773 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Sonic CinePlayer Quick Launch.lnk
[2010/07/27 20:04:31 | 000,000,648 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Media Player Classic - Home Cinema.lnk
[2010/07/24 11:30:49 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\ac3filter.cpl
[2010/05/26 00:36:35 | 000,000,085 | ---- | C] () -- C:\WINDOWS\lagarith.ini
[2010/05/10 22:47:00 | 000,000,090 | ---- | C] () -- C:\WINDOWS\huffyuv.ini
[2010/04/21 22:46:50 | 000,000,568 | ---- | C] () -- C:\WINDOWS\HCWPNP.INI
[2010/01/17 03:44:57 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/01/17 03:44:57 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010/01/17 03:44:54 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/01/17 03:44:54 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/01/17 03:44:51 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/12/15 00:38:54 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2009/08/01 20:55:29 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2009/08/01 20:55:29 | 000,038,912 | ---- | C] () -- C:\WINDOWS\System32\KPSYS32.DLL
[2008/05/30 13:31:47 | 007,151,616 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\sandra.mda
[2007/11/06 15:19:28 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2007/02/11 16:39:25 | 000,004,535 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/02/07 00:58:00 | 000,000,846 | ---- | C] () -- C:\WINDOWS\xxclone.ini
[2005/05/20 13:25:42 | 000,000,302 | ---- | C] () -- C:\WINDOWS\vuepro32.ini
[2005/05/16 19:40:23 | 000,000,433 | ---- | C] () -- C:\WINDOWS\System32\imgdatwin.dll
[2005/05/16 19:40:22 | 000,000,052 | ---- | C] () -- C:\WINDOWS\System32\imgstpath.dll
[2005/05/16 19:39:28 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\LtDlgRes14n.dll
[2005/05/08 19:17:22 | 000,024,575 | ---- | C] () -- C:\WINDOWS\System32\Winapppiobas50.dll
[2005/05/08 19:16:02 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\lfkodak.dll
[2005/05/08 19:16:01 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[2004/09/30 18:23:07 | 000,000,052 | ---- | C] () -- C:\WINDOWS\Pex.INI
[2004/09/30 18:15:44 | 000,000,440 | ---- | C] () -- C:\WINDOWS\Ulead32.ini
[2004/09/17 17:37:42 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2004/09/06 19:04:09 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2004/09/01 10:49:17 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2004/08/27 01:00:32 | 000,000,086 | ---- | C] () -- C:\WINDOWS\POSTER.INI
[2004/08/19 16:33:08 | 000,000,155 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2004/07/13 12:12:22 | 000,000,583 | ---- | C] () -- C:\WINDOWS\videoimp.ini
[2004/04/06 14:28:53 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Wayne\Application Data\sversion.ini
[2004/04/01 12:40:14 | 000,000,263 | ---- | C] () -- C:\WINDOWS\phedit.ini
[2004/03/24 15:52:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\jppc.INI
[2004/03/19 15:36:51 | 002,270,720 | ---- | C] () -- C:\WINDOWS\Mgxrdr32.dll
[2004/03/19 15:36:51 | 000,046,080 | ---- | C] () -- C:\WINDOWS\LFTIF60N.DLL
[2004/03/19 15:36:51 | 000,043,008 | ---- | C] () -- C:\WINDOWS\LTFIL60N.DLL
[2004/03/19 15:36:51 | 000,019,968 | ---- | C] () -- C:\WINDOWS\LFTGA60N.DLL
[2004/03/19 15:36:50 | 000,141,824 | ---- | C] () -- C:\WINDOWS\LFCMP60N.DLL
[2004/03/19 15:36:50 | 000,110,080 | ---- | C] () -- C:\WINDOWS\LFPNG60N.DLL
[2004/03/19 15:36:50 | 000,023,552 | ---- | C] () -- C:\WINDOWS\LFPCX60N.DLL
[2004/03/19 15:36:50 | 000,022,016 | ---- | C] () -- C:\WINDOWS\LFGIF60N.DLL
[2004/03/19 15:36:50 | 000,020,480 | ---- | C] () -- C:\WINDOWS\LFPSD60N.DLL
[2004/03/19 15:36:50 | 000,018,432 | ---- | C] () -- C:\WINDOWS\LFRAS60N.DLL
[2004/03/19 15:36:18 | 000,399,350 | ---- | C] () -- C:\WINDOWS\ACCUGLD5.DLL
[2004/03/19 15:36:18 | 000,026,233 | ---- | C] () -- C:\WINDOWS\ACCUIFGL.DLL
[2004/02/09 04:25:28 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/11/08 18:43:56 | 000,000,005 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DirectCDUserNameD.txt
[2003/07/12 14:19:54 | 000,000,107 | ---- | C] () -- C:\WINDOWS\WEBLINK.INI
[2003/05/14 21:48:41 | 000,000,300 | ---- | C] () -- C:\WINDOWS\vuesav32.ini
[2003/05/14 11:03:50 | 000,004,673 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2003/02/08 21:41:09 | 000,000,036 | ---- | C] () -- C:\WINDOWS\cosdtp.ini
[2003/01/07 00:06:48 | 000,000,026 | ---- | C] () -- C:\WINDOWS\Magic40.INI
[2003/01/01 22:39:36 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2002/12/23 17:11:27 | 000,001,056 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2002/12/23 17:11:26 | 000,000,090 | ---- | C] () -- C:\WINDOWS\calera.ini
[2002/12/22 20:46:27 | 000,006,592 | ---- | C] () -- C:\WINDOWS\gwpreset.ini
[2002/12/22 20:46:27 | 000,001,257 | ---- | C] () -- C:\WINDOWS\goldwave.ini
[2002/12/22 18:25:52 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
[2002/12/21 20:37:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MTSTACK.INI
[2002/12/21 15:19:17 | 000,007,411 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2002/12/19 15:56:11 | 000,009,206 | ---- | C] () -- C:\WINDOWS\NTTuner.ini
[2002/12/19 15:04:25 | 000,269,312 | ---- | C] () -- C:\WINDOWS\System32\FPXIG.DLL
[2002/12/19 15:04:25 | 000,068,096 | ---- | C] () -- C:\WINDOWS\System32\IGFPX32P.DLL
[2002/12/19 15:04:25 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\JPEGACC.DLL
[2002/12/19 15:04:02 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\WELSOF32.DLL
[2002/12/19 00:52:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MusicEditor.INI
[2002/12/19 00:52:36 | 000,001,871 | ---- | C] () -- C:\WINDOWS\mp3maker.INI
[2002/12/19 00:50:45 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2002/12/18 15:13:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\dpcnav.INI
[2002/12/18 15:05:00 | 000,026,112 | ---- | C] () -- C:\WINDOWS\System32\inavevnt.dll
[2002/12/17 19:49:46 | 000,000,896 | ---- | C] () -- C:\WINDOWS\ACROREAD.INI
[2002/12/17 19:49:46 | 000,000,027 | ---- | C] () -- C:\WINDOWS\ACROGRAF.INI
[2002/12/17 00:20:57 | 000,001,952 | ---- | C] () -- C:\WINDOWS\SCANFX.INI
[2002/12/15 20:17:09 | 000,173,056 | ---- | C] () -- C:\Documents and Settings\Wayne\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2002/10/30 15:49:12 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2002/10/08 11:02:24 | 000,001,112 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2002/10/08 04:14:05 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2002/09/10 10:10:05 | 000,495,616 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2001/07/06 23:47:50 | 000,003,149 | ---- | C] () -- C:\Program Files\ReadMe.txt
[1999/10/06 17:48:28 | 000,016,476 | ---- | C] () -- C:\WINDOWS\System32\Snapv16.drv

========== LOP Check ==========

[2009/11/18 12:51:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2008/08/08 16:59:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eBay
[2010/09/23 20:33:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2009/01/08 23:44:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MediaMonkey
[2009/07/20 23:42:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2008/05/31 14:07:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2009/07/03 20:16:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2010/10/13 13:53:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2010/10/13 12:33:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/05/03 14:59:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2004/09/30 18:25:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2008/08/08 16:43:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WholeSecurity
[2006/11/27 21:24:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\101 Software
[2010/06/06 19:14:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\DeepBurner
[2008/08/08 16:59:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\eBay
[2008/02/19 17:30:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\Forte
[2009/04/01 02:19:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\Foxit
[2010/10/05 13:22:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\Foxit Software
[2009/03/07 02:27:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\GrabPro
[2010/09/09 13:14:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\gtk-2.0
[2009/04/24 13:09:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\hott notes 4
[2010/02/18 22:56:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\ImTOO Software Studio
[2008/09/22 15:35:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\IrfanView
[2009/05/01 13:35:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\K-Meleon
[2010/07/31 10:29:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\Leadertech
[2010/01/18 23:11:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\Leawo
[2006/11/28 09:48:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\M8 Software
[2008/01/25 12:27:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\MP3Rocket
[2010/10/10 14:10:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\Opera
[2009/03/07 03:03:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\Orbit
[2010/09/26 15:51:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\PCToolsFirewallPlus
[2010/01/13 22:34:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\Pegasys Inc
[2010/05/11 05:12:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\STOIK
[2010/09/22 13:59:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\Thunderbird
[2010/05/03 17:02:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\Trusteer
[2002/12/18 03:38:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\Ulead Systems
[2008/12/24 01:59:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\XnView

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< %systemroot%\*. /mp /s >

< c:\$recycle.bin\*.* /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-09-29 23:45:45

< MD5 for: AGP440.SYS >
[2004/10/07 21:22:29 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/10/07 21:22:29 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/10/01 13:04:16 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\sp3.cab:AGP440.sys
[2008/04/14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\agp440.sys
[2008/04/14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 01:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2002/08/29 03:50:10 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2004/10/07 21:22:29 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2002/08/29 03:50:10 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp1.cab:atapi.sys
[2004/10/07 21:22:29 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/10/01 13:04:16 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\sp3.cab:atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 00:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2008/04/14 05:42:14 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\cmdcons\autochk.exe
[2008/04/14 05:42:14 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\WINDOWS\ServicePackFiles\i386\autochk.exe
[2008/04/13 19:12:12 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\autochk.exe
[2008/04/14 05:42:14 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\WINDOWS\system32\autochk.exe
[2004/08/04 02:56:47 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=B3415B9D6026F65E43089ABED096C38C -- C:\WINDOWS\$NtServicePackUninstall$\autochk.exe

< MD5 for: BEEP.SYS >
[2001/08/18 07:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\ERDNT\cache\beep.sys
[2001/08/18 07:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\dllcache\beep.sys
[2001/08/18 07:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\eventlog.dll
[2008/04/14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 02:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\explorer.exe
[2007/06/13 06:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004/08/04 02:56:49 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

< MD5 for: IMM32.DLL >
[2008/04/14 05:41:56 | 000,110,080 | ---- | M] (Microsoft Corporation) MD5=0DA85218E92526972A821587E6A8BF8F -- C:\WINDOWS\ERDNT\cache\imm32.dll
[2008/04/14 05:41:56 | 000,110,080 | ---- | M] (Microsoft Corporation) MD5=0DA85218E92526972A821587E6A8BF8F -- C:\WINDOWS\ServicePackFiles\i386\imm32.dll
[2008/04/13 19:11:54 | 000,110,080 | ---- | M] (Microsoft Corporation) MD5=0DA85218E92526972A821587E6A8BF8F -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\imm32.dll
[2008/04/14 05:41:56 | 000,110,080 | ---- | M] (Microsoft Corporation) MD5=0DA85218E92526972A821587E6A8BF8F -- C:\WINDOWS\system32\imm32.dll
[2004/08/04 02:56:42 | 000,110,080 | ---- | M] (Microsoft Corporation) MD5=87CA7CE6469577F059297B9D6556D66D -- C:\WINDOWS\$NtServicePackUninstall$\imm32.dll

< MD5 for: KERNEL32.DLL >
[2007/04/16 11:07:27 | 000,986,112 | ---- | M] (Microsoft Corporation) MD5=09F7CB3687F86EDAA4CA081F7AB66C03 -- C:\WINDOWS\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[2006/07/05 05:57:10 | 000,985,088 | ---- | M] (Microsoft Corporation) MD5=0FDD84928A5DDE2510761B7EC76CCEC9 -- C:\WINDOWS\$hf_mig$\KB917422\SP2QFE\kernel32.dll
[2009/03/21 08:54:07 | 000,989,184 | ---- | M] (Microsoft Corporation) MD5=80202858D245FF07DAA1739C57A3E19B -- C:\WINDOWS\$hf_mig$\KB959426\SP2QFE\kernel32.dll
[2004/08/04 02:56:42 | 000,983,552 | ---- | M] (Microsoft Corporation) MD5=888190E31455FAD793312F8D087146EB -- C:\WINDOWS\$NtUninstallKB917422$\kernel32.dll
[2007/04/16 10:52:53 | 000,984,576 | ---- | M] (Microsoft Corporation) MD5=A01F9CA902A88F7CED06884174D6419D -- C:\WINDOWS\$NtUninstallKB959426_0$\kernel32.dll
[2009/03/21 09:18:57 | 000,986,112 | ---- | M] (Microsoft Corporation) MD5=B6ACAED7588295129791E0E6A2B0FADE -- C:\WINDOWS\$NtServicePackUninstall$\kernel32.dll
[2009/03/21 09:06:58 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=B921FB870C9AC0D509B2CCABBBBE95F3 -- C:\WINDOWS\$hf_mig$\KB959426\SP3GDR\kernel32.dll
[2009/03/21 09:06:58 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=B921FB870C9AC0D509B2CCABBBBE95F3 -- C:\WINDOWS\ERDNT\cache\kernel32.dll
[2009/03/21 09:06:58 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=B921FB870C9AC0D509B2CCABBBBE95F3 -- C:\WINDOWS\system32\dllcache\kernel32.dll
[2009/03/21 09:06:58 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=B921FB870C9AC0D509B2CCABBBBE95F3 -- C:\WINDOWS\system32\kernel32.dll
[2008/04/14 05:41:58 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=C24B983D211C34DA8FCC1AC38477971D -- C:\WINDOWS\$NtUninstallKB959426$\kernel32.dll
[2008/04/14 05:41:58 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=C24B983D211C34DA8FCC1AC38477971D -- C:\WINDOWS\ServicePackFiles\i386\kernel32.dll
[2008/04/13 19:11:56 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=C24B983D211C34DA8FCC1AC38477971D -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\kernel32.dll
[2006/07/05 05:55:01 | 000,984,064 | ---- | M] (Microsoft Corporation) MD5=D8DB5397DE07577C1CB50BA6D23B3AD4 -- C:\WINDOWS\$NtUninstallKB935839$\kernel32.dll
[2009/03/21 08:59:23 | 000,991,744 | ---- | M] (Microsoft Corporation) MD5=DA11D9D6ECBDF0F93436A4B7C13F7BEC -- C:\WINDOWS\$hf_mig$\KB959426\SP3QFE\kernel32.dll

< MD5 for: MSWSOCK.DLL >
[2008/06/20 12:41:10 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=097722F235A1FB698BF9234E01B52637 -- C:\WINDOWS\$NtServicePackUninstall$\mswsock.dll
[2008/06/20 12:36:11 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=1DFCA7713EA5A70D5D93B436AEA0317A -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\mswsock.dll
[2004/08/04 02:56:44 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=4E74AF063C3271FBEA20DD940CFD1184 -- C:\WINDOWS\$NtUninstallKB951748_0$\mswsock.dll
[2008/06/20 12:46:57 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\mswsock.dll
[2008/06/20 12:46:57 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\ERDNT\cache\mswsock.dll
[2008/06/20 12:46:57 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\system32\dllcache\mswsock.dll
[2008/06/20 12:46:57 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\system32\mswsock.dll
[2008/04/14 05:42:02 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=B4138E99236F0F57D4CF49BAE98A0746 -- C:\WINDOWS\$NtUninstallKB951748$\mswsock.dll
[2008/04/14 05:42:02 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=B4138E99236F0F57D4CF49BAE98A0746 -- C:\WINDOWS\ServicePackFiles\i386\mswsock.dll
[2008/04/13 19:12:01 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=B4138E99236F0F57D4CF49BAE98A0746 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\mswsock.dll
[2008/06/20 12:43:05 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=FCEE5FCB99F7C724593365C706D28388 -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\mswsock.dll

< MD5 for: NDIS.SYS >
[2008/04/14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ERDNT\cache\ndis.sys
[2008/04/14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008/04/13 14:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ndis.sys
[2008/04/14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
[2004/08/04 01:14:28 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys

< MD5 for: NETLOGON.DLL >
[2008/04/14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\netlogon.dll
[2008/04/14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2009/02/06 13:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 13:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2004/08/04 02:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: NTFS.SYS >
[2007/02/09 06:23:36 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=05AB81909514BFD69CBB1F2C147CF6B9 -- C:\WINDOWS\$hf_mig$\KB930916\SP2QFE\ntfs.sys
[2007/02/09 06:10:35 | 000,574,464 | ---- | M] (Microsoft Corporation) MD5=19A811EF5F1ED5C926A028CE107FF1AF -- C:\WINDOWS\$NtServicePackUninstall$\ntfs.sys
[2008/04/14 00:45:54 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\ERDNT\cache\ntfs.sys
[2008/04/14 00:45:54 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\ServicePackFiles\i386\ntfs.sys
[2008/04/13 14:15:53 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ntfs.sys
[2008/04/14 00:45:54 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\system32\drivers\ntfs.sys
[2004/08/03 23:15:10 | 000,574,592 | ---- | M] (Microsoft Corporation) MD5=B78BE402C3F63DD55521F73876951CDD -- C:\cmdcons\NTFS.SYS
[2004/08/04 01:15:09 | 000,574,592 | ---- | M] (Microsoft Corporation) MD5=B78BE402C3F63DD55521F73876951CDD -- C:\WINDOWS\$NtUninstallKB930916$\ntfs.sys

< MD5 for: NTMSSVC.DLL >
[2008/04/14 05:42:04 | 000,435,200 | ---- | M] (Microsoft Corporation) MD5=156F64A3345BD23C600655FB4D10BC08 -- C:\WINDOWS\ERDNT\cache\ntmssvc.dll
[2008/04/14 05:42:04 | 000,435,200 | ---- | M] (Microsoft Corporation) MD5=156F64A3345BD23C600655FB4D10BC08 -- C:\WINDOWS\ServicePackFiles\i386\ntmssvc.dll
[2008/04/13 19:12:02 | 000,435,200 | ---- | M] (Microsoft Corporation) MD5=156F64A3345BD23C600655FB4D10BC08 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ntmssvc.dll
[2008/04/14 05:42:04 | 000,435,200 | ---- | M] (Microsoft Corporation) MD5=156F64A3345BD23C600655FB4D10BC08 -- C:\WINDOWS\system32\ntmssvc.dll
[2004/08/04 02:56:44 | 000,435,200 | ---- | M] (Microsoft Corporation) MD5=B62F29C00AC55A761B2E45877D85EA0F -- C:\WINDOWS\$NtServicePackUninstall$\ntmssvc.dll

< MD5 for: PROQUOTA.EXE >
[2004/08/04 02:56:55 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=4D9D45A4370E0C2AD00C362B7118E2A4 -- C:\WINDOWS\$NtServicePackUninstall$\proquota.exe
[2008/04/14 05:42:34 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=F6465A2EEF75468988A4FCF124148FA8 -- C:\WINDOWS\ServicePackFiles\i386\proquota.exe
[2008/04/13 19:12:32 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=F6465A2EEF75468988A4FCF124148FA8 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\proquota.exe
[2008/04/14 05:42:34 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=F6465A2EEF75468988A4FCF124148FA8 -- C:\WINDOWS\system32\proquota.exe

< MD5 for: QMGR.DLL >
[2004/08/04 02:56:44 | 000,382,464 | ---- | M] (Microsoft Corporation) MD5=2C69EC7E5A311334D10DD95F338FCCEA -- C:\WINDOWS\$NtServicePackUninstall$\qmgr.dll
[2008/04/14 05:42:04 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\ERDNT\cache\qmgr.dll
[2008/04/14 05:42:04 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\ServicePackFiles\i386\qmgr.dll
[2008/04/13 19:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\qmgr.dll
[2008/04/14 05:42:04 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\bits\qmgr.dll
[2008/04/14 05:42:04 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\qmgr.dll
[2002/08/29 03:41:10 | 000,221,696 | ---- | M] (Microsoft Corporation) MD5=6A1CF14D0E7D0B2241F552223769C8A7 -- C:\WINDOWS\$NtUninstallKB842773$\qmgr.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 02:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/14 05:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/14 05:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\scecli.dll
[2008/04/14 05:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SFCFILES.DLL >
[2004/08/04 02:56:45 | 001,580,544 | ---- | M] (Microsoft Corporation) MD5=30A609E00BD1D4FFC49D6B5A432BE7F2 -- C:\WINDOWS\$NtServicePackUninstall$\sfcfiles.dll
[2008/04/14 05:42:06 | 001,614,848 | ---- | M] (Microsoft Corporation) MD5=9DD07AF82244867CA36681EA2D29CE79 -- C:\WINDOWS\ERDNT\cache\sfcfiles.dll
[2008/04/14 05:42:06 | 001,614,848 | ---- | M] (Microsoft Corporation) MD5=9DD07AF82244867CA36681EA2D29CE79 -- C:\WINDOWS\ServicePackFiles\i386\sfcfiles.dll
[2008/04/13 19:12:05 | 001,614,848 | ---- | M] (Microsoft Corporation) MD5=9DD07AF82244867CA36681EA2D29CE79 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\sfcfiles.dll
[2008/04/14 05:42:06 | 001,614,848 | ---- | M] (Microsoft Corporation) M

jwfilion · « **Reply #39 on:** October 13, 2010, 01:56:25 PM »

] (Microsoft Corporation) MD5=9DD07AF82244867CA36681EA2D29CE79 -- C:\WINDOWS\system32\sfcfiles.dll

< MD5 for: SPOOLSV.EXE >
[2010/08/17 08:19:36 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=258DD5D4283FD9F9A7166BE9AE45CE73 -- C:\WINDOWS\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe
[2010/08/17 08:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=60784F891563FB1B767F70117FC2428F -- C:\WINDOWS\ERDNT\cache\spoolsv.exe
[2010/08/17 08:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=60784F891563FB1B767F70117FC2428F -- C:\WINDOWS\system32\dllcache\spoolsv.exe
[2010/08/17 08:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=60784F891563FB1B767F70117FC2428F -- C:\WINDOWS\system32\spoolsv.exe
[2004/08/04 02:56:57 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=7435B108B935E42EA92CA94F59C8E717 -- C:\WINDOWS\$NtUninstallKB896423$\spoolsv.exe
[2005/06/10 19:17:13 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=AD3D9D191AEA7B5445FE1D82FFBB4788 -- C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[2008/04/14 05:42:38 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=D8E14A61ACC1D4A6CD0D38AEBAC7FA3B -- C:\WINDOWS\$NtUninstallKB2347290$\spoolsv.exe
[2008/04/14 05:42:38 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=D8E14A61ACC1D4A6CD0D38AEBAC7FA3B -- C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe
[2008/04/13 19:12:36 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=D8E14A61ACC1D4A6CD0D38AEBAC7FA3B -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\spoolsv.exe
[2005/06/10 18:53:32 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=DA81EC57ACD4CDC3D4C51CF3D409AF9F -- C:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe

< MD5 for: SRSVC.DLL >
[2008/04/14 05:42:08 | 000,171,008 | ---- | M] (Microsoft Corporation) MD5=3805DF0AC4296A34BA4BF93B346CC378 -- C:\WINDOWS\ERDNT\cache\srsvc.dll
[2008/04/14 05:42:08 | 000,171,008 | ---- | M] (Microsoft Corporation) MD5=3805DF0AC4296A34BA4BF93B346CC378 -- C:\WINDOWS\ServicePackFiles\i386\srsvc.dll
[2008/04/13 19:12:07 | 000,171,008 | ---- | M] (Microsoft Corporation) MD5=3805DF0AC4296A34BA4BF93B346CC378 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\srsvc.dll
[2008/04/14 05:42:08 | 000,171,008 | ---- | M] (Microsoft Corporation) MD5=3805DF0AC4296A34BA4BF93B346CC378 -- C:\WINDOWS\system32\srsvc.dll
[2004/08/04 02:56:45 | 000,170,496 | ---- | M] (Microsoft Corporation) MD5=92BDF74F12D6CBEC43C94D4B7F804838 -- C:\WINDOWS\$NtServicePackUninstall$\srsvc.dll

< MD5 for: SVCHOST.EXE >
[2008/04/14 05:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008/04/14 05:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\svchost.exe
[2008/04/14 05:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/04 02:56:57 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: TERMSRV.DLL >
[2004/08/04 02:56:46 | 000,295,424 | ---- | M] (Microsoft Corporation) MD5=B60C877D16D9C880B952FDA04ADF16E6 -- C:\WINDOWS\$NtServicePackUninstall$\termsrv.dll
[2008/04/14 05:42:08 | 000,295,424 | ---- | M] (Microsoft Corporation) MD5=FF3477C03BE7201C294C35F684B3479F -- C:\WINDOWS\ERDNT\cache\termsrv.dll
[2008/04/14 05:42:08 | 000,295,424 | ---- | M] (Microsoft Corporation) MD5=FF3477C03BE7201C294C35F684B3479F -- C:\WINDOWS\ServicePackFiles\i386\termsrv.dll
[2008/04/13 19:12:07 | 000,295,424 | ---- | M] (Microsoft Corporation) MD5=FF3477C03BE7201C294C35F684B3479F -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\termsrv.dll
[2008/04/14 05:42:08 | 000,295,424 | ---- | M] (Microsoft Corporation) MD5=FF3477C03BE7201C294C35F684B3479F -- C:\WINDOWS\system32\termsrv.dll

< MD5 for: USERINIT.EXE >
[2004/08/04 02:56:57 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\userinit.exe
[2008/04/14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: VIAMRAID.SYS >
[2008/07/10 11:19:02 | 000,117,248 | ---- | M] (VIA Technologies inc,.ltd) MD5=00046AA2E396EDC2238556E740A8E5AF -- C:\DRIVERS\VIA_HyperionPro_V520A\VRAIDDrv\2K\viamraid.sys
[2008/07/10 11:19:02 | 000,117,248 | ---- | M] (VIA Technologies inc,.ltd) MD5=00046AA2E396EDC2238556E740A8E5AF -- C:\DRIVERS\VIA_HyperionPro_V520A\VRAIDDrv\drvdisk\x86\NT5\viamraid.sys
[2008/07/10 11:19:02 | 000,117,248 | ---- | M] (VIA Technologies inc,.ltd) MD5=00046AA2E396EDC2238556E740A8E5AF -- C:\DRIVERS\VIA_HyperionPro_V520A\VRAIDDrv\SRV2003\x86\viamraid.sys
[2008/07/10 11:19:02 | 000,117,248 | ---- | M] (VIA Technologies inc,.ltd) MD5=00046AA2E396EDC2238556E740A8E5AF -- C:\DRIVERS\VIA_HyperionPro_V520A\VRAIDDrv\XP\x86\viamraid.sys
[2008/07/23 20:18:28 | 000,137,880 | ---- | M] (VIA Technologies Inc.,Ltd) MD5=0C619F1C0F1D0150C155C3CD7687DC87 -- C:\DRIVERS\VIA_HyperionPro_V520A\VRAIDDrv\drvdisk\VISTA\x86\viamraid.sys
[2008/07/23 20:18:28 | 000,137,880 | ---- | M] (VIA Technologies Inc.,Ltd) MD5=0C619F1C0F1D0150C155C3CD7687DC87 -- C:\DRIVERS\VIA_HyperionPro_V520A\VRAIDDrv\VISTA\x86\viamraid.sys
[2007/12/20 10:02:18 | 000,117,872 | ---- | M] (VIA Technologies inc,.ltd) MD5=923C74DE7CB0B4E060B8748968F9A620 -- C:\DRIVERS\VIA_HyperionPro_V520A\VRAIDDrv\drvdisk\x86\NT4\viamraid.sys
[2007/12/20 10:02:18 | 000,117,872 | ---- | M] (VIA Technologies inc,.ltd) MD5=923C74DE7CB0B4E060B8748968F9A620 -- C:\DRIVERS\VIA_HyperionPro_V520A\VRAIDDrv\NT4\viamraid.sys

< MD5 for: WS2_32.DLL >
[2008/04/14 05:42:12 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\ERDNT\cache\ws2_32.dll
[2008/04/14 05:42:12 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
[2008/04/13 19:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ws2_32.dll
[2008/04/14 05:42:12 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll
[2004/08/04 02:56:46 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=2ED0B7F12A60F90092081C50FA0EC2B2 -- C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll
[2005/10/08 18:36:08 | 000,032,768 | ---- | M] () MD5=EFE5D9AF9156C2E9D92EA1078D529753 -- C:\Program Files\WinMX\ws2_32.dll

< MD5 for: XMLPROV.DLL >
[2008/04/14 05:42:12 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=295D21F14C335B53CB8154E5B1F892B9 -- C:\WINDOWS\ERDNT\cache\xmlprov.dll
[2008/04/14 05:42:12 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=295D21F14C335B53CB8154E5B1F892B9 -- C:\WINDOWS\ServicePackFiles\i386\xmlprov.dll
[2008/04/13 19:12:11 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=295D21F14C335B53CB8154E5B1F892B9 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\xmlprov.dll
[2008/04/14 05:42:12 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=295D21F14C335B53CB8154E5B1F892B9 -- C:\WINDOWS\system32\xmlprov.dll
[2004/08/04 02:56:46 | 000,129,536 | ---- | M] (Microsoft Corporation) MD5=EEF46DAB68229A14DA3D8E73C99E2959 -- C:\WINDOWS\$NtServicePackUninstall$\xmlprov.dll

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8CE646EE
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C31F31E6

< End of report >

SuperDave · « **Reply #40 on:** October 13, 2010, 04:40:30 PM »

Please go to Jotti's malware scan
(If more than one file needs scanned they must be done separately and links posted for each one)

* Copy the file path in the below Code box:

Code: [Select]

c:\windows\winstart.bat

* At the upload site, click once inside the window next to Browse.
* Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window.
* Next click Submit file
* Your file will possibly be entered into a queue which normally takes less than a minute to clear.
* This will perform a scan across multiple different virus scanning engines.
* Important: Wait for all of the scanning engines to complete.
* Once the scan is finished, Copy and then Paste the link in the address bar into your next reply.

Let's try to get rid of them another way.I know we tried this before but perhaps, it will work this time.

Re-running ComboFix to remove infections:

Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open notepad and copy/paste the text in the quotebox below into it:
Quote
KillAll::

DDS::
FF - prefs.js: browser.search.selectedEngine - www.google-feed.net
FF - prefs.js: keyword.URL - hxxp://www.veerboo.com/results.php?q=
Save this as CFScript.txt, in the same location as ComboFix.exe
Referring to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt
Please post the contents of the log in your next reply.

jwfilion · « **Reply #41 on:** October 14, 2010, 12:00:18 AM »

SuperDave, here is the link from Jotti's site. It said the file was previously scanned?

http://virusscan.jotti.org/en/scanresult/2f1d40b2b0fc8a60830b644224732ec69ac728a1/db3cfcad5000a40b2701177741ccd123f17a2687

Below is the ComboFix log. It took quite a while to get it running, but it actually finished this time. It rebooted the computer and produced this ComboFix.txt

ComboFix 10-10-12.03 - Wayne 10/14/2010 0:13:57.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2031.1420 [GMT -5:00]
Running from: C:\Documents and Settings\Wayne\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Wayne\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: PC Tools Firewall Plus *disabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\ccrpTmr6.dll

.
((((((((((((((((((((((((( Files Created from 2010-09-14 to 2010-10-14 )))))))))))))))))))))))))))))))
.

2010-10-10 19:10:53 . 2010-10-10 20:26:21   --------   d-----w-   C:\Documents and Settings\Wayne\Local Settings\Application Data\Temp
2010-10-07 00:41:15 . 2010-10-07 00:41:17   --------   d-----w-   C:\Program Files\7-Zip
2010-10-05 18:22:13 . 2010-10-05 18:22:13   --------   d-----w-   C:\Documents and Settings\Wayne\Application Data\Foxit Software
2010-09-29 19:13:05 . 2010-10-14 00:26:20   --------   d-----w-   C:\Program Files\Mozilla Thunderbird
2010-09-26 20:50:41 . 2010-09-26 20:51:39   --------   d-----w-   C:\Documents and Settings\Wayne\Application Data\PCToolsFirewallPlus
2010-09-26 20:46:02 . 2009-11-23 18:54:20   88040   ----a-w-   C:\WINDOWS\system32\drivers\PCTAppEvent.sys
2010-09-26 20:46:02 . 2009-11-09 16:20:12   207792   ----a-w-   C:\WINDOWS\system32\drivers\PCTCore.sys
2010-09-26 20:45:54 . 2010-01-07 17:40:26   233136   ----a-w-   C:\WINDOWS\system32\drivers\pctgntdi.sys
2010-09-26 20:44:31 . 2010-09-26 20:46:02   --------   d-----w-   C:\Program Files\Common Files\PC Tools
2010-09-26 20:44:31 . 2010-01-12 14:34:14   70664   ----a-w-   C:\WINDOWS\system32\drivers\pctNdis-PacketFilter.sys
2010-09-26 20:44:31 . 2010-01-07 16:35:06   58816   ----a-w-   C:\WINDOWS\system32\drivers\pctNdis.sys
2010-09-26 20:44:31 . 2010-01-07 16:35:02   32680   ----a-w-   C:\WINDOWS\system32\drivers\pctNdis-DNS.sys
2010-09-26 20:44:28 . 2010-01-13 13:59:28   115216   ----a-w-   C:\WINDOWS\system32\drivers\pctplfw.sys
2010-09-26 20:44:25 . 2010-09-28 03:24:55   --------   d-----w-   C:\Program Files\PC Tools Firewall Plus
2010-09-26 09:53:45 . 2010-09-26 09:54:04   --------   d-----w-   C:\Program Files\CCleaner
2010-09-25 15:42:24 . 2010-09-25 15:42:27   --------   d-----w-   C:\Program Files\STOPzilla!
2010-09-25 15:42:23 . 2010-10-14 05:25:15   --------   d-----w-   C:\Documents and Settings\All Users\Application Data\STOPzilla!
2010-09-25 15:42:23 . 2010-09-25 15:42:23   --------   d-----w-   C:\Program Files\Common Files\iS3
2010-09-25 05:00:27 . 2010-09-25 05:00:36   --------   d-----w-   C:\671feffc3b70b88a397bd6f620fbac40
2010-09-24 16:25:08 . 2010-09-25 19:46:42   --------   d-----w-   C:\Program Files\UnHackMe
2010-09-24 15:57:40 . 2010-09-24 16:26:37   2   --shatr-   C:\WINDOWS\winstart.bat
2010-09-24 01:33:42 . 2010-09-24 01:33:42   12872   ----a-w-   C:\WINDOWS\system32\bootdelete.exe
2010-09-24 01:26:06 . 2010-10-12 00:34:34   16968   ----a-w-   C:\WINDOWS\system32\drivers\hitmanpro35.sys
2010-09-24 01:23:25 . 2010-09-24 01:33:40   --------   d-----w-   C:\Documents and Settings\All Users\Application Data\Hitman Pro
2010-09-24 01:23:20 . 2010-09-24 01:23:20   --------   d-----w-   C:\Program Files\Hitman Pro 3.5
2010-09-21 06:28:15 . 2010-10-07 22:26:14   --------   d-----w-   C:\Program Files\ESET
2010-09-20 23:08:16 . 2010-09-20 23:08:16   546256   ----a-r-   C:\WINDOWS\system32\SZComp5.dll
2010-09-20 23:08:16 . 2010-09-20 23:08:16   22992   ----a-r-   C:\WINDOWS\system32\SZIO5.dll
2010-09-20 23:08:16 . 2010-09-20 23:08:16   132560   ----a-r-   C:\WINDOWS\system32\IS3HTUI5.dll
2010-09-20 23:08:14 . 2010-09-20 23:08:14   99792   ----a-r-   C:\WINDOWS\system32\IS3Svc5.dll
2010-09-20 23:08:14 . 2010-09-20 23:08:14   67024   ----a-r-   C:\WINDOWS\system32\IS3Hks5.dll
2010-09-20 23:08:14 . 2010-09-20 23:08:14   452048   ----a-r-   C:\WINDOWS\system32\SZBase5.dll
2010-09-20 23:08:14 . 2010-09-20 23:08:14   398800   ----a-r-   C:\WINDOWS\system32\IS3DBA5.dll
2010-09-20 23:08:14 . 2010-09-20 23:08:14   28624   ----a-r-   C:\WINDOWS\system32\IS3XDat5.dll
2010-09-20 23:08:12 . 2010-09-20 23:08:12   99792   ----a-r-   C:\WINDOWS\system32\IS3Inet5.dll
2010-09-20 23:08:12 . 2010-09-20 23:08:12   738768   ----a-r-   C:\WINDOWS\system32\IS3Base5.dll
2010-09-20 23:08:12 . 2010-09-20 23:08:12   390608   ----a-r-   C:\WINDOWS\system32\IS3UI5.dll
2010-09-20 23:08:12 . 2010-09-20 23:08:12   230864   ----a-r-   C:\WINDOWS\system32\IS3Win325.dll
2010-09-16 00:51:20 . 2010-09-16 00:51:29   --------   d-----w-   C:\Program Files\WinPcap

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-21 19:43:06 . 2008-09-06 19:16:33   67688   ----a-w-   C:\Program Files\mozilla firefox\components\jar50.dll
2008-12-21 19:43:06 . 2008-09-06 19:16:33   54368   ----a-w-   C:\Program Files\mozilla firefox\components\jsd3250.dll
2008-12-21 19:43:06 . 2008-09-06 19:16:33   34944   ----a-w-   C:\Program Files\mozilla firefox\components\myspell.dll
2008-12-21 19:43:06 . 2008-09-06 19:16:33   46712   ----a-w-   C:\Program Files\mozilla firefox\components\spellchk.dll
2008-12-21 19:43:07 . 2008-09-06 19:16:33   172136   ----a-w-   C:\Program Files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

SuperDave · « **Reply #42 on:** October 14, 2010, 01:37:46 PM »

Was that the whole log? Are you still getting hijacked?

jwfilion · « **Reply #43 on:** October 14, 2010, 04:14:57 PM »

Hey SuperDave. Yes, that was the absolute complete content of ComboFix.txt. After the computer rebooted, Combofix said it was putting together a log, unfortunately, while this was happening, StopZilla popped up to report malware it detected. Perhaps this interfered with the report. If I can figure out how to prevent StopZilla from doing this at startup, I will try again. So far, I have not been hijacked. Knock on wood...

SuperDave · « **Reply #44 on:** October 14, 2010, 04:46:27 PM »

Ok. We'll wait a few days to see what happens.

jwfilion · « **Reply #45 on:** October 14, 2010, 05:20:34 PM »

Hey, I'm starting to get the hang of this computer stuff. I was able to disable StopZilla at startup and tried the ComboFix again. It ran the very first time! This is the log it produced...

ComboFix 10-10-12.03 - Wayne 10/14/2010 17:38:26.4.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2031.1262 [GMT -5:00]
Running from: c:\documents and settings\Wayne\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Wayne\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: PC Tools Firewall Plus *disabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\TEMP\q6m3suwq.vbt
.
---- Previous Run -------
.
c:\windows\system32\ccrpTmr6.dll

.
((((((((((((((((((((((((( Files Created from 2010-09-14 to 2010-10-14 )))))))))))))))))))))))))))))))
.

2010-10-10 19:10 . 2010-10-10 20:26   --------   d-----w-   c:\documents and settings\Wayne\Local Settings\Application Data\Temp
2010-10-07 00:41 . 2010-10-07 00:41   --------   d-----w-   c:\program files\7-Zip
2010-10-05 18:22 . 2010-10-05 18:22   --------   d-----w-   c:\documents and settings\Wayne\Application Data\Foxit Software
2010-09-29 19:13 . 2010-10-14 22:17   --------   d-----w-   c:\program files\Mozilla Thunderbird
2010-09-26 20:50 . 2010-09-26 20:51   --------   d-----w-   c:\documents and settings\Wayne\Application Data\PCToolsFirewallPlus
2010-09-26 20:46 . 2009-11-23 18:54   88040   ----a-w-   c:\windows\system32\drivers\PCTAppEvent.sys
2010-09-26 20:46 . 2009-11-09 16:20   207792   ----a-w-   c:\windows\system32\drivers\PCTCore.sys
2010-09-26 20:45 . 2010-01-07 17:40   233136   ----a-w-   c:\windows\system32\drivers\pctgntdi.sys
2010-09-26 20:44 . 2010-09-26 20:46   --------   d-----w-   c:\program files\Common Files\PC Tools
2010-09-26 20:44 . 2010-01-12 14:34   70664   ----a-w-   c:\windows\system32\drivers\pctNdis-PacketFilter.sys
2010-09-26 20:44 . 2010-01-07 16:35   58816   ----a-w-   c:\windows\system32\drivers\pctNdis.sys
2010-09-26 20:44 . 2010-01-07 16:35   32680   ----a-w-   c:\windows\system32\drivers\pctNdis-DNS.sys
2010-09-26 20:44 . 2010-01-13 13:59   115216   ----a-w-   c:\windows\system32\drivers\pctplfw.sys
2010-09-26 20:44 . 2010-09-28 03:24   --------   d-----w-   c:\program files\PC Tools Firewall Plus
2010-09-26 09:53 . 2010-09-26 09:54   --------   d-----w-   c:\program files\CCleaner
2010-09-25 15:42 . 2010-09-25 15:42   --------   d-----w-   c:\program files\STOPzilla!
2010-09-25 15:42 . 2010-10-14 22:55   --------   d-----w-   c:\documents and settings\All Users\Application Data\STOPzilla!
2010-09-25 15:42 . 2010-09-25 15:42   --------   d-----w-   c:\program files\Common Files\iS3
2010-09-25 05:00 . 2010-09-25 05:00   --------   d-----w-   C:\671feffc3b70b88a397bd6f620fbac40
2010-09-24 16:25 . 2010-09-25 19:46   --------   d-----w-   c:\program files\UnHackMe
2010-09-24 15:57 . 2010-09-24 16:26   2   --shatr-   c:\windows\winstart.bat
2010-09-24 01:33 . 2010-09-24 01:33   12872   ----a-w-   c:\windows\system32\bootdelete.exe
2010-09-24 01:26 . 2010-10-12 00:34   16968   ----a-w-   c:\windows\system32\drivers\hitmanpro35.sys
2010-09-24 01:23 . 2010-09-24 01:33   --------   d-----w-   c:\documents and settings\All Users\Application Data\Hitman Pro
2010-09-24 01:23 . 2010-09-24 01:23   --------   d-----w-   c:\program files\Hitman Pro 3.5
2010-09-21 06:28 . 2010-10-07 22:26   --------   d-----w-   c:\program files\ESET
2010-09-20 23:08 . 2010-09-20 23:08   546256   ----a-r-   c:\windows\system32\SZComp5.dll
2010-09-20 23:08 . 2010-09-20 23:08   22992   ----a-r-   c:\windows\system32\SZIO5.dll
2010-09-20 23:08 . 2010-09-20 23:08   132560   ----a-r-   c:\windows\system32\IS3HTUI5.dll
2010-09-20 23:08 . 2010-09-20 23:08   99792   ----a-r-   c:\windows\system32\IS3Svc5.dll
2010-09-20 23:08 . 2010-09-20 23:08   67024   ----a-r-   c:\windows\system32\IS3Hks5.dll
2010-09-20 23:08 . 2010-09-20 23:08   452048   ----a-r-   c:\windows\system32\SZBase5.dll
2010-09-20 23:08 . 2010-09-20 23:08   398800   ----a-r-   c:\windows\system32\IS3DBA5.dll
2010-09-20 23:08 . 2010-09-20 23:08   28624   ----a-r-   c:\windows\system32\IS3XDat5.dll
2010-09-20 23:08 . 2010-09-20 23:08   99792   ----a-r-   c:\windows\system32\IS3Inet5.dll
2010-09-20 23:08 . 2010-09-20 23:08   738768   ----a-r-   c:\windows\system32\IS3Base5.dll
2010-09-20 23:08 . 2010-09-20 23:08   390608   ----a-r-   c:\windows\system32\IS3UI5.dll
2010-09-20 23:08 . 2010-09-20 23:08   230864   ----a-r-   c:\windows\system32\IS3Win325.dll
2010-09-16 00:51 . 2010-09-16 00:51   --------   d-----w-   c:\program files\WinPcap

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-21 19:43 . 2008-09-06 19:16   67688   ----a-w-   c:\program files\mozilla firefox\components\jar50.dll
2008-12-21 19:43 . 2008-09-06 19:16   54368   ----a-w-   c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-21 19:43 . 2008-09-06 19:16   34944   ----a-w-   c:\program files\mozilla firefox\components\myspell.dll
2008-12-21 19:43 . 2008-09-06 19:16   46712   ----a-w-   c:\program files\mozilla firefox\components\spellchk.dll
2008-12-21 19:43 . 2008-09-06 19:16   172136   ----a-w-   c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Wayne\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-10-10 136176]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-10-11 2424560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-11-01 32768]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"VTPreset"="VTPreset.exe" [2004-02-25 45056]
"BtcMaestro"="c:\program files\KMaestro\KMaestro.exe" [2004-05-05 237568]
"EssSpkPhone"="essspk.exe" [2002-05-31 167936]
"basicsmssmenu"="c:\program files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" [2007-10-09 169328]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-10-04 2067808]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"OneTouch Monitor"="c:\program files\Visioneer OneTouch\OneTouchMon.exe" [2002-05-20 86016]
"CXMon"="c:\program files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe" [2001-08-09 45056]
"00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2010-01-12 3168216]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-11-19 805392]
Sonic CinePlayer Quick Launch.lnk - c:\program files\Common Files\Sonic Shared\CineTray.exe [2006-7-25 114688]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2009-10-08 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-19 00:47   12536   ----a-w-   c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 08:42   72208   ----a-w-   c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Cloudmark SpamNet for OE.lnk]
backup=c:\windows\pss\Cloudmark SpamNet for OE.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^dpcstart.lnk]
backup=c:\windows\pss\dpcstart.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Wayne^Start Menu^Programs^Startup^ClickTray Calendar.lnk]
backup=c:\windows\pss\ClickTray Calendar.lnkStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP2c\\RpcAgentSrv.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP2c\\WNt500x86\\RpcSandraSrv.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 szkg5;szkg5;c:\windows\system32\drivers\SZKG.sys [12/7/2009 5:59 PM 61328]
R0 szkgfs;szkgfs;c:\windows\system32\drivers\SZKGFS.sys [5/12/2010 6:01 PM 59280]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/27/2008 11:57 PM 216400]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/27/2008 11:57 PM 243024]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [9/26/2010 3:45 PM 233136]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2/29/2008 4:03 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/29/2008 4:03 PM 67656]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [7/18/2010 7:46 PM 921440]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [7/18/2010 7:47 PM 308136]
R2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [5/29/2010 8:14 PM 20072]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [9/26/2010 3:46 PM 88040]
R2 SnapTHN;SnapTHN;c:\windows\system32\drivers\SNAPTHN.SYS [2/23/1998 5:56 PM 31104]
R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [9/26/2010 3:44 PM 70664]
R3 pctNDIS;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [9/26/2010 3:44 PM 58816]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [9/26/2010 3:44 PM 115216]
S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [12/7/2009 5:59 PM 61328]
S3 Dual Mode;Dual Mode Video Capture;c:\windows\system32\DRIVERS\CoachVc.sys --> c:\windows\system32\DRIVERS\CoachVc.sys [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [11/6/2007 3:22 PM 34064]
S3 nuvaudio;Hauppauge WinTV USB Pro Audio Service;c:\windows\system32\DRIVERS\nuvaudio.sys --> c:\windows\system32\DRIVERS\nuvaudio.sys [?]
S3 NuVision;Hauppauge WinTV USB Live Pro;c:\windows\system32\drivers\Nuvision.sys [12/19/2002 3:56 PM 260144]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/16/2006 4:51 PM 12872]
S3 USBNDIS;%USBNDIS.Service.DispName%;c:\windows\system32\DRIVERS\usbndis.sys --> c:\windows\system32\DRIVERS\usbndis.sys [?]
S4 DPCUSB;Satellite Receiver USB Driver;c:\windows\system32\Drivers\DPCUSB.sys --> c:\windows\system32\Drivers\DPCUSB.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2010-10-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-10-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3025990876-1698683601-3399203189-1006Core.job
- c:\documents and settings\Wayne\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-10 19:10]

2010-10-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3025990876-1698683601-3399203189-1006UA.job
- c:\documents and settings\Wayne\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-10 19:10]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.canoe.ca/
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=localhost:8080
IE: Refresh Pa&ge with Full Quality - c:\program files\MTS Accelerator\pac-page.html
IE: Refresh Pi&cture with Full Quality - c:\program files\MTS Accelerator\pac-image.html
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Wayne\Application Data\Mozilla\Firefox\Profiles\d1lib2qr.default\
FF - prefs.js: browser.startup.homepage - hxxp://en.canoe.ca/home.html
FF - prefs.js: keyword.URL - hxxp://www.veerboo.com/results.php?q=
FF - component: c:\documents and settings\Wayne\Application Data\Mozilla\Firefox\Profiles\d1lib2qr.default\extensions\[email protected]\components\PACMozComponent.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
.
- - - - ORPHANS REMOVED - - - -

Notify-TPSvc - TPSvc.dll
AddRemove-ESET Online Scanner - c:\program files\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
AddRemove-{E1E502E2-C006-49DB-9C0C-F2196E51826F}_is1 - c:\documents and settings\Wayne\Desktop\RkU3.8.388.590\MustBeRandomlyNamed\unins000.exe

.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{8F7EC739-D5DE-8DF0-851B2E09AF27478A}\{9DB8FF8F-3E0D-CA6E-8233451919EA27FD}\{89229253-B827-099C-CFFB852028D69EA1}*]
"WE6X3HNHJXRI2CPMH2OUMP32VF1"=hex:01,00,01,00,00,00,00,00,6d,db,9e,e2,89,b8,a5,
65,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(700)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll

- - - - - - - > 'explorer.exe'(3396)
c:\windows\system32\WININET.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\ieframe.dll
c:\program files\KMaestro\HidKeybd.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\iS3\Anti-Spyware\SZServer.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Seagate\Basics\Service\SyncServicesBasics.exe
c:\program files\PC Tools Firewall Plus\FWService.exe
c:\windows\System32\locator.exe
c:\program files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
c:\windows\essspk.exe
c:\documents and settings\Wayne\Local Settings\Application Data\Google\Update\1.2.183.29\GoogleCrashHandler.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\program files\STOPzilla!\STOPzilla.exe
.
**************************************************************************
.
Completion time: 2010-10-14 18:09:12 - machine was rebooted
ComboFix-quarantined-files.txt 2010-10-14 23:08

Pre-Run: 275,573,174,272 bytes free
Post-Run: 275,562,561,536 bytes free

- - End Of File - - DB88A25472011ED62CAB7C60CB122CBB

jwfilion · « **Reply #46 on:** October 14, 2010, 11:16:27 PM »

Jacked again. Ran the OTL scan (Minimal Output, LOP & Purity checked)

OTL logfile created on: 10/14/2010 10:15:19 PM - Run 9
OTL by OldTimer - Version 3.2.15.1 Folder = C:\Documents and Settings\Wayne\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 68.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): C:\pagefile.sys 360 720 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 256.63 Gb Free Space | 86.09% Space Free | Partition Type: NTFS

Computer Name: OWNER-X35LSKRDA | User Name: Wayne | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Wayne\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Documents and Settings\Wayne\Local Settings\Application Data\Google\Update\1.2.183.29\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\STOPzilla!\STOPzilla.exe (iS3, Inc.)
PRC - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe (iS3, Inc.)
PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe (PC Tools)
PRC - C:\Program Files\PC Tools Firewall Plus\FWService.exe (PC Tools)
PRC - C:\Program Files\MTS Accelerator\PropelAC.exe (Propel Software Corporation)
PRC - C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
PRC - C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.)
PRC - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe (SiSoftware)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe (Maxtor Corporation)
PRC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe (Seagate Technology LLC)
PRC - C:\Program Files\Common Files\Sonic Shared\CineTray.exe (Sonic Solutions)
PRC - C:\Program Files\KMaestro\Kmaestro.exe (BTC)
PRC - C:\WINDOWS\essspk.exe ()
PRC - C:\Program Files\Visioneer OneTouch\OneTouchMon.exe (Visioneer Inc)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Wayne\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll (Microsoft Corporation)
MOD - C:\Program Files\Logitech\SetPoint\lgscroll.dll (Logitech, Inc.)
MOD - C:\WINDOWS\system32\hid.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
MOD - C:\Program Files\KMaestro\HidKeybd.dll (BTC)

========== Win32 Services (SafeList) ==========

SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found
SRV - (szserver) -- C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe (iS3, Inc.)
SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg9emc) -- C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (PCToolsFirewallPlus) -- C:\Program Files\PC Tools Firewall Plus\FWService.exe (PC Tools)
SRV - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (SandraAgentSrv) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe (SiSoftware)
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies)
SRV - (Basics Service) -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe (Seagate Technology LLC)
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)

========== Driver Services (SafeList) ==========

DRV - (USBNDIS) -- C:\WINDOWS\System32\DRIVERS\usbndis.sys File not found
DRV - (nuvaudio) -- C:\WINDOWS\System32\DRIVERS\nuvaudio.sys File not found
DRV - (LMouKE) -- C:\WINDOWS\System32\Drivers\LMouKE.sys File not found
DRV - (LHidUsbK) -- C:\WINDOWS\System32\Drivers\LHidUsbK.Sys File not found
DRV - (Dual Mode) -- C:\WINDOWS\System32\DRIVERS\CoachVc.sys File not found
DRV - (DPCUSB) -- C:\WINDOWS\System32\Drivers\DPCUSB.sys File not found
DRV - (CoachUsb) -- C:\WINDOWS\System32\DRIVERS\CoachUsb.sys File not found
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (AvgTdiX) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgLdx86) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (szkgfs) -- C:\WINDOWS\system32\drivers\szkgfs.sys (iS3, Inc.)
DRV - (cpuz133) -- C:\WINDOWS\system32\drivers\cpuz133_x32.sys (Windows (R) Win 7 DDK provider)
DRV - (pctplfw) -- C:\WINDOWS\system32\drivers\pctplfw.sys (PC Tools)
DRV - (PCTFW-PacketFilter) -- C:\WINDOWS\system32\drivers\pctNdis-PacketFilter.sys (PC Tools)
DRV - (pctgntdi) -- C:\WINDOWS\system32\drivers\pctgntdi.sys (PC Tools)
DRV - (pctNDIS) -- C:\WINDOWS\system32\drivers\pctNdis.sys (PC Tools)
DRV - (szkg5) -- C:\WINDOWS\system32\DRIVERS\szkg.sys (iS3 Inc.)
DRV - (is3srv) -- C:\WINDOWS\system32\drivers\is3srv.sys (iS3 Inc.)
DRV - (PCTAppEvent) -- C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools)
DRV - (FiltUSBEMPIA) -- C:\WINDOWS\system32\drivers\emFilter.sys (eMPIA Technology, Inc.)
DRV - (ScanUSBEMPIA) -- C:\WINDOWS\system32\drivers\emScan.sys (eMPIA Technology, Inc.)
DRV - (DCamUSBEMPIA) -- C:\WINDOWS\system32\drivers\emDevice.sys (eMPIA Technology, Inc.)
DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
DRV - (MPE) -- C:\WINDOWS\system32\drivers\mpe.sys (Microsoft Corporation)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (SANDRA) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\WNt500x86\sandra.sys (SiSoftware)
DRV - (LUsbFilt) -- C:\WINDOWS\system32\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV - (LMouFilt) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (NPF) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies)
DRV - (L8042Kbd) -- C:\WINDOWS\system32\drivers\L8042Kbd.sys (Logitech, Inc.)
DRV - (USB28xxBGA) -- C:\WINDOWS\system32\drivers\emBDA.sys (eMPIA Technology, Inc.)
DRV - (USB28xxOEM) -- C:\WINDOWS\system32\drivers\emOEM.sys (eMPIA Technology, Inc.)
DRV - (emAudio) -- C:\WINDOWS\system32\drivers\emAudio.sys (eMPIA Technology, Inc.)
DRV - (Afc) -- C:\WINDOWS\system32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (videX32) -- C:\WINDOWS\system32\DRIVERS\videX32.sys (VIA Technologies, Inc.)
DRV - (VIAudio) Vinyl AC'97 Audio Controller (WDM) -- C:\WINDOWS\system32\drivers\vinyl97.sys (VIA Technologies, Inc.)
DRV - (NuVision) -- C:\WINDOWS\system32\drivers\Nuvision.sys (Hauppauge Computer Works)
DRV - (S3Psddr) -- C:\WINDOWS\system32\drivers\s3gnbm.sys (S3 Graphics, Inc.)
DRV - (Edspport) -- C:\WINDOWS\system32\drivers\es56hpi.sys (ESS Technology, Inc.)
DRV - (giveio) -- C:\WINDOWS\system32\giveio.sys ()
DRV - (viaagp1) -- C:\WINDOWS\System32\DRIVERS\viaagp1.sys (VIA Technologies, Inc.)
DRV - (VIAPFD) -- C:\WINDOWS\System32\Drivers\VIAPFD.SYS (VIA Technologies. Inc.)
DRV - (ViaIde) -- C:\WINDOWS\System32\DRIVERS\viaidexp.sys (VIA Technologies, Inc.)
DRV - (ms_mpu401) -- C:\WINDOWS\system32\drivers\msmpu401.sys (Microsoft Corporation)
DRV - (SnapTHN) -- C:\WINDOWS\System32\drivers\SNAPTHN.SYS (Play Incorporated)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.canoe.ca/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=localhost:8080

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginen ame: "www.google-feed.net"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://en.canoe.ca/home.html"
FF - prefs.js..extensions.enabledItems: {34274bf4-1d97-a289-e984-17e546307e4f}:0.5.3.043
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.0
FF - prefs.js..extensions.enabledItems: {1d5287d1-8a92-0001-1f31-1cec198018d8}:2.0.20080718
FF - prefs.js..extensions.enabledItems: {F8CC37C3-CBEB-4A00-8CBF-26A88693F0C5}:2.2008.5.13
FF - prefs.js..extensions.enabledItems: {62760FD6-B943-48C9-AB09-F99C6FE96088}:1.6.4
FF - prefs.js..extensions.enabledItems: {EF522540-89F5-46b9-B6FE-1829E2B572C6}:3.13
FF - prefs.js..extensions.enabledItems: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.3.1
FF - prefs.js..keyword.URL: "http://www.veerboo.com/results.php?q="

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/09/24 19:05:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/30 23:33:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/30 23:33:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/09/29 14:13:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010/10/05 13:21:09 | 000,000,000 | ---D | M]

[2010/09/22 13:59:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\Mozilla\Extensions
[2010/09/22 13:59:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Wayne\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/10/14 21:53:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\Mozilla\Firefox\Profiles\d1lib2qr.default\extensions
[2008/09/07 19:21:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\Mozilla\Firefox\Profiles\d1lib2qr.default\extensions\[email protected]
[2010/09/15 19:52:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\Mozilla\Firefox\Profiles\d1lib2qr.default\extensions\SearchHelper
[2008/05/27 22:59:05 | 000,001,162 | ---- | M] () -- C:\Documents and Settings\Wayne\Application Data\Mozilla\Firefox\Profiles\d1lib2qr.default\searchplugins\dictionary.xml
[2010/09/15 19:51:59 | 000,000,003 | ---- | M] () -- C:\Documents and Settings\Wayne\Application Data\Mozilla\Firefox\Profiles\d1lib2qr.default\searchplugins\GoogleFeed.xml
[2010/10/14 21:53:15 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/23 00:24:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/21 02:47:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2008/12/20 00:22:20 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2008/12/21 14:43:06 | 000,067,688 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jar50.dll
[2008/12/21 14:43:06 | 000,054,368 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jsd3250.dll
[2008/12/21 14:43:06 | 000,034,944 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\myspell.dll
[2008/12/21 14:43:06 | 000,046,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\spellchk.dll
[2008/12/21 14:43:07 | 000,172,136 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\xpinstal.dll
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/10/05 13:18:11 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

O1 HOSTS File: ([2010/10/14 17:53:21 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Accelerator Plugin) - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\Program Files\MTS Accelerator\prpl_IePopupBlocker.dll (Propel Software Corporation)
O2 - BHO: (STOPzilla Browser Helper Object) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll (iS3, Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O4 - HKLM..\Run: [00PCTFW] C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe (PC Tools)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [basicsmssmenu] C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe (Maxtor Corporation)
O4 - HKLM..\Run: [BtcMaestro] C:\Program Files\KMaestro\Kmaestro.exe (BTC)
O4 - HKLM..\Run: [CXMon] C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [EssSpkPhone] C:\WINDOWS\essspk.exe ()
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [OneTouch Monitor] C:\Program Files\Visioneer OneTouch\OneTouchMon.exe (Visioneer Inc)
O4 - HKLM..\Run: [VTPreset] C:\WINDOWS\System32\VTPreset.exe (S3 Graphics, Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Sonic CinePlayer Quick Launch.lnk = C:\Program Files\Common Files\Sonic Shared\CineTray.exe (Sonic Solutions)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\MTS Accelerator\pac-page.html ()
O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\MTS Accelerator\pac-image.html ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {33363249-0000-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/i263_32.cab (Reg Error: Key error.)
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} http://a1540.g.akamai.net/7/1540/52/20021205/qtinstall.info.apple.com/borris/us/win/QuickTimeInstaller.exe (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37623.4285648148 (Reg Error: Key error.)
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://www.crucial.com/controls/cpcScanner.cab (Crucial cpcScan)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\aptera.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\aptera.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/10/08 09:25:20 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/10/14 18:21:35 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/10/14 17:49:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/10/14 17:35:58 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/10/13 20:52:15 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/10/13 20:35:38 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/10/11 23:42:12 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Wayne\Desktop\OTL.exe
[2010/10/10 14:10:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne\Local Settings\Application Data\Temp
[2010/10/10 00:52:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne\Desktop\Art Stuff
[2010/10/10 00:50:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne\Desktop\Desktop Nudes
[2010/10/10 00:44:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne\Desktop\Fixed Folder
[2010/10/10 00:21:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne\Desktop\MyStuff
[2010/10/10 00:16:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne\Desktop\Recipes
[2010/10/10 00:15:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne\Desktop\Temp Pics
[2010/10/10 00:10:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne\Desktop\Video Editing
[2010/10/10 00:10:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne\Desktop\Desktop
[2010/10/06 19:41:15 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2010/10/05 13:22:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne\Application Data\Foxit Software
[2010/10/03 23:37:50 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/10/03 23:13:33 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/10/03 23:13:33 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/10/03 22:48:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne\My Documents\New Folder
[2010/09/30 20:34:29 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Wayne\Recent
[2010/09/29 14:13:05 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2010/09/26 15:50:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne\Application Data\PCToolsFirewallPlus
[2010/09/26 15:46:02 | 000,207,792 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2010/09/26 15:46:02 | 000,088,040 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2010/09/26 15:45:54 | 000,233,136 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2010/09/26 15:44:31 | 000,070,664 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctNdis-PacketFilter.sys
[2010/09/26 15:44:31 | 000,058,816 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctNdis.sys
[2010/09/26 15:44:31 | 000,032,680 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctNdis-DNS.sys
[2010/09/26 15:44:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/09/26 15:44:28 | 000,115,216 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplfw.sys
[2010/09/26 15:44:25 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Firewall Plus
[2010/09/26 04:53:45 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/09/25 10:42:24 | 000,000,000 | ---D | C] -- C:\Program Files\STOPzilla!
[2010/09/25 10:42:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2010/09/25 10:42:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
[2010/09/25 00:00:27 | 000,000,000 | ---D | C] -- C:\671feffc3b70b88a397bd6f620fbac40
[2010/09/24 11:25:08 | 000,000,000 | ---D | C] -- C:\Program Files\UnHackMe
[2010/09/24 10:54:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne\My Documents\RegRun2
[2010/09/23 20:33:42 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2010/09/23 20:23:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/09/23 20:23:20 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2010/09/21 01:28:15 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/09/20 18:08:16 | 000,546,256 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\SZComp5.dll
[2010/09/20 18:08:16 | 000,132,560 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3HTUI5.dll
[2010/09/20 18:08:16 | 000,022,992 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\SZIO5.dll
[2010/09/20 18:08:14 | 000,452,048 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\SZBase5.dll
[2010/09/20 18:08:14 | 000,398,800 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3DBA5.dll
[2010/09/20 18:08:14 | 000,099,792 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Svc5.dll
[2010/09/20 18:08:14 | 000,067,024 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Hks5.dll
[2010/09/20 18:08:14 | 000,028,624 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3XDat5.dll
[2010/09/20 18:08:12 | 000,738,768 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Base5.dll
[2010/09/20 18:08:12 | 000,390,608 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3UI5.dll
[2010/09/20 18:08:12 | 000,230,864 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Win325.dll
[2010/09/20 18:08:12 | 000,099,792 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Inet5.dll
[2010/09/15 19:51:20 | 000,000,000 | ---D | C] -- C:\Program Files\WinPcap
[2010/05/26 00:21:38 | 000,121,344 | ---- | C] ( ) -- C:\WINDOWS\System32\lagarith.dll
[2001/07/06 16:59:54 | 000,372,736 | ---- | C] (Ed Halley - http://www.halley.cc/stuff/) -- C:\Program Files\Dragnifier.exe
[24 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]
[126 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/10/14 22:15:10 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3025990876-1698683601-3399203189-1006UA.job
[2010/10/14 22:04:38 | 000,000,303 | ---- | M] () -- C:\WINDOWS\vuepro32.ini
[2010/10/14 22:03:51 | 000,100,660 | ---- | M] () -- C:\Documents and Settings\Wayne\Desktop\Puppy.jpg
[2010/10/14 18:18:39 | 066,317,184 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/10/14 18:10:29 | 000,000,520 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2010/10/14 17:54:22 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/14 17:53:21 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/10/14 17:52:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/14 14:15:01 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3025990876-1698683601-3399203189-1006Core.job
[2010/10/14 01:23:39 | 001,066,274 | ---- | M] () -- C:\WINDOWS\aptera.bmp
[2010/10/13 20:12:07 | 003,878,092 | R--- | M] () -- C:\Documents and Settings\Wayne\Desktop\ComboFix.exe
[2010/10/12 15:25:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/10/12 00:58:10 | 000,001,257 | ---- | M] () -- C:\WINDOWS\goldwave.ini
[2010/10/11 23:43:37 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Wayne\Desktop\OTL.exe
[2010/10/11 19:34:34 | 000,016,968 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/10/10 15:26:55 | 000,002,284 | ---- | M] () -- C:\Documents and Settings\Wayne\Desktop\Google Chrome.lnk
[2010/10/10 15:26:55 | 000,002,262 | ---- | M] () -- C:\Documents and Settings\Wayne\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/10/10 13:33:15 | 000,736,854 | ---- | M] () -- C:\WINDOWS\CNorris.bmp
[2010/10/09 23:20:30 | 000,736,854 | ---- | M] () -- C:\WINDOWS\Preponvue2.bmp
[2010/10/08 00:49:40 | 000,736,854 | ---- | M] () -- C:\WINDOWS\Preponvue.bmp
[2010/10/07 18:05:51 | 000,736,854 | ---- | M] () -- C:\WINDOWS\EmmaB.bmp
[2010/10/07 14:39:21 | 000,736,854 | ---- | M] () -- C:\WINDOWS\Alicia2.bmp
[2010/10/07 00:23:32 | 000,736,854 | ---- | M] () -- C:\WINDOWS\Abbyvue2.bmp
[2010/10/06 13:06:11 | 000,736,854 | ---- | M] () -- C:\WINDOWS\Abbyvue.bmp
[2010/10/05 17:46:40 | 000,736,854 | ---- | M] () -- C:\WINDOWS\Nikkivue2.bmp
[2010/10/05 14:22:00 | 000,736,854 | ---- | M] () -- C:\WINDOWS\Nikkivue.bmp
[2010/10/05 13:21:29 | 000,000,901 | ---- | M] () -- C:\Documents and Settings\Wayne\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
[2010/10/03 23:37:58 | 000,000,337 | RHS- | M] () -- C:\boot.ini
[2010/10/01 23:35:41 | 000,960,054 | ---- | M] () -- C:\WINDOWS\Bugatti.bmp
[2010/10/01 14:35:35 | 000,000,657 | ---- | M] () -- C:\Documents and Settings\Wayne\Desktop\Shortcut to PropelAC.exe.lnk
[2010/09/30 17:48:29 | 000,979,254 | ---- | M] () -- C:\WINDOWS\ssc-ultimate-aero.bmp
[2010/09/30 11:42:57 | 001,274,454 | ---- | M] () -- C:\WINDOWS\Roadster2.bmp
[2010/09/30 10:31:47 | 001,200,054 | ---- | M] () -- C:\WINDOWS\Saleen_S7.bmp
[2010/09/30 08:43:24 | 001,440,054 | ---- | M] () -- C:\WINDOWS\car0.bmp
[2010/09/29 14:13:10 | 000,001,686 | ---- | M] () -- C:\Documents and Settings\Wayne\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2010/09/24 11:26:37 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/09/24 11:26:37 | 000,001,688 | ---- | M] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2010/09/24 11:26:37 | 000,000,002 | RHS- | M] () -- C:\WINDOWS\winstart.bat
[2010/09/23 20:33:42 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2010/09/23 17:00:03 | 001,440,998 | ---- | M] () -- C:\WINDOWS\car00.bmp
[2010/09/20 18:08:16 | 000,546,256 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\SZComp5.dll
[2010/09/20 18:08:16 | 000,132,560 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3HTUI5.dll
[2010/09/20 18:08:16 | 000,022,992 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\SZIO5.dll
[2010/09/20 18:08:14 | 000,452,048 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\SZBase5.dll
[2010/09/20 18:08:14 | 000,398,800 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3DBA5.dll
[2010/09/20 18:08:14 | 000,099,792 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Svc5.dll
[2010/09/20 18:08:14 | 000,067,024 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Hks5.dll
[2010/09/20 18:08:14 | 000,028,624 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3XDat5.dll
[2010/09/20 18:08:12 | 000,738,768 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Base5.dll
[2010/09/20 18:08:12 | 000,390,608 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3UI5.dll
[2010/09/20 18:08:12 | 000,230,864 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Win325.dll
[2010/09/20 18:08:12 | 000,099,792 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Inet5.dll
[2010/09/20 17:17:05 | 001,296,998 | ---- | M] () -- C:\WINDOWS\car10.bmp
[2010/09/20 14:56:40 | 001,440,998 | ---- | M] () -- C:\WINDOWS\Pagani-Zonda-Roadster.bmp
[2010/09/19 14:45:35 | 000,016,826 | -H-- | M] () -- C:\WINDOWS\vuepro32.GID
[2010/09/18 15:12:24 | 001,121,798 | ---- | M] () -- C:\WINDOWS\Bugatti Veyron2.bmp
[2010/09/18 14:45:20 | 000,896,198 | ---- | M] () -- C:\WINDOWS\Bugatti Veyron.bmp
[2010/09/18 02:11:51 | 001,356,054 | ---- | M] () -- C:\WINDOWS\McLaren2.bmp
[2010/09/18 01:39:44 | 001,083,398 | ---- | M] () -- C:\WINDOWS\McLaren3.bmp
[126 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/14 18:09:48 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2010/10/14 17:35:59 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/10/14 17:35:58 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/10/13 19:52:30 | 003,878,092 | R--- | C] () -- C:\Documents and Settings\Wayne\Desktop\ComboFix.exe
[2010/10/13 16:13:31 | 001,066,274 | ---- | C] () -- C:\WINDOWS\aptera.bmp
[2010/10/10 15:26:55 | 000,002,262 | ---- | C] () -- C:\Documents and Settings\Wayne\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/10/10 15:26:54 | 000,002,284 | ---- | C] () -- C:\Documents and Settings\Wayne\Desktop\Google Chrome.lnk
[2010/10/10 14:10:50 | 000,000,978 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3025990876-1698683601-3399203189-1006UA.job
[2010/10/10 14:10:50 | 000,000,926 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3025990876-1698683601-3399203189-1006Core.job
[2010/10/10 13:29:25 | 000,736,854 | ---- | C] () -- C:\WINDOWS\CNorris.bmp
[2010/10/08 01:02:05 | 000,736,854 | ---- | C] () -- C:\WINDOWS\Preponvue2.bmp
[2010/10/07 14:50:51 | 000,736,854 | ---- | C] () -- C:\WINDOWS\EmmaB.bmp
[2010/10/07 14:18:08 | 000,736,854 | ---- | C] () -- C:\WINDOWS\Alicia2.bmp
[2010/10/07 00:23:32 | 000,736,854 | ---- | C] () -- C:\WINDOWS\Abbyvue2.bmp
[2010/10/05 22:03:47 | 000,736,854 | ---- | C] () -- C:\WINDOWS\Abbyvue.bmp
[2010/10/05 18:59:39 | 000,736,854 | ---- | C] () -- C:\WINDOWS\Preponvue.bmp
[2010/10/04 19:47:56 | 000,736,854 | ---- | C] () -- C:\WINDOWS\Nikkivue2.bmp
[2010/10/03 23:37:52 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/10/03 23:13:33 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/10/03 23:13:33 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/10/03 23:13:33 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/10/03 03:02:05 | 000,736,854 | ---- | C] () -- C:\WINDOWS\Nikkivue.bmp
[2010/10/01 14:35:35 | 000,000,657 | ---- | C] () -- C:\Documents and Settings\Wayne\Desktop\Shortcut to PropelAC.exe.lnk
[2010/09/28 18:29:34 | 001,274,454 | ---- | C] () -- C:\WINDOWS\Roadster2.bmp
[2010/09/26 15:46:02 | 000,007,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCTAppEvent.cat
[2010/09/26 15:46:02 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat
[2010/09/26 15:45:54 | 000,007,387 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctgntdi.cat
[2010/09/26 15:44:31 | 000,007,435 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctNdis-PacketFilter.cat
[2010/09/26 15:44:31 | 000,007,399 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctNdis-DNS.cat
[2010/09/26 15:44:28 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctplfw.cat
[2010/09/24 10:57:40 | 000,000,002 | RHS- | C] () -- C:\WINDOWS\winstart.bat
[2010/09/23 20:26:06 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/09/23 17:00:03 | 001,440,998 | ---- | C] () -- C:\WINDOWS\car00.bmp
[2010/09/22 12:54:42 | 001,440,054 | ---- | C] () -- C:\WINDOWS\car0.bmp
[2010/09/20 17:17:05 | 001,296,998 | ---- | C] () -- C:\WINDOWS\car10.bmp
[2010/09/20 14:56:40 | 001,440,998 | ---- | C] () -- C:\WINDOWS\Pagani-Zonda-Roadster.bmp
[2010/09/18 15:12:25 | 001,121,798 | ---- | C] () -- C:\WINDOWS\Bugatti Veyron2.bmp
[2010/09/18 14:45:20 | 000,896,198 | ---- | C] () -- C:\WINDOWS\Bugatti Veyron.bmp
[2010/09/18 01:39:44 | 001,083,398 | ---- | C] () -- C:\WINDOWS\McLaren3.bmp
[2010/09/18 01:06:40 | 001,356,054 | ---- | C] () -- C:\WINDOWS\McLaren2.bmp
[2010/05/26 00:36:35 | 000,000,085 | ---- | C] () -- C:\WINDOWS\lagarith.ini
[2010/05/10 22:47:00 | 000,000,090 | ---- | C] () -- C:\WINDOWS\huffyuv.ini
[2010/04/21 22:46:50 | 000,000,568 | ---- | C] () -- C:\WINDOWS\HCWPNP.INI
[2010/01/17 03:44:57 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/01/17 03:44:57 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010/01/17 03:44:54 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/01/17 03:44:54 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/01/17 03:44:51 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/12/15 00:38:54 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2009/08/01 20:55:29 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2009/08/01 20:55:29 | 000,038,912 | ---- | C] () -- C:\WINDOWS\System32\KPSYS32.DLL
[2008/05/30 13:31:47 | 007,151,616 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\sandra.mda
[2007/11/06 15:19:28 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2007/02/11 16:39:25 | 000,004,535 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/02/07 00:58:00 | 000,000,846 | ---- | C] () -- C:\WINDOWS\xxclone.ini
[2005/05/20 13:25:42 | 000,000,303 | ---- | C] () -- C:\WINDOWS\vuepro32.ini
[2005/05/16 19:40:23 | 000,000,433 | ---- | C] () -- C:\WINDOWS\System32\imgdatwin.dll
[2005/05/16 19:40:22 | 000,000,052 | ---- | C] () -- C:\WINDOWS\System32\imgstpath.dll
[2005/05/16 19:39:28 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\LtDlgRes14n.dll
[2005/05/08 19:17:22 | 000,024,575 | ---- | C] () -- C:\WINDOWS\System32\Winapppiobas50.dll
[2005/05/08 19:16:02 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\lfkodak.dll
[2005/05/08 19:16:01 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[2004/09/30 18:23:07 | 000,000,052 | ---- | C] () -- C:\WINDOWS\Pex.INI
[2004/09/30 18:15:44 | 000,000,440 | ---- | C] () -- C:\WINDOWS\Ulead32.ini
[2004/09/17 17:37:42 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2004/09/06 19:04:09 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2004/09/01 10:49:17 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2004/08/27 01:00:32 | 000,000,086 | ---- | C] () -- C:\WINDOWS\POSTER.INI
[2004/08/19 16:33:08 | 000,000,155 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2004/07/13 12:12:22 | 000,000,583 | ---- | C] () -- C:\WINDOWS\videoimp.ini
[2004/04/06 14:28:53 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Wayne\Application Data\sversion.ini
[2004/04/01 12:40:14 | 000,000,263 | ---- | C] () -- C:\WINDOWS\phedit.ini
[2004/03/24 15:52:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\jppc.INI
[2004/03/19 15:36:51 | 002,270,720 | ---- | C] () -- C:\WINDOWS\Mgxrdr32.dll
[2004/03/19 15:36:51 | 000,046,080 | ---- | C] () -- C:\WINDOWS\LFTIF60N.DLL
[2004/03/19 15:36:51 | 000,043,008 | ---- | C] () -- C:\WINDOWS\LTFIL60N.DLL
[2004/03/19 15:36:51 | 000,019,968 | ---- | C] () -- C:\WINDOWS\LFTGA60N.DLL
[2004/03/19 15:36:50 | 000,141,824 | ---- | C] () -- C:\WINDOWS\LFCMP60N.DLL
[2004/03/19 15:36:50 | 000,110,080 | ---- | C] () -- C:\WINDOWS\LFPNG60N.DLL
[2004/03/19 15:36:50 | 000,023,552 | ---- | C] () -- C:\WINDOWS\LFPCX60N.DLL
[2004/03/19 15:36:50 | 000,022,016 | ---- | C] () -- C:\WINDOWS\LFGIF60N.DLL
[2004/03/19 15:36:50 | 000,020,480 | ---- | C] () -- C:\WINDOWS\LFPSD60N.DLL
[2004/03/19 15:36:50 | 000,018,432 | ---- | C] () -- C:\WINDOWS\LFRAS60N.DLL
[2004/03/19 15:36:18 | 000,399,350 | ---- | C] () -- C:\WINDOWS\ACCUGLD5.DLL
[2004/03/19 15:36:18 | 000,026,233 | ---- | C] () -- C:\WINDOWS\ACCUIFGL.DLL
[2004/02/09 04:25:28 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/11/08 18:43:56 | 000,000,005 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DirectCDUserNameD.txt
[2003/07/12 14:19:54 | 000,000,107 | ---- | C] () -- C:\WINDOWS\WEBLINK.INI
[2003/05/14 21:48:41 | 000,000,300 | ---- | C] () -- C:\WINDOWS\vuesav32.ini
[2003/05/14 11:03:50 | 000,004,673 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2003/02/08 21:41:09 | 000,000,036 | ---- | C] () -- C:\WINDOWS\cosdtp.ini
[2003/01/07 00:06:48 | 000,000,026 | ---- | C] () -- C:\WINDOWS\Magic40.INI
[2003/01/01 22:39:36 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2002/12/23 17:11:27 | 000,001,056 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2002/12/23 17:11:26 | 000,000,090 | ---- | C] () -- C:\WINDOWS\calera.ini
[2002/12/22 20:46:27 | 000,006,592 | ---- | C] () -- C:\WINDOWS\gwpreset.ini
[2002/12/22 20:46:27 | 000,001,257 | ---- | C] () -- C:\WINDOWS\goldwave.ini
[2002/12/22 18:25:52 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
[2002/12/21 20:37:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MTSTACK.INI
[2002/12/21 15:19:17 | 000,007,411 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2002/12/19 15:56:11 | 000,009,206 | ---- | C] () -- C:\WINDOWS\NTTuner.ini
[2002/12/19 15:04:25 | 000,269,312 | ---- | C] () -- C:\WINDOWS\System32\FPXIG.DLL
[2002/12/19 15:04:25 | 000,068,096 | ---- | C] () -- C:\WINDOWS\System32\IGFPX32P.DLL
[2002/12/19 15:04:25 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\JPEGACC.DLL
[2002/12/19 15:04:02 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\WELSOF32.DLL
[2002/12/19 00:52:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MusicEditor.INI
[2002/12/19 00:52:36 | 000,001,871 | ---- | C] () -- C:\WINDOWS\mp3maker.INI
[2002/12/19 00:50:45 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2002/12/18 15:13:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\dpcnav.INI
[2002/12/18 15:05:00 | 000,026,112 | ---- | C] () -- C:\WINDOWS\System32\inavevnt.dll
[2002/12/17 19:49:46 | 000,000,896 | ---- | C] () -- C:\WINDOWS\ACROREAD.INI
[2002/12/17 19:49:46 | 000,000,027 | ---- | C] () -- C:\WINDOWS\ACROGRAF.INI
[2002/12/17 00:20:57 | 000,001,952 | ---- | C] () -- C:\WINDOWS\SCANFX.INI
[2002/12/15 20:17:09 | 000,173,056 | ---- | C] () -- C:\Documents and Settings\Wayne\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2002/10/30 15:49:12 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2002/10/08 11:02:24 | 000,001,112 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2002/10/08 04:14:05 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2002/09/10 10:10:05 | 000,495,616 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2001/07/06 23:47:50 | 000,003,149 | ---- | C] () -- C:\Program Files\ReadMe.txt
[1999/10/06 17:48:28 | 000,016,476 | ---- | C] () -- C:\WINDOWS\System32\Snapv16.drv

========== LOP Check ==========

[2009/11/18 12:51:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2008/08/08 16:59:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eBay
[2010/09/23 20:33:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2009/01/08 23:44:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MediaMonkey
[2009/07/20 23:42:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2008/05/31 14:07:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2009/07/03 20:16:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2010/10/14 22:14:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2010/10/14 17:54:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/05/03 14:59:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2004/09/30 18:25:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2008/08/08 16:43:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WholeSecurity
[2006/11/27 21:24:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\101 Software
[2010/06/06 19:14:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\DeepBurner
[2008/08/08 16:59:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\eBay
[2008/02/19 17:30:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\Forte
[2009/04/01 02:19:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\Foxit
[2010/10/05 13:22:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\Foxit Software
[2009/03/07 02:27:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\GrabPro
[2010/09/09 13:14:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\gtk-2.0
[2009/04/24 13:09:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\hott notes 4
[2010/02/18 22:56:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\ImTOO Software Studio
[2008/09/22 15:35:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\IrfanView
[2009/05/01 13:35:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\K-Meleon
[2010/07/31 10:29:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\Leadertech
[2010/01/18 23:11:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\Leawo
[2006/11/28 09:48:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\M8 Software
[2008/01/25 12:27:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\MP3Rocket
[2010/10/10 14:10:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\Opera
[2009/03/07 03:03:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\Orbit
[2010/09/26 15:51:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\PCToolsFirewallPlus
[2010/01/13 22:34:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\Pegasys Inc
[2010/05/11 05:12:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\STOIK
[2010/09/22 13:59:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\Thunderbird
[2010/05/03 17:02:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\Trusteer
[2002/12/18 03:38:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\Ulead Systems
[2008/12/24 01:59:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\XnView

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8CE646EE
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C31F31E6

< End of report >

SuperDave · « **Reply #47 on:** October 15, 2010, 12:12:55 PM »

I've sent a pm to my mentor to look at this problem but it may take a few days for him to respond.I hope this is not too much of an inconvience to you.

jwfilion · « **Reply #48 on:** October 15, 2010, 02:19:12 PM »

SuperDave, no inconvience at all. You have been more than patient. I can wait.

Wayne

TonyS9 · « **Reply #49 on:** October 16, 2010, 03:37:20 AM »

Your comment has been removed. Please do not post malware advice, or post here in the malware forum, unless you need help.

jwfilion · « **Reply #50 on:** October 16, 2010, 01:34:38 PM »

I would not insult the intelligence of the kind people on this site, who volunteer their precious time and knowledge, by not doing as much as possible, to remedy the problem myself, using the self help posted here.

SuperDave · « **Reply #51 on:** October 20, 2010, 05:44:50 PM »

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2

Ensure all Firefox browser windows are closed.
To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
When prompted to run the scan, click Yes.
GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

.

jwfilion · « **Reply #52 on:** October 21, 2010, 10:40:46 AM »

Hi SuperDave, I'm think I may have accidentally cured this problem by experimenting with Firefox. I removed it from my computer completely to see if this bug would somehow migrate to another browser (Chrome). I used it for a few days, with no sign of any hijacking. I then loaded Firefox again, and have been using it for several hours without incident, again, knock on wood. Below is the log...

GooredFix by jpshortstuff (03.07.10.1)
Log created at 02:08 on 21/10/2010 (Wayne)
Firefox version 2.0.0.11 (en-US)

========== GooredScan ==========

(none)

========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
[email protected] [06:31 21/10/2010]
{972ce4c6-7e08-4474-a285-3208198ce6fd} [06:31 21/10/2010]

C:\Documents and Settings\Wayne\Application Data\Mozilla\Firefox\Profiles\qddlnzpx.default\extensions\
(none)

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
(Key not found)

-=E.O.F=-

SuperDave · « **Reply #53 on:** October 21, 2010, 01:38:01 PM »

Well, that's good news. Let's give it a few days. If it's fixed post back again and we'll do whatever cleanup is necessary.

jwfilion · « **Reply #54 on:** October 30, 2010, 08:51:11 PM »

Hi SuperDave, well I've given it a week of constant surfing so far, and there is no evidence that the bug is still around. I have used three different browsers and found no problem. Thanks kindly for all your patience. You mentioned something about a cleanup?

SuperDave · « **Reply #55 on:** October 31, 2010, 10:35:06 AM »

That's good news. We'll just do some cleanup.

* Click START then RUN - Vista users press the Windows Key and the R keys together for the Run box.
* Now type Combofix /uninstall in the runbox
* Make sure there's a space between Combofix and /Uninstall
* Then hit Enter

* The above procedure will:
* Delete the following:
* ComboFix and its associated files and folders.
* Reset the clock settings.
* Hide file extensions, if required.
* Hide System/Hidden files, if required.
* Set a new, clean Restore Point.
**********************************
To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.

Click the CleanUp button.
Select Yes when the "Begin cleanup Process?" prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
**************************************
Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
*****************************************
Use the Secunia Software Inspector to check for out of date software.

•Click Start Now

•Check the box next to Enable thorough system inspection.

•Click Start

•Allow the scan to finish and scroll down to see if any updates are needed.
•Update anything listed.
.
----------

Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!

Computer Hope Forum

News:

Author Topic: Please help, being hijacked while web surfing... (Read 31462 times)

jwfilion

harry 48

Azzaboi

Allan

Azzaboi

jwfilion

harry 48

SuperDave

jwfilion

SuperDave

jwfilion

SuperDave

jwfilion

SuperDave

jwfilion

SuperDave

jwfilion

SuperDave

jwfilion

SuperDave

jwfilion

SuperDave

jwfilion

jwfilion

SuperDave

jwfilion

jwfilion

SuperDave

jwfilion

jwfilion

SuperDave

jwfilion

jwfilion

jwfilion

SuperDave

jwfilion

SuperDave

jwfilion

jwfilion

jwfilion

SuperDave

jwfilion

SuperDave

jwfilion

SuperDave

jwfilion

jwfilion

SuperDave

jwfilion

TonyS9

jwfilion

SuperDave

jwfilion

SuperDave

jwfilion

SuperDave