Author Topic: Please help, being hijacked while web surfing... (Read 31469 times)

SuperDave · « **Reply #15 on:** October 06, 2010, 04:57:44 PM »

Re-running ComboFix to remove infections:

Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open notepad and copy/paste the text in the quotebox below into it:
Quote
KillAll::

File::
c:\windows\system32\SET284.tmp
c:\windows\system32\SET45A.tmp
Save this as CFScript.txt, in the same location as ComboFix.exe
Referring to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt
I don't need to see the log from this action.

**************************
Please download 7-Zip and install it. If you already have it, no need to reinstall.

Then, download RootkitUnhooker and save the setup to your Desktop.

Right-click on the RootkitUnhooker setup and mouse-over 7-Zip then click Extract to "RKU***"
Once that is done, enter the folder, and double-click on the setup file. Navigate through setup and finish.
Once that is done, you will see another folder that was created inside the RKU folder. Enter that folder, and double-click on the randomly named file. (It will be alpha-numeric and have an EXE extension on it.)
It will initialize itself and load the scanner. It will also install its driver. Please wait for the interface to begin.
Once inside the interface, do not fix anything. Click on the Report tab.
Next, click on the Scan button and a popup will show. Make sure all are checked, then click on OK. It will begin scanning. When it gets to the Files tab, it will ask you what drives to scan. Just select C:\ and hit OK.
It will finish in about 5 minutes or a little longer depending on how badly infected the system is, or if your security software is enabled.
When finished, it will show the report in the Report tab. Please copy all of it, and post it in your next reply. Depending on how large the log is, you may have to use two or three posts to get all the information in.

jwfilion · « **Reply #16 on:** October 06, 2010, 09:41:43 PM »

Thanks SuperDave. Unfortunately, the script did not get ComboFix running. After many attempts, I got no farther than I did before, so I just said screw it! Below is the log you asked for...

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #1
==============================================
>SSDT State
==============================================
ntoskrnl.exe-->NtAllocateVirtualMemory, Type: Address change 0x80568FCA-->B555D752 [C:\WINDOWS\system32\drivers\PCTAppEvent.sys]
ntoskrnl.exe-->NtAssignProcessToJobObject, Type: Address change 0x805A253D-->B555D440 [C:\WINDOWS\system32\drivers\PCTAppEvent.sys]
ntoskrnl.exe-->NtConnectPort, Type: Address change 0x8058C63A-->B555D482 [C:\WINDOWS\system32\drivers\PCTAppEvent.sys]
ntoskrnl.exe-->NtCreateFile, Type: Address change 0x8056CF98-->B555D530 [C:\WINDOWS\system32\drivers\PCTAppEvent.sys]
ntoskrnl.exe-->NtCreateProcess, Type: Address change 0x805B14AC-->B555DDD8 [C:\WINDOWS\system32\drivers\PCTAppEvent.sys]
ntoskrnl.exe-->NtCreateProcessEx, Type: Address change 0x8057FE4C-->B555DE64 [C:\WINDOWS\system32\drivers\PCTAppEvent.sys]
ntoskrnl.exe-->NtCreateThread, Type: Address change 0x80587A3C-->B555DEF4 [C:\WINDOWS\system32\drivers\PCTAppEvent.sys]
ntoskrnl.exe-->NtDebugActiveProcess, Type: Address change 0x8065B541-->B555D580 [C:\WINDOWS\system32\drivers\PCTAppEvent.sys]
ntoskrnl.exe-->NtDuplicateObject, Type: Address change 0x805717C5-->B555D5C2 [C:\WINDOWS\system32\drivers\PCTAppEvent.sys]
ntoskrnl.exe-->NtLoadDriver, Type: Address change 0x805A3B73-->B555D606 [C:\WINDOWS\system32\drivers\PCTAppEvent.sys]
ntoskrnl.exe-->NtOpenKey, Type: Address change 0x80568D48-->B555D648 [C:\WINDOWS\system32\drivers\PCTAppEvent.sys]
ntoskrnl.exe-->NtOpenSection, Type: Address change 0x805711B4-->B555D68A [C:\WINDOWS\system32\drivers\PCTAppEvent.sys]
ntoskrnl.exe-->NtOpenThread, Type: Address change 0x8058E5C4-->B555D6CC [C:\WINDOWS\system32\drivers\PCTAppEvent.sys]
ntoskrnl.exe-->NtProtectVirtualMemory, Type: Address change 0x80571E96-->B555D79A [C:\WINDOWS\system32\drivers\PCTAppEvent.sys]
ntoskrnl.exe-->NtRequestWaitReplyPort, Type: Address change 0x80576EC6-->B555D70E [C:\WINDOWS\system32\drivers\PCTAppEvent.sys]
ntoskrnl.exe-->NtRestoreKey, Type: Address change 0x8064EFDD-->B555D7DC [C:\WINDOWS\system32\drivers\PCTAppEvent.sys]
ntoskrnl.exe-->NtResumeThread, Type: Address change 0x805880AF-->B555D824 [C:\WINDOWS\system32\drivers\PCTAppEvent.sys]
ntoskrnl.exe-->NtSecureConnectPort, Type: Address change 0x805888DA-->B555D8B4 [C:\WINDOWS\system32\drivers\PCTAppEvent.sys]
ntoskrnl.exe-->NtSetValueKey, Type: Address change 0x80572A6E-->B555D866 [C:\WINDOWS\system32\drivers\PCTAppEvent.sys]
ntoskrnl.exe-->NtSuspendProcess, Type: Address change 0x8062FC39-->B555D958 [C:\WINDOWS\system32\drivers\PCTAppEvent.sys]
ntoskrnl.exe-->NtSystemDebugControl, Type: Address change 0x8064A01B-->B555D99A [C:\WINDOWS\system32\drivers\PCTAppEvent.sys]
ntoskrnl.exe-->NtTerminateProcess, Type: Address change 0x805824CC-->B833E620 [C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys]
ntoskrnl.exe-->NtWriteVirtualMemory, Type: Address change 0x8057E60A-->B555DA2A [C:\WINDOWS\system32\drivers\PCTAppEvent.sys]
==============================================
>Shadow
==============================================
win32k.sys-->NtUserAttachThreadInput, Type: Address change 0xBF8F559C-->B555DA6C [C:\WINDOWS\system32\drivers\PCTAppEvent.sys]
win32k.sys-->NtUserCallOneParam, Type: Address change 0xBF8010DF-->B555DAB4 [C:\WINDOWS\system32\drivers\PCTAppEvent.sys]
win32k.sys-->NtUserGetAsyncKeyState, Type: Address change 0xBF8A3E9C-->B555DAF8 [C:\WINDOWS\system32\drivers\PCTAppEvent.sys]
win32k.sys-->NtUserGetKeyState, Type: Address change 0xBF823E97-->B555DB3C [C:\WINDOWS\system32\drivers\PCTAppEvent.sys]
win32k.sys-->NtUserMessageCall, Type: Address change 0xBF80EEAE-->B555DB80 [C:\WINDOWS\system32\drivers\PCTAppEvent.sys]
win32k.sys-->NtUserPostMessage, Type: Address change 0xBF808327-->B555DBD8 [C:\WINDOWS\system32\drivers\PCTAppEvent.sys]
win32k.sys-->NtUserPostThreadMessage, Type: Address change 0xBF85FD24-->B555DC30 [C:\WINDOWS\system32\drivers\PCTAppEvent.sys]
win32k.sys-->NtUserRegisterRawInputDevices, Type: Address change 0xBF916B09-->B555DC88 [C:\WINDOWS\system32\drivers\PCTAppEvent.sys]
win32k.sys-->NtUserSetWindowsHookEx, Type: Address change 0xBF8AD40B-->B555DD1E [C:\WINDOWS\system32\drivers\PCTAppEvent.sys]
win32k.sys-->NtUserSetWinEventHook, Type: Address change 0xBF8F9928-->B555DCD0 [C:\WINDOWS\system32\drivers\PCTAppEvent.sys]
==============================================
>Processes
==============================================
0x8AA68830 [4] System
0x8A77C368 [292] C:\Program Files\PC Tools Firewall Plus\FWService.exe (PC Tools, PC Tools Firewall Plus service)
0x8A724530 [332] C:\WINDOWS\system32\locator.exe (Microsoft Corporation, Rpc Locator)
0x8A37EDA0 [384] C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe (SiSoftware, SiSoftware Deployment Agent Service (NT)(Unicode))
0x8A109B98 [424] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x8A985A00 [580] C:\WINDOWS\system32\smss.exe (Microsoft Corporation, Windows NT Session Manager)
0x8A740480 [676] C:\WINDOWS\system32\csrss.exe (Microsoft Corporation, Client Server Runtime Process)
0x8A2DCDA0 [700] C:\WINDOWS\system32\winlogon.exe (Microsoft Corporation, Windows NT Logon Application)
0x8A988A00 [744] C:\WINDOWS\system32\services.exe (Microsoft Corporation, Services and Controller app)
0x8A2E8020 [756] C:\WINDOWS\system32\lsass.exe (Microsoft Corporation, LSA Shell (Export Version))
0x89F34990 [920] C:\Program Files\Common Files\Sonic Shared\CineTray.exe (Sonic Solutions, Sonic CinePlayer(R) Tray Application)
0x8A815DA0 [928] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x8A301BE8 [964] C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe (iS3, Inc., STOPzilla Service)
0x8A11CDA0 [988] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp., PowerDVD RC Service)
0x89B54020 [1040] C:\WINDOWS\system32\notepad.exe (Microsoft Corporation, Notepad)
0x8A090DA0 [1072] C:\Program Files\KMaestro\Kmaestro.exe (BTC, KeyMaestro main program)
0x8A0DCDA0 [1088] C:\WINDOWS\essspk.exe (-, Modem On Hold Utility)
0x8A985DA0 [1136] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x8A117B28 [1184] C:\PROGRA~1\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o., AVG Tray Monitor)
0x8A771DA0 [1188] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x8A781408 [1204] C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o., AVG Cache Server)
0x89F46900 [1212] C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o., AVG Resident Shield Service)
0x8A101BC0 [1228] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc., Java(TM) Update Scheduler)
0x8A8C4DA0 [1332] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x8A0A3DA0 [1368] C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe (PC Tools, PC Tools Firewall GUI)
0x8A3689D8 [1448] C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o., AVG Scanning Core Module - Server Part)
0x8A6EB580 [1504] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x8A2E79B0 [1624] C:\WINDOWS\system32\spoolsv.exe (Microsoft Corporation, Spooler SubSystem App)
0x8A2ECB70 [1680] C:\WINDOWS\explorer.exe (Microsoft Corporation, Windows Explorer)
0x8A138DA0 [1756] C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc., Logitech SetPoint Event Manager (UNICODE))
0x8A340558 [1852] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x8A8F89A8 [1928] C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o., AVG Watchdog Service)
0x8A2D8DA0 [1988] C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe (Seagate Technology LLC, Sync Windows Services)
0x89F15DA0 [2108] C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o., AVG E-Mail Scanner)
0x89EFFC88 [2252] C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o., AVG Network scanner Service)
0x89F09BC0 [2344] C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc., Logitech KHAL Main Process)
0x89EBADA0 [2416] C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o., AVG Scanning Core Module - Server Part)
0x89B5C4B8 [2544] C:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation, Windows Security Center Notification App)
0x898F3020 [2736] C:\Documents and Settings\Wayne\Desktop\RkU3.8.388.590\MustBeRandomlyNamed\xq1k3G0m3je.exe (UG North, RKULE, SR2 Normandy)
0x89E37DA0 [3136] C:\WINDOWS\system32\alg.exe (Microsoft Corporation, Application Layer Gateway Service)
0x89CBA5F8 [3320] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation, CTF Loader)
==============================================
>Drivers
==============================================
0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2189952 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2189952 bytes
0x804D7000 RAW 2189952 bytes
0x804D7000 WMIxWDM 2189952 bytes
0xBF800000 Win32k 1855488 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xB985E000 C:\WINDOWS\System32\DRIVERS\es56hpi.sys 671744 bytes (ESS Technology, Inc., ESS Telephony Driver)
0xF7B52000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xB8299000 C:\WINDOWS\System32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xBF012000 C:\WINDOWS\System32\s3gnb.dll 405504 bytes (S3 Graphics, Inc., S3 ProSavage(DDR) & Twister Display Driver)
0xB96D7000 C:\WINDOWS\System32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xB85B3000 C:\WINDOWS\System32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xB53E3000 C:\WINDOWS\System32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xB558E000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xB8542000 C:\WINDOWS\System32\Drivers\avgtdix.sys 237568 bytes (AVG Technologies CZ, s.r.o., AVG Network connection watcher)
0xB857C000 C:\WINDOWS\system32\drivers\pctgntdi.sys 225280 bytes (PC Tools, PC Tools Generic TDI Driver)
0xB8265000 C:\WINDOWS\System32\Drivers\avgldx86.sys 212992 bytes (AVG Technologies CZ, s.r.o., AVG AVI Loader Driver)
0xB97E5000 C:\WINDOWS\system32\drivers\vinyl97.sys 204800 bytes (VIA Technologies, Inc., Vinyl AC'97 Codec Combo WDM Driver)
0xF7508000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xB579A000 C:\WINDOWS\System32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF7841000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xB8309000 C:\WINDOWS\System32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xB823B000 C:\WINDOWS\system32\DRIVERS\emDevice.sys 172032 bytes (eMPIA Technology, Inc., USB 28xx WDM Driver)
0xB9916000 C:\WINDOWS\System32\DRIVERS\s3gnbm.sys 167936 bytes (S3 Graphics, Inc., S3 ProSavage(DDR) & Twister Miniport Driver)
0xB8418000 C:\WINDOWS\System32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xB851C000 C:\WINDOWS\System32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xB50AC000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xB97C1000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB983A000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB9817000 C:\WINDOWS\System32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xB83F6000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xB8334000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys 139264 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
0xF7400000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF74D8000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xB5210000 C:\WINDOWS\system32\drivers\pctplfw.sys 110592 bytes (PC Tools, PC Tools FW Plugin Driver)
0xF7827000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF74C0000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xF786E000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB9796000 C:\WINDOWS\System32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xB5735000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xB97AD000 C:\WINDOWS\System32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xB5552000 C:\WINDOWS\system32\drivers\PCTAppEvent.sys 81920 bytes (PC Tools, PC Tools App Monitor Driver)
0xB9902000 C:\WINDOWS\System32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0x806EE000 ACPI_HAL 81152 bytes
0x806EE000 C:\WINDOWS\system32\hal.dll 81152 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xB860C000 C:\WINDOWS\System32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF7885000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF74F7000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xB9785000 C:\WINDOWS\System32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xF7420000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF7586000 C:\WINDOWS\System32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xB544A000 C:\WINDOWS\system32\drivers\pctNdis-PacketFilter.sys 65536 bytes (PC Tools, PC Tools NDIS - Packet Filter)
0xB99AF000 C:\WINDOWS\System32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xB99BF000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xB99CF000 C:\WINDOWS\System32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xB5C37000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF7566000 C:\WINDOWS\System32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF75F7000 szkg.sys 57344 bytes (iS3 Inc., szkg Device Driver)
0xF7667000 C:\WINDOWS\System32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xB994F000 C:\WINDOWS\system32\DRIVERS\pctNdis.sys 53248 bytes (PC Tools, PC Tools NDIS Driver)
0xB999F000 C:\WINDOWS\System32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF7480000 C:\WINDOWS\system32\DRIVERS\STREAM.SYS 53248 bytes (Microsoft Corporation, WDM CODEC Class Device Driver 2.0)
0xF7607000 szkgfs.sys 53248 bytes (iS3, Inc., STOPzilla Kernel Guard File System, x86-32 )
0xF7647000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xB997F000 C:\WINDOWS\System32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF74A0000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF7596000 C:\WINDOWS\System32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF7637000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xB998F000 C:\WINDOWS\System32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF7627000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF7576000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xB995F000 C:\WINDOWS\System32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF7657000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF7470000 C:\WINDOWS\System32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xB996F000 C:\WINDOWS\System32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF74B0000 C:\WINDOWS\System32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xB4B25000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xF75A6000 C:\WINDOWS\System32\DRIVERS\processr.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xF7677000 PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xF7536000 C:\WINDOWS\System32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF7807000 C:\WINDOWS\system32\drivers\Afc.sys 32768 bytes (Arcsoft, Inc., Arcsoft(R) ASPI Shell)
0xF77EF000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xF7787000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF779F000 C:\WINDOWS\System32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xF77FF000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF771F000 viaagp1.sys 32768 bytes (VIA Technologies, Inc., VIA NT AGP Filter)
0xF7717000 videX32.sys 32768 bytes (VIA Technologies, Inc., VIA Generic PCI IDE Bus Driver)
0xF7817000 C:\WINDOWS\System32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xF776F000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xF7707000 C:\WINDOWS\System32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF7797000 C:\WINDOWS\System32\Drivers\avgmfx86.sys 24576 bytes (AVG Technologies CZ, s.r.o., AVG Resident Shield Minifilter Driver)
0xF77A7000 C:\WINDOWS\system32\drivers\emAudio.sys 24576 bytes (eMPIA Technology, Inc., USB EMP Audio Device)
0xF774F000 C:\WINDOWS\System32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF7747000 C:\WINDOWS\System32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF778F000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
0xB974D000 C:\WINDOWS\System32\Drivers\SnapTHN.SYS 24576 bytes (Play Incorporated, Snappy Windows-NT Driver)
0xF780F000 C:\WINDOWS\System32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xF7777000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF775F000 C:\WINDOWS\System32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
0xF777F000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF770F000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF7737000 C:\WINDOWS\System32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF773F000 C:\WINDOWS\System32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
0xF781F000 C:\WINDOWS\System32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF77F7000 C:\WINDOWS\system32\DRIVERS\usbohci.sys 20480 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
0xB9775000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xB58B7000 C:\WINDOWS\system32\DRIVERS\asyncmac.sys 16384 bytes (Microsoft Corporation, MS Remote Access serial network driver)
0xB578A000 C:\WINDOWS\system32\drivers\cpuz133_x32.sys 16384 bytes (Windows (R) Win 7 DDK provider, CPUID Driver)
0xBA7FC000 C:\WINDOWS\system32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xBA340000 C:\WINDOWS\system32\drivers\MODEMCSA.sys 16384 bytes (Microsoft Corporation, Unimodem CSA Filter)
0xBA7BC000 C:\WINDOWS\System32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xBA7D0000 C:\WINDOWS\System32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xF7897000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xBA7E0000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xBA7CC000 C:\WINDOWS\System32\DRIVERS\gameenum.sys 12288 bytes (Microsoft Corporation, Game Port Enumerator)
0xF7947000 C:\WINDOWS\System32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xBA7F8000 C:\WINDOWS\System32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xBA7C8000 C:\WINDOWS\System32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xBA32C000 C:\WINDOWS\System32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF7937000 C:\WINDOWS\System32\drivers\ws2ifsl.sys 12288 bytes (Microsoft Corporation, Winsock2 IFS Layer)
0xF79C7000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF79CD000 C:\WINDOWS\system32\DRIVERS\emFilter.sys 8192 bytes (eMPIA Technology, Inc., USB 28xx WDM Lower filter)
0xF79CF000 C:\WINDOWS\system32\DRIVERS\emScan.sys 8192 bytes (eMPIA Technology, Inc., USB 28xx WDM Upper Filter)
0xF79C5000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF7987000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF79C9000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF79EB000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xF79CB000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF79C1000 C:\WINDOWS\System32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF79C3000 C:\WINDOWS\System32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7989000 C:\WINDOWS\System32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7A58000 C:\WINDOWS\System32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xB81B2000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF7A54000 C:\WINDOWS\system32\drivers\msmpu401.sys 4096 bytes (Microsoft Corporation, MPU401 Adapter Driver)
0xF7A85000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7A86000 C:\WINDOWS\System32\Drivers\VIAPFD.SYS 4096 bytes (VIA Technologies. Inc., VIA PFD driver)
==============================================
>Stealth
==============================================
==============================================
>Files
==============================================
!-->[Hidden] C:\32788R22FWJFW\EN-US
!-->[Hidden] C:\32788R22FWJFW\N_
!-->[Hidden] C:\cmdcons
!-->[Hidden] C:\DECCHECK
!-->[Hidden] C:\Documents and Settings\All Users\Start Menu\Programs\7-Zip
!-->[Hidden] C:\Documents and Settings\All Users\Start Menu\Programs\Foxit Reader
!-->[Hidden] C:\Documents and Settings\All Users\Start Menu\Programs\GIMP
!-->[Hidden] C:\Documents and Settings\All Users\Start Menu\Programs\Neat Video for VirtualDub
!-->[Hidden] C:\Documents and Settings\All Users\Start Menu\Programs\Rootkit Unhooker LE
!-->[Hidden] C:\Documents and Settings\Wayne\.gimp-2.6
!-->[Hidden] C:\Documents and Settings\Wayne\.thumb
!-->[Hidden] C:\Documents and Settings\Wayne\Application Data\Foxit Software
!-->[Hidden] C:\Documents and Settings\Wayne\Application Data\Macromedia\Flash Player\#SharedObjects\GK77QL6S\core.videoegg.com
!-->[Hidden] C:\Documents and Settings\Wayne\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#core.videoegg.com
!-->[Hidden] C:\Documents and Settings\Wayne\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-6bfce2df-n
!-->[Hidden] C:\Documents and Settings\Wayne\Application Data\Sun\Java\jre1.6.0_21
!-->[Hidden] C:\Documents and Settings\Wayne\Desktop\Art Stuff\art pics2
!-->[Hidden] C:\Documents and Settings\Wayne\Desktop\Art Stuff\Byron Pickering
!-->[Hidden] C:\Documents and Settings\Wayne\Desktop\Art Stuff\swa468018-Painting-With-Gouache_files\ads_data
!-->[Hidden] C:\Documents and Settings\Wayne\Desktop\Art Stuff\swa468018-Painting-With-Gouache_files\ads_data_002
!-->[Hidden] C:\Documents and Settings\Wayne\Desktop\Desktop Stuff\DVDStyler
!-->[Hidden] C:\Documents and Settings\Wayne\Desktop\Movies pre NeatVid
!-->[Hidden] C:\Documents and Settings\Wayne\Desktop\Recipes\BAKED BEANS
!-->[Hidden] C:\Documents and Settings\Wayne\Desktop\Recipes\Bisquick
!-->[Hidden] C:\Documents and Settings\Wayne\Desktop\Recipes\Pumpkin
!-->[Hidden] C:\Documents and Settings\Wayne\Desktop\RkU3.8.388.590
!-->[Hidden] C:\Documents and Settings\Wayne\Desktop\Shortcuts\GoldWave
!-->[Hidden] C:\Documents and Settings\Wayne\Desktop\Temp Pics
!-->[Hidden] C:\Documents and Settings\Wayne\Desktop\To Do List\Digital Camera2
!-->[Hidden] C:\Documents and Settings\Wayne\Desktop\Video Editing\VirtualDub\fieldalign02
!-->[Hidden] C:\Documents and Settings\Wayne\Desktop\Video Editing\VirtualDub\LogoAway_files
!-->[Hidden] C:\Documents and Settings\Wayne\Desktop\Video Editing\VirtualDub\plugins\vdf
!-->[Hidden] C:\Documents and Settings\Wayne\Desktop\Video Editing\VirtualDub\Xsharpen
!-->[Hidden] C:\Documents and Settings\Wayne\Local Settings\Application Data\Microsoft\Media Player\Art Cache
!-->[Hidden] C:\Documents and Settings\Wayne\Local Settings\Application Data\Opera\Opera\application_cache
!-->[Hidden] C:\Documents and Settings\Wayne\Local Settings\Application Data\PCHealth\ErrorRep\QSignoff
!-->[Hidden] C:\Documents and Settings\Wayne\My Documents\CyberLink\PowerDVD\Snapshot
!-->[Hidden] C:\Documents and Settings\Wayne\My Documents\gegl-0.0
!-->[Hidden] C:\Documents and Settings\Wayne\My Documents\My Music\Unknown Artist
!-->[Hidden] C:\Documents and Settings\Wayne\Start Menu\Programs\Windows Media
!-->[Hidden] C:\Program Files\CyberLink\PowerDVD\AVSettings
!-->[Hidden] C:\Program Files\DVDStyler
!-->[Hidden] C:\Program Files\GIMP-2.0
!-->[Hidden] C:\Program Files\GoldWave\Figures
!-->[Hidden] C:\Program Files\GoldWave\File
!-->[Hidden] C:\Program Files\Google\GoogleToolbarNotifier
!-->[Hidden] C:\Program Files\Grisoft
!-->[Hidden] C:\Program Files\GSpot
!-->[Hidden] C:\Program Files\Hewlett-Packard
!-->[Hidden] C:\Program Files\honestech
!-->[Hidden] C:\Program Files\hott notes 4
!-->[Hidden] C:\Program Files\IGC
!-->[Hidden] C:\Program Files\InstallShield Installation Information
!-->[Hidden] C:\Program Files\Internet Explorer
!-->[Hidden] C:\Program Files\IrfanView
!-->[Hidden] C:\Program Files\Java
!-->[Hidden] C:\Program Files\K-Lite Codec Pack
!-->[Hidden] C:\Program Files\KMaestro
!-->[Hidden] C:\Program Files\Lame
!-->[Hidden] C:\Program Files\Larry's GDS Plugins
!-->[Hidden] C:\Program Files\Lavalys
!-->[Hidden] C:\Program Files\Lavasoft
!-->[Hidden] C:\Program Files\Leawo
!-->[Hidden] C:\Program Files\Logitech
!-->[Hidden] C:\Program Files\Malwarebytes' Anti-Malware
!-->[Hidden] C:\Program Files\MediaMonkey
!-->[Hidden] C:\Program Files\Messenger
!-->[Hidden] C:\Program Files\microsoft frontpage
!-->[Hidden] C:\Program Files\Microsoft IntelliType Pro 6.02
!-->[Hidden] C:\Program Files\Moffsoft FreeCalc
!-->[Hidden] C:\Program Files\Movie Joiner
!-->[Hidden] C:\Program Files\Movie Maker
!-->[Hidden] C:\Program Files\Mozilla Firefox
!-->[Hidden] C:\Program Files\Mozilla Thunderbird
!-->[Hidden] C:\Program Files\mozilla.org
!-->[Hidden] C:\Program Files\MP3Rocket
!-->[Hidden] C:\Program Files\MSBuild
!-->[Hidden] C:\Program Files\MSECACHE
!-->[Hidden] C:\Program Files\msn
!-->[Hidden] C:\Program Files\MSN Gaming Zone
!-->[Hidden] C:\Program Files\MSXML 4.0
!-->[Hidden] C:\Program Files\MSXML 6.0
!-->[Hidden] C:\Program Files\MTS Accelerator
!-->[Hidden] C:\Program Files\NetMeeting
!-->[Hidden] C:\Program Files\OLYMPUS
!-->[Hidden] C:\Program Files\Online Services
!-->[Hidden] C:\Program Files\Opera
!-->[Hidden] C:\Program Files\Outlook Express
!-->[Hidden] C:\Program Files\Paint-By-Grids
!-->[Hidden] C:\Program Files\Paint.NET
!-->[Hidden] C:\Program Files\Pegasus Imaging
!-->[Hidden] C:\Program Files\Pixarra
!-->[Hidden] C:\Program Files\Prismatic Software
!-->[Hidden] C:\Program Files\QuickPar
!-->[Hidden] C:\Program Files\QuickTime
!-->[Hidden] C:\Program Files\Real Alternative
!-->[Hidden] C:\Program Files\Reference Assemblies
!-->[Hidden] C:\Program Files\Runtime Software
!-->[Hidden] C:\Program Files\S3
!-->[Hidden] C:\Program Files\ScanSoft
!-->[Hidden] C:\Program Files\Seagate
!-->[Hidden] C:\Program Files\SiSoftware
!-->[Hidden] C:\Program Files\SMagnify
!-->[Hidden] C:\Program Files\Spybot - Search & Destroy
!-->[Hidden] C:\Program Files\SpywareBlaster
!-->[Hidden] C:\Program Files\Super Video Joiner
!-->[Hidden] C:\Program Files\SUPERAntiSpyware
!-->[Hidden] C:\Program Files\TouchStoneSoftware
!-->[Hidden] C:\Program Files\Trend Micro
!-->[Hidden] C:\Program Files\TuneXP
!-->[Hidden] C:\Program Files\TypingMaster
!-->[Hidden] C:\Program Files\Ulead Systems
!-->[Hidden] C:\Program Files\Ultra QuickTime Converter
!-->[Hidden] C:\Program Files\Uninstall Information
!-->[Hidden] C:\Program Files\Unlocker
!-->[Hidden] C:\Program Files\USB_video_device
!-->[Hidden] C:\Program Files\Visioneer OneTouch
!-->[Hidden] C:\Program Files\Visualizer Photo Resize
!-->[Hidden] C:\Program Files\VS Revo Group
!-->[Hidden] C:\Program Files\Windows Installer Clean Up
!-->[Hidden] C:\Program Files\Windows Media Connect 2
!-->[Hidden] C:\Program Files\Windows Media Player
!-->[Hidden] C:\Program Files\Windows NT
!-->[Hidden] C:\Program Files\Windows Resource Kits
!-->[Hidden] C:\Program Files\WindowsUpdate
!-->[Hidden] C:\Program Files\WinMX
!-->[Hidden] C:\Program Files\WinRAR
!-->[Hidden] C:\Program Files\WinTV
!-->[Hidden] C:\Program Files\xerox
!-->[Hidden] C:\Program Files\XXCLONE
!-->[Hidden] C:\Qoobox
!-->[Hidden] C:\QuickTimeOutput
!-->[Hidden] C:\RECYCLER\S-1-5-21-3025990876-1698683601-3399203189-1006\Dc4
!-->[Hidden] C:\RECYCLER\S-1-5-21-3025990876-1698683601-3399203189-1006\Dc67\EN-US
!-->[Hidden] C:\RECYCLER\S-1-5-21-3025990876-1698683601-3399203189-1006\Dc67\N_
!-->[Hidden] C:\S3Graphics
!-->[Hidden] C:\SCANNER
!-->[Hidden] C:\ScanSoft Documents
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2467
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2468
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2469\snapshot\Repository
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2470
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2471
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2472
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2473
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2474
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2475
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2476
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2477
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2478
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2479
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2480
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2481
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2482
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2483
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2484
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2485
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2486
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2487
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2488
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2489
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2490
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2491
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2492
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2493
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2494
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2495
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2496
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2497
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2498
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2499
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2500
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2501
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2502
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2503
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2504
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2505
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2506
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2507
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2508
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2509
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2510
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2511
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2512
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2513
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2514
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2515
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2516
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2517
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2518
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2519
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2520
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2521
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2522
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2523
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2524
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2525
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2526
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2527
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2528
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2529
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2530
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2531
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2532
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2533
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2534
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2535
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2536
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2537
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2538
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2539
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2540
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2541
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2542
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2543
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2544
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2545
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2546
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2547
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2548
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2549
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2550
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2551
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2552
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2553
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2554
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2555
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2556
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2557
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2558
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2559
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2560
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2561
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2562
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2563
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2564
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2565
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2566
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2567
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2568
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2569\snapshot\Repository
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2570
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2587\snapshot\Repository
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2588
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2589
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2590
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2591\snapshot
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2593\snapshot\Repository
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2595
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2596
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2597
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2598
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2600
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2601
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2602
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2603
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2620\snapshot
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2621\snapshot\Repository
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2622
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2623
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2624
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2625\snapshot\Repository
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2626
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2627
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2628
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2629
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2630
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2631\snapshot\Repository
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2632
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2633
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2634
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2635
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2636
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2637
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2638\snapshot\Repository
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2639
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2640
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2641
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2642
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2643
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2644
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2645
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2646
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2647
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2648
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2651\snapshot\Repository
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2652
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2653
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2654
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2655
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2656
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2657
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2658
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2659
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2660
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2661
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2662
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2663
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2664
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2665
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2666
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2667
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2668
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2669\snapshot
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2670
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2671
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2672
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2673\snapshot
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2674
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2675
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2676
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2677
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2678
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2679
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2680
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2681
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2682
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2683
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2684
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2685
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2686
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2687
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2688
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2689
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2690
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2737
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2738
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2739
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2740
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2741
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2742
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2743
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2744
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2745
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2746\snapshot\Repository
!-->[Hidden] C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2754
!-->[Hidden] C:\Temp
!-->[Hidden] C:\videooutput
!-->[Hidden] C:\ViewPro
!-->[Hidden] C:\WINDOWS
!-->[Hidden] C:\WTablet
!-->[Hidden] C:\WUTemp
==============================================
>Hooks
==============================================
ntoskrnl.exe+0x00004AA2, Type: Inline - RelativeJump 0x804DBAA2-->804DBAA9 [ntoskrnl.exe]
ntoskrnl.exe+0x0000B7C8, Type: Inline - PushRet 0x804E27C8-->CBB555D5 [unknown_code_page]
[1680]explorer.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll]
[1680]explorer.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]
[1680]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001268-->00000000 [shimeng.dll]
[1680]explorer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]
[1680]explorer.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll]
[1680]explorer.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x3D931480-->00000000 [shimeng.dll]
[1680]explorer.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71AB109C-->00000000 [shimeng.dll]

!!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)

SuperDave · « **Reply #17 on:** October 07, 2010, 01:10:45 PM »

How's your computer running now?

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the

button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

Click on to download the ESET Smart Installer. Save it to your desktop.
Double click on the icon on your desktop.

•Check

•Click the

button.
•Accept any security warnings from your browser.
•Check

•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push

•Push

, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the

button.
•Push

A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

jwfilion · « **Reply #18 on:** October 07, 2010, 10:03:52 PM »

Hey SuperDave, for what it's worth, the computer seems a bit faster overall, but I'm still being hijacked. In fact, it just happened as I was coming to this site to post the scan report. As follows...

C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2567\A0323516.exe   multiple threats   deleted - quarantined
C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2599\A0327822.exe   multiple threats   deleted - quarantined
C:\System Volume Information\_restore{07F3C917-F5D6-48E1-8AD9-2558CF683551}\RP2718\A0337528.exe   Win32/Adware.ADON application   deleted - quarantined

SuperDave · « **Reply #19 on:** October 08, 2010, 01:18:27 PM »

I would like to run another Rootkit tool. Please try this one.

Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.

Click NO
In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
Now click the Scan button.
Once the scan is complete, you may receive another notice about rootkit activity.
Click OK.
GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
Save it where you can easily find it, such as your desktop.

jwfilion · « **Reply #20 on:** October 09, 2010, 02:30:23 AM »

Thanks SuperDave. Gawd, this one took forever.

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-10-09 01:02:19
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Wayne\LOCALS~1\Temp\afroruob.sys

---- System - GMER 1.0.15 ----

SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools) ZwAllocateVirtualMemory [0xB4EC4752]
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools) ZwAssignProcessToJobObject [0xB4EC4440]
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools) ZwConnectPort [0xB4EC4482]
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools) ZwCreateFile [0xB4EC4530]
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools) ZwCreateProcess [0xB4EC4DD8]
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools) ZwCreateProcessEx [0xB4EC4E64]
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools) ZwCreateThread [0xB4EC4EF4]
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools) ZwDebugActiveProcess [0xB4EC4580]
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools) ZwDuplicateObject [0xB4EC45C2]
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools) ZwLoadDriver [0xB4EC4606]
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools) ZwOpenKey [0xB4EC4648]
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools) ZwOpenSection [0xB4EC468A]
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools) ZwOpenThread [0xB4EC46CC]
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools) ZwProtectVirtualMemory [0xB4EC479A]
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools) ZwRequestWaitReplyPort [0xB4EC470E]
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools) ZwRestoreKey [0xB4EC47DC]
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools) ZwResumeThread [0xB4EC4824]
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools) ZwSecureConnectPort [0xB4EC48B4]
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools) ZwSetValueKey [0xB4EC4866]
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools) ZwSuspendProcess [0xB4EC4958]
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools) ZwSystemDebugControl [0xB4EC499A]
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools) ZwTerminateProcess [0xB4EC49DC]
SSDT \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools App Monitor Driver/PC Tools) ZwWriteVirtualMemory [0xB4EC4A2A]

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + 229 804E2895 3 Bytes [46, EC, B4]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs szkgfs.sys (STOPzilla Kernel Guard File System, x86-32 /iS3, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)
AttachedDevice \Driver\Tcpip \Device\Tcp pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)
AttachedDevice \Driver\Tcpip \Device\Udp pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)
AttachedDevice \Driver\Tcpip \Device\RawIp pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)
AttachedDevice \FileSystem\Fastfat \Fat szkgfs.sys (STOPzilla Kernel Guard File System, x86-32 /iS3, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@NoPopUpsOnBoot 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Error Mode 2
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@RequireSignedAppInit_DLLs 1
Reg HKLM\SOFTWARE\Classes\CLSID\{8F7EC739-D5DE-8DF0-851B2E09AF27478A}\{9DB8FF8F-3E0D-CA6E-8233451919EA27FD}\{89229253-B827-099C-CFFB852028D69EA1}
Reg HKLM\SOFTWARE\Classes\CLSID\{8F7EC739-D5DE-8DF0-851B2E09AF27478A}\{9DB8FF8F-3E0D-CA6E-8233451919EA27FD}\{89229253-B827-099C-CFFB852028D69EA1}@WE6X3HNHJXRI2CPMH2OUMP32VF1 0x01 0x00 0x01 0x00 ...

---- EOF - GMER 1.0.15 ----

SuperDave · « **Reply #21 on:** October 09, 2010, 01:03:32 PM »

Ok. How's your computer running?

jwfilion · « **Reply #22 on:** October 09, 2010, 01:35:15 PM »

SuperDave, it seems to be running quicker. The mouse response is faster as well. I have been surfing the net for a few hours now, without being hijacked, and that is unusual. That's not to say it won't happen again, but I'm hopeful. Thank you kindly for all your help so far.

jwfilion · « **Reply #23 on:** October 09, 2010, 02:22:36 PM »

Sorry, I spoke too soon. Just got jacked again. This is a real pain!

SuperDave · « **Reply #24 on:** October 09, 2010, 05:45:44 PM »

Download OTL to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Under the Custom Scan box paste this in

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%systemroot%\*. /mp /s
c:\$recycle.bin\*.* /s
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
nvstor32.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
explorer.exe
svchost.exe
userinit.exe
qmgr.dll
ws2_32.dll
proquota.exe
imm32.dll
kernel32.dll
ndis.sys
autochk.exe
spoolsv.exe
xmlprov.dll
ntmssvc.dll
mswsock.dll
Beep.SYS
ntfs.sys
termsrv.dll
sfcfiles.dll
st3shark.sys
ahcix86.sys
srsvc.dll
nvrd32.sys
/md5stop
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time

jwfilion · « **Reply #25 on:** October 09, 2010, 08:30:28 PM »

Hey SuperDave, I noticed that in the "Firefox" section of the log, it shows the link
"http://www.veerboo.com/results.php?q="
This is the link that takes me to the redirected page!
Here are the logs...

OTL logfile created on: 10/9/2010 8:27:40 PM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\Wayne\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 61.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): C:\pagefile.sys 360 720 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 262.56 Gb Free Space | 88.08% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OWNER-X35LSKRDA
Current User Name: Wayne
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/10/09 20:17:44 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Wayne\Desktop\OTL.exe
PRC - [2010/10/04 13:14:48 | 002,067,808 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/09/24 19:03:18 | 000,621,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/09/24 19:03:05 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/09/20 18:08:28 | 000,177,616 | R--- | M] (iS3, Inc.) -- C:\Program Files\STOPzilla!\STOPzilla.exe
PRC - [2010/09/20 18:08:22 | 000,062,928 | R--- | M] (iS3, Inc.) -- C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
PRC - [2010/07/18 19:47:59 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/07/18 19:47:55 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/07/18 19:46:18 | 000,921,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/07/18 19:46:16 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/01/12 11:41:00 | 003,168,216 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
PRC - [2009/11/09 11:20:14 | 000,818,432 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Firewall Plus\FWService.exe
PRC - [2008/07/18 15:15:30 | 000,976,792 | ---- | M] (Propel Software Corporation) -- C:\Program Files\MTS Accelerator\PropelAC.exe
PRC - [2008/05/02 03:44:08 | 000,805,392 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2008/05/02 03:40:56 | 000,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2008/04/23 18:55:56 | 000,098,488 | ---- | M] (SiSoftware) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/09 16:21:02 | 000,124,280 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
PRC - [2006/07/25 02:01:00 | 000,114,688 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Sonic Shared\CineTray.exe
PRC - [2004/05/05 14:53:08 | 000,237,568 | ---- | M] (BTC) -- C:\Program Files\KMaestro\Kmaestro.exe
PRC - [2002/05/31 10:34:36 | 000,167,936 | ---- | M] () -- C:\WINDOWS\essspk.exe
PRC - [2002/05/20 09:17:08 | 000,086,016 | ---- | M] (Visioneer Inc) -- C:\Program Files\Visioneer OneTouch\OneTouchMon.exe

========== Modules (SafeList) ==========

MOD - [2010/10/09 20:17:44 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Wayne\Desktop\OTL.exe
MOD - [2009/07/12 02:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
MOD - [2008/05/02 03:42:50 | 000,045,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\lgscroll.dll
MOD - [2008/04/14 05:41:56 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\hid.dll
MOD - [2008/04/14 05:40:22 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2004/04/13 16:58:58 | 000,018,476 | ---- | M] (BTC) -- C:\Program Files\KMaestro\HidKeybd.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/09/20 18:08:22 | 000,062,928 | R--- | M] (iS3, Inc.) [Auto | Running] -- C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe -- (szserver)
SRV - [2010/07/18 19:47:55 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/07/18 19:46:18 | 000,921,440 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2009/11/09 11:20:14 | 000,818,432 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools Firewall Plus\FWService.exe -- (PCToolsFirewallPlus)
SRV - [2008/05/02 03:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2008/04/23 18:55:56 | 000,098,488 | ---- | M] (SiSoftware) [Auto | Running] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe -- (SandraAgentSrv)
SRV - [2007/11/06 15:22:26 | 000,092,792 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2007/10/09 16:21:02 | 000,124,280 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe -- (Basics Service)
SRV - [2005/11/14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\usbndis.sys -- (USBNDIS)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\nuvaudio.sys -- (nuvaudio)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\LMouKE.sys -- (LMouKE)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\LHidUsbK.Sys -- (LHidUsbK)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\CoachVc.sys -- (Dual Mode)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\Drivers\DPCUSB.sys -- (DPCUSB)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\CoachUsb.sys -- (CoachUsb)
DRV - [2010/09/27 01:45:14 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/09/27 01:45:14 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/09/27 01:45:13 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/07/18 19:48:01 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/07/18 19:46:17 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/06/03 08:24:56 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/05/12 18:01:06 | 000,059,280 | R--- | M] (iS3, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\szkgfs.sys -- (szkgfs)
DRV - [2010/05/11 12:00:34 | 000,020,072 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpuz133_x32.sys -- (cpuz133)
DRV - [2010/01/13 08:59:28 | 000,115,216 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctplfw.sys -- (pctplfw)
DRV - [2010/01/12 09:34:14 | 000,070,664 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctNdis-PacketFilter.sys -- (PCTFW-PacketFilter)
DRV - [2010/01/07 12:40:26 | 000,233,136 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pctgntdi.sys -- (pctgntdi)
DRV - [2010/01/07 11:35:06 | 000,058,816 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctNdis.sys -- (pctNDIS)
DRV - [2009/12/07 17:59:32 | 000,061,328 | R--- | M] (iS3 Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\szkg.sys -- (szkg5)
DRV - [2009/12/07 17:59:32 | 000,061,328 | R--- | M] (iS3 Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\is3srv.sys -- (is3srv)
DRV - [2009/11/23 13:54:20 | 000,088,040 | ---- | M] (PC Tools) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PCTAppEvent.sys -- (PCTAppEvent)
DRV - [2009/01/14 16:00:28 | 000,009,688 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emFilter.sys -- (FiltUSBEMPIA)
DRV - [2009/01/14 16:00:28 | 000,009,560 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emScan.sys -- (ScanUSBEMPIA)
DRV - [2009/01/14 16:00:26 | 000,175,576 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emDevice.sys -- (DCamUSBEMPIA)
DRV - [2008/04/14 00:23:10 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/04/14 00:16:24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2008/04/14 00:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/03/10 19:30:36 | 000,021,408 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\WNt500x86\sandra.sys -- (SANDRA)
DRV - [2008/02/29 04:13:46 | 000,028,944 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2008/02/29 04:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008/02/29 04:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2007/11/06 15:22:06 | 000,034,064 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2007/09/21 04:10:20 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2007/01/29 20:20:04 | 000,361,728 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emBDA.sys -- (USB28xxBGA)
DRV - [2007/01/29 20:19:48 | 000,039,680 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emOEM.sys -- (USB28xxOEM)
DRV - [2007/01/12 16:55:24 | 000,022,912 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emAudio.sys -- (emAudio)
DRV - [2006/11/10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2006/10/17 20:22:26 | 000,009,216 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\videX32.sys -- (videX32)
DRV - [2006/04/13 14:09:00 | 000,204,160 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vinyl97.sys -- (VIAudio) Vinyl AC'97 Audio Controller (WDM)
DRV - [2005/07/08 16:40:42 | 000,260,144 | ---- | M] (Hauppauge Computer Works) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Nuvision.sys -- (NuVision)
DRV - [2004/03/02 14:02:30 | 000,167,040 | ---- | M] (S3 Graphics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\s3gnbm.sys -- (S3Psddr)
DRV - [2003/03/24 11:32:08 | 000,702,188 | ---- | M] (ESS Technology, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\es56hpi.sys -- (Edspport)
DRV - [2002/12/22 18:25:52 | 000,005,248 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\giveio.sys -- (giveio)
DRV - [2002/07/24 04:30:00 | 000,032,128 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\viaagp1.sys -- (viaagp1)
DRV - [2001/12/18 14:45:04 | 000,003,279 | ---- | M] (VIA Technologies. Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\VIAPFD.SYS -- (VIAPFD)
DRV - [2001/10/18 12:00:00 | 000,006,144 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\DRIVERS\viaidexp.sys -- (ViaIde)
DRV - [2001/08/17 14:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 09:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [1998/02/23 17:56:50 | 000,031,104 | ---- | M] (Play Incorporated) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\SNAPTHN.SYS -- (SnapTHN)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.canoe.ca/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=localhost:8080

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginen ame: "www.google-feed.net"
FF - prefs.js..browser.search.selectedEngine: "Yahoo! Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://en.canoe.ca/home.html"
FF - prefs.js..extensions.enabledItems: {34274bf4-1d97-a289-e984-17e546307e4f}:0.5.3.043
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.0
FF - prefs.js..extensions.enabledItems: {1d5287d1-8a92-0001-1f31-1cec198018d8}:2.0.20080718
FF - prefs.js..extensions.enabledItems: {F8CC37C3-CBEB-4A00-8CBF-26A88693F0C5}:2.2008.5.13
FF - prefs.js..extensions.enabledItems: {62760FD6-B943-48C9-AB09-F99C6FE96088}:1.6.4
FF - prefs.js..extensions.enabledItems: {EF522540-89F5-46b9-B6FE-1829E2B572C6}:3.13
FF - prefs.js..extensions.enabledItems: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.3.1
FF - prefs.js..keyword.URL: "http://www.veerboo.com/results.php?q="

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/09/24 19:05:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/30 23:33:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/30 23:33:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/09/29 14:13:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010/10/05 13:21:09 | 000,000,000 | ---D | M]

[2010/09/22 13:59:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\Mozilla\Extensions
[2010/09/22 13:59:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Wayne\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/10/09 03:31:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\Mozilla\Firefox\Profiles\d1lib2qr.default\extensions
[2008/09/07 19:21:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\Mozilla\Firefox\Profiles\d1lib2qr.default\extensions\[email protected]
[2010/09/15 19:52:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\Mozilla\Firefox\Profiles\d1lib2qr.default\extensions\SearchHelper
[2008/05/27 22:59:05 | 000,001,162 | ---- | M] () -- C:\Documents and Settings\Wayne\Application Data\Mozilla\Firefox\Profiles\d1lib2qr.default\searchplugins\dictionary.xml
[2010/09/15 19:51:59 | 000,000,003 | ---- | M] () -- C:\Documents and Settings\Wayne\Application Data\Mozilla\Firefox\Profiles\d1lib2qr.default\searchplugins\GoogleFeed.xml
[2010/10/09 03:31:20 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/23 00:24:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/21 02:47:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2008/12/20 00:22:20 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2008/12/21 14:43:06 | 000,067,688 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jar50.dll
[2008/12/21 14:43:06 | 000,054,368 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jsd3250.dll
[2008/12/21 14:43:06 | 000,034,944 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\myspell.dll
[2008/12/21 14:43:06 | 000,046,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\spellchk.dll
[2008/12/21 14:43:07 | 000,172,136 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\xpinstal.dll
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/10/05 13:18:11 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

O1 HOSTS File: ([2010/10/04 00:00:36 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Accelerator Plugin) - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\Program Files\MTS Accelerator\prpl_IePopupBlocker.dll (Propel Software Corporation)
O2 - BHO: (STOPzilla Browser Helper Object) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll (iS3, Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O4 - HKLM..\Run: [00PCTFW] C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe (PC Tools)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [basicsmssmenu] C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe (Maxtor Corporation)
O4 - HKLM..\Run: [BtcMaestro] C:\Program Files\KMaestro\Kmaestro.exe (BTC)
O4 - HKLM..\Run: [CXMon] C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [EssSpkPhone] C:\WINDOWS\essspk.exe ()
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [OneTouch Monitor] C:\Program Files\Visioneer OneTouch\OneTouchMon.exe (Visioneer Inc)
O4 - HKLM..\Run: [VTPreset] C:\WINDOWS\System32\VTPreset.exe (S3 Graphics, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Sonic CinePlayer Quick Launch.lnk = C:\Program Files\Common Files\Sonic Shared\CineTray.exe (Sonic Solutions)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictRun = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictRun = 0
O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\MTS Accelerator\pac-page.html ()
O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\MTS Accelerator\pac-image.html ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {33363249-0000-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/i263_32.cab (Reg Error: Key error.)
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} http://a1540.g.akamai.net/7/1540/52/20021205/qtinstall.info.apple.com/borris/us/win/QuickTimeInstaller.exe (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37623.4285648148 (Reg Error: Key error.)
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://www.crucial.com/controls/cpcScanner.cab (Crucial cpcScan)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Preponvue2.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Preponvue2.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/10/08 09:25:20 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Cloudmark SpamNet for OE.lnk - Reg Error: Value error. - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^dpcstart.lnk - Reg Error: Value error. - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^Wayne^Start Menu^Programs^Startup^ClickTray Calendar.lnk - Reg Error: Value error. - File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

SafeBootMin: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: WdfLoadGroup -
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: hitmanpro35 - Reg Error: Value error.
SafeBootNet: hitmanpro35.sys - Reg Error: Value error.
SafeBootNet: HitmanPro35Crusader - Reg Error: Value error.
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PEVSystemStart - Service
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: procexp90.Sys - Driver
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: WdfLoadGroup -
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {032A6019-9DAA-40f9-A3B3-34ABB0AA0947} - Q813951
ActiveX: {057997dd-71e4-43cc-b161-3f8180691a9e} - Q824145
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {2298d453-bcae-4519-bf33-1cbf3faf1524} - Q867801
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.2
ActiveX: {2757B1D6-0367-4663-877C-93ECC5C01BF6} - Q324929
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.2
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2cc9d512-6db6-4f1c-8979-9a41fae88de0} - Q837009
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {377483c2-e4b4-4ee8-b577-9aed264c8735} - Q822925
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5f3c70b3-ac2f-432c-8f9c-1624df61f54f} - Microsoft Data Access Components KB870669
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {795d0712-722c-43ec-906a-fc5e678eada9} - Q831167
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {96543d59-497a-4801-a1f3-5936aacaf7b1} - Q828750
ActiveX: {abcdf74f-9a64-4e6e-b8eb-6e5a41de6550} -
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C34F4917-ED43-439f-9023-97B0024A2B3B} - Q810847
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player 9 ActiveX
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {eddbec60-89cb-44ef-8291-0850fd28ff6a} - Q832894
ActiveX: {f5173cf0-1dfb-4978-8e50-a90169ee7ca9} - Q823353
ActiveX: {F5776D81-AE53-4935-8E84-B0B283D8BCEF} - Q330994
ActiveX: {f5de1b93-9d38-416b-b09e-aa85a8e84309} - Q818529
ActiveX: {F9C174E3-3E87-40bc-AA94-B8974F2B9222} - Q813489
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.dvacm - C:\Program Files\Common Files\Ulead Systems\Vio\DVACM.acm ()
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVIDEO - C:\WINDOWS\System32\SnapVNT.drv (Play Incorporated)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.ffds - C:\Program Files\Combined Community Codec Pack\Filters\FFDShow\ff_vfw.dll ()
Drivers32: VIDC.HFYU - C:\WINDOWS\System32\HUFFYUV.DLL (Disappearing Inc.)
Drivers32: VIDC.I263 - C:\WINDOWS\System32\i263_32.drv (Intel Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.LAGS - C:\WINDOWS\System32\lagarith.dll ( )
Drivers32: VIDC.MJPG - C:\Program Files\Common Files\Pegasus Imaging\pvmjpg40.dll (Accusoft Pegasus)
Drivers32: VIDC.MP42 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: VIDC.MPG4 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: VIDC.NTN1 - C:\WINDOWS\System32\nuvision.ax (Zoran Ltd.)
Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvid.dll ()
Drivers32: VIDC.YV12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)
Drivers32: wave1 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

========== Files/Folders - Created Within 90 Days ==========

[2010/10/09 20:15:07 | 000,576,512 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Wayne\Desktop\OTL.exe
[2010/10/09 15:07:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne\Desktop\remove-tdss-tdl3-alureon-rootkit-using-tdsskiller_files
[2010/10/06 19:41:15 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2010/10/06 00:33:51 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/10/06 00:02:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/10/05 23:03:20 | 000,000,000 | ---D | C] -- C:\ViewPro
[2010/10/05 13:22:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne\Application Data\Foxit Software
[2010/10/03 23:37:50 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/10/03 23:13:33 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/10/03 23:13:33 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/10/03 22:48:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne\My Documents\New Folder
[2010/09/30 20:34:29 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Wayne\Recent
[2010/09/29 14:13:05 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2010/09/26 15:50:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne\Application Data\PCToolsFirewallPlus
[2010/09/26 15:46:02 | 000,207,792 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2010/09/26 15:46:02 | 000,088,040 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2010/09/26 15:45:54 | 000,233,136 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2010/09/26 15:44:31 | 000,070,664 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctNdis-PacketFilter.sys
[2010/09/26 15:44:31 | 000,058,816 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctNdis.sys
[2010/09/26 15:44:31 | 000,032,680 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctNdis-DNS.sys
[2010/09/26 15:44:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/09/26 15:44:28 | 000,115,216 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplfw.sys
[2010/09/26 15:44:25 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Firewall Plus
[2010/09/26 04:53:45 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/09/25 10:42:24 | 000,000,000 | ---D | C] -- C:\Program Files\STOPzilla!
[2010/09/25 10:42:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2010/09/25 10:42:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
[2010/09/25 00:00:27 | 000,000,000 | ---D | C] -- C:\671feffc3b70b88a397bd6f620fbac40
[2010/09/24 11:25:08 | 000,000,000 | ---D | C] -- C:\Program Files\UnHackMe
[2010/09/24 10:54:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne\My Documents\RegRun2
[2010/09/23 20:33:42 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2010/09/23 20:23:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/09/23 20:23:20 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2010/09/21 01:28:15 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/09/20 18:08:16 | 000,546,256 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\SZComp5.dll
[2010/09/20 18:08:16 | 000,132,560 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3HTUI5.dll
[2010/09/20 18:08:16 | 000,022,992 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\SZIO5.dll
[2010/09/20 18:08:14 | 000,452,048 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\SZBase5.dll
[2010/09/20 18:08:14 | 000,398,800 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3DBA5.dll
[2010/09/20 18:08:14 | 000,099,792 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Svc5.dll
[2010/09/20 18:08:14 | 000,067,024 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Hks5.dll
[2010/09/20 18:08:14 | 000,028,624 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3XDat5.dll
[2010/09/20 18:08:12 | 000,738,768 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Base5.dll
[2010/09/20 18:08:12 | 000,390,608 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3UI5.dll
[2010/09/20 18:08:12 | 000,230,864 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Win325.dll
[2010/09/20 18:08:12 | 000,099,792 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Inet5.dll
[2010/09/15 19:51:20 | 000,000,000 | ---D | C] -- C:\Program Files\WinPcap
[2010/08/19 17:55:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne\.gimp-2.6
[2010/08/19 17:55:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne\My Documents\gegl-0.0
[2010/08/19 17:54:23 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP-2.0
[2010/07/31 10:54:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2010/07/31 10:29:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne\Application Data\Leadertech
[2010/07/31 09:40:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Sonic Shared
[2010/07/31 09:40:13 | 000,000,000 | ---D | C] -- C:\Program Files\Sonic
[2010/07/30 16:35:08 | 000,036,864 | ---- | C] (Robdogg Inc.) -- C:\WINDOWS\System32\trayicon_handler.ocx
[2010/07/30 16:35:08 | 000,028,672 | ---- | C] (-) -- C:\WINDOWS\System32\mousewheel.ocx
[2010/07/30 12:32:35 | 000,000,000 | ---D | C] -- C:\Program Files\XviD
[2010/07/30 12:32:35 | 000,000,000 | ---D | C] -- C:\Program Files\AC3Filter
[2010/07/30 12:32:29 | 000,000,000 | ---D | C] -- C:\Program Files\Combined Community Codec Pack
[2010/07/30 12:32:28 | 000,000,000 | ---D | C] -- C:\Program Files\ffdshow
[2010/07/29 22:40:21 | 000,000,000 | ---D | C] -- C:\Program Files\FinalBurner
[2010/07/29 22:34:02 | 000,839,680 | ---- | C] (http://www.mp3dev.org/) -- C:\WINDOWS\System32\lameACM.acm
[2010/07/29 21:02:54 | 000,000,000 | ---D | C] -- C:\videodvdmaker
[2010/07/29 20:30:33 | 000,000,000 | ---D | C] -- C:\Program Files\Video DVD Maker
[2010/07/29 10:43:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne\Application Data\DVD Flick
[2010/07/29 10:42:54 | 000,000,000 | ---D | C] -- C:\Program Files\DVD Flick
[2010/07/28 23:12:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne\My Documents\GFDOutDir
[2010/07/27 20:04:29 | 000,000,000 | ---D | C] -- C:\Program Files\MPC HomeCinema
[2010/07/26 21:32:05 | 000,000,000 | ---D | C] -- C:\Temp
[2010/07/26 21:32:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wayne\.thumb
[2010/07/26 21:31:55 | 000,000,000 | ---D | C] -- C:\Program Files\DVDStyler
[2010/07/18 19:47:58 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/07/13 01:06:50 | 000,000,000 | ---D | C] -- C:\DECCHECK
[2010/07/12 13:33:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/07/12 11:47:58 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2010/07/12 11:18:49 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Resource Kits
[2010/07/12 01:34:28 | 000,000,000 | ---D | C] -- C:\Program Files\Messenger
[2010/07/12 01:34:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2010/07/12 01:33:54 | 000,000,000 | ---D | C] -- C:\Program Files\msn
[2010/07/12 01:33:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2010/07/12 01:33:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2010/07/12 01:27:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2010/07/12 01:23:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2010/05/26 00:21:38 | 000,121,344 | ---- | C] ( ) -- C:\WINDOWS\System32\lagarith.dll
[2001/07/06 16:59:54 | 000,372,736 | ---- | C] (Ed Halley - http://www.halley.cc/stuff/) -- C:\Program Files\Dragnifier.exe
[943 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[24 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]
[15 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[126 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/10/09 20:17:44 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Wayne\Desktop\OTL.exe
[2010/10/09 15:35:18 | 000,000,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2010/10/09 15:34:41 | 000,000,339 | ---- | M] () -- C:\WINDOWS\vuepro32.ini
[2010/10/09 15:07:29 | 000,035,368 | ---- | M] () -- C:\Documents and Settings\Wayne\Desktop\remove-tdss-tdl3-alureon-rootkit-using-tdsskiller.htm
[2010/10/09 12:17:51 | 065,803,277 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/10/09 11:18:33 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/09 11:17:26 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/10/09 11:17:18 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/09 11:16:04 | 017,825,792 | ---- | M] () -- C:\Documents and Settings\Wayne\ntuser.dat
[2010/10/09 11:15:41 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Wayne\ntuser.ini
[2010/10/08 14:27:04 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Wayne\Desktop\gmer.zip
[2010/10/08 14:12:56 | 000,081,069 | ---- | M] () -- C:\Documents and Settings\Wayne\Desktop\aptera-electric-car.jpg
[2010/10/08 12:36:21 | 000,736,854 | ---- | M] () -- C:\WINDOWS\Preponvue2.bmp
[2010/10/08 00:49:40 | 000,736,854 | ---- | M] () -- C:\WINDOWS\Preponvue.bmp
[2010/10/07 18:05:51 | 000,736,854 | ---- | M] () -- C:\WINDOWS\EmmaB.bmp
[2010/10/07 14:39:21 | 000,736,854 | ---- | M] () -- C:\WINDOWS\Alicia2.bmp
[2010/10/07 00:23:32 | 000,736,854 | ---- | M] () -- C:\WINDOWS\Abbyvue2.bmp
[2010/10/06 19:37:43 | 000,629,057 | ---- | M] () -- C:\Documents and Settings\Wayne\Desktop\RkU3.8.388.590.rar
[2010/10/06 13:06:11 | 000,736,854 | ---- | M] () -- C:\WINDOWS\Abbyvue.bmp
[2010/10/05 23:56:46 | 000,002,297 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/10/05 17:46:40 | 000,736,854 | ---- | M] () -- C:\WINDOWS\Nikkivue2.bmp
[2010/10/05 15:25:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/10/05 14:22:00 | 000,736,854 | ---- | M] () -- C:\WINDOWS\Nikkivue.bmp
[2010/10/05 13:21:29 | 000,000,901 | ---- | M] () -- C:\Documents and Settings\Wayne\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
[2010/10/04 00:00:36 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/10/03 23:37:58 | 000,000,337 | RHS- | M] () -- C:\boot.ini
[2010/10/01 23:35:41 | 000,960,054 | ---- | M] () -- C:\WINDOWS\Bugatti.bmp
[2010/10/01 14:35:35 | 000,000,657 | ---- | M] () -- C:\Documents and Settings\Wayne\Desktop\Shortcut to PropelAC.exe.lnk
[2010/09/30 17:48:29 | 000,979,254 | ---- | M] () -- C:\WINDOWS\ssc-ultimate-aero.bmp
[2010/09/30 11:42:57 | 001,274,454 | ---- | M] () -- C:\WINDOWS\Roadster2.bmp
[2010/09/30 10:31:47 | 001,200,054 | ---- | M] () -- C:\WINDOWS\Saleen_S7.bmp
[2010/09/30 08:43:24 | 001,440,054 | ---- | M] () -- C:\WINDOWS\car0.bmp
[2010/09/29 14:13:10 | 000,001,686 | ---- | M] () -- C:\Documents and Settings\Wayne\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2010/09/25 14:34:23 | 003,181,242 | -H-- | M] () -- C:\Documents and Settings\Wayne\Local Settings\Application Data\IconCache.db
[2010/09/24 18:39:07 | 000,016,968 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/09/24 11:26:37 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/09/24 11:26:37 | 000,001,688 | ---- | M] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2010/09/24 11:26:37 | 000,000,002 | RHS- | M] () -- C:\WINDOWS\winstart.bat
[2010/09/23 20:33:42 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2010/09/23 17:00:03 | 001,440,998 | ---- | M] () -- C:\WINDOWS\car00.bmp
[2010/09/20 18:08:16 | 000,546,256 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\SZComp5.dll
[2010/09/20 18:08:16 | 000,132,560 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3HTUI5.dll
[2010/09/20 18:08:16 | 000,022,992 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\SZIO5.dll
[2010/09/20 18:08:14 | 000,452,048 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\SZBase5.dll
[2010/09/20 18:08:14 | 000,398,800 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3DBA5.dll
[2010/09/20 18:08:14 | 000,099,792 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Svc5.dll
[2010/09/20 18:08:14 | 000,067,024 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Hks5.dll
[2010/09/20 18:08:14 | 000,028,624 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3XDat5.dll
[2010/09/20 18:08:12 | 000,738,768 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Base5.dll
[2010/09/20 18:08:12 | 000,390,608 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3UI5.dll
[2010/09/20 18:08:12 | 000,230,864 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Win325.dll
[2010/09/20 18:08:12 | 000,099,792 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Inet5.dll
[2010/09/20 17:17:05 | 001,296,998 | ---- | M] () -- C:\WINDOWS\car10.bmp
[2010/09/20 14:56:40 | 001,440,998 | ---- | M] () -- C:\WINDOWS\Pagani-Zonda-Roadster.bmp
[2010/09/19 14:45:35 | 000,016,826 | -H-- | M] () -- C:\WINDOWS\vuepro32.GID
[2010/09/18 15:12:24 | 001,121,798 | ---- | M] () -- C:\WINDOWS\Bugatti Veyron2.bmp
[2010/09/18 14:45:20 | 000,896,198 | ---- | M] () -- C:\WINDOWS\Bugatti Veyron.bmp
[2010/09/18 02:11:51 | 001,356,054 | ---- | M] () -- C:\WINDOWS\McLaren2.bmp
[2010/09/18 01:39:44 | 001,083,398 | ---- | M] () -- C:\WINDOWS\McLaren3.bmp
[2010/09/12 15:54:42 | 001,440,054 | ---- | M] () -- C:\WINDOWS\carmen2.bmp
[2010/09/12 15:54:13 | 001,440,054 | ---- | M] () -- C:\WINDOWS\carmen.bmp
[2010/09/12 02:52:36 | 001,275,398 | ---- | M] () -- C:\WINDOWS\car5.bmp
[2010/09/10 15:02:58 | 001,016,198 | ---- | M] () -- C:\WINDOWS\car4.bmp
[2010/09/10 14:47:53 | 001,275,398 | ---- | M] () -- C:\WINDOWS\car3.bmp
[2010/09/09 13:14:33 | 000,004,681 | ---- | M] () -- C:\Documents and Settings\Wayne\.recently-used.xbel
[2010/09/07 14:21:59 | 000,063,109 | ---- | M] () -- C:\Documents and Settings\Wayne\Desktop\Puppy2.jpg
[2010/09/01 20:40:00 | 000,878,454 | ---- | M] () -- C:\WINDOWS\car.bmp
[2010/08/31 13:32:29 | 001,440,054 | ---- | M] () -- C:\WINDOWS\1982_lamborghini.bmp
[2010/08/31 13:18:53 | 000,050,502 | ---- | M] () -- C:\Documents and Settings\Wayne\Desktop\slutclass3.jpg
[2010/08/28 21:40:00 | 000,000,300 | ---- | M] () -- C:\WINDOWS\vuesav32.ini
[2010/08/19 17:54:52 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\GIMP 2.lnk
[2010/08/18 18:12:33 | 001,413,654 | ---- | M] () -- C:\WINDOWS\Murcielago.bmp
[2010/08/16 18:01:06 | 000,444,932 | ---- | M] () -- C:\Documents and Settings\Wayne\Desktop\Puppy.jpg
[2010/08/14 00:04:33 | 000,658,640 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/12 15:45:04 | 000,001,248 | ---- | M] () -- C:\WINDOWS\goldwave.ini
[2010/08/04 21:33:52 | 000,000,610 | ---- | M] () -- C:\Documents and Settings\Wayne\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2010/08/04 21:33:52 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2010/07/31 15:25:12 | 000,001,140 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/07/31 09:43:56 | 000,004,673 | ---- | M] () -- C:\WINDOWS\WININIT.INI
[2010/07/31 09:40:15 | 000,000,773 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Sonic CinePlayer Quick Launch.lnk
[2010/07/27 20:04:31 | 000,000,648 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Media Player Classic - Home Cinema.lnk
[2010/07/25 02:10:09 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/24 18:52:58 | 000,254,632 | ---- | M] () -- C:\Documents and Settings\Wayne\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/07/24 09:58:52 | 000,000,014 | ---- | M] () -- C:\Documents and Settings\Wayne\My Documents\PDVD_MediaDisc.PlayList
[2010/07/22 23:00:44 | 000,173,056 | ---- | M] () -- C:\Documents and Settings\Wayne\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/18 19:48:01 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/07/18 19:47:58 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/07/18 19:46:17 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/07/12 13:46:00 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/07/12 13:45:27 | 000,000,800 | ---- | M] () -- C:\Documents and Settings\Wayne\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/07/12 13:43:59 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/07/12 13:43:59 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/07/12 13:38:01 | 000,465,086 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/07/12 13:38:01 | 000,402,610 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/07/12 13:38:01 | 000,055,312 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/07/12 11:54:49 | 000,250,048 | RHS- | M] () -- C:\ntldr
[943 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[15 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[126 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/09 15:07:27 | 000,035,368 | ---- | C] () -- C:\Documents and Settings\Wayne\Desktop\remove-tdss-tdl3-alureon-rootkit-using-tdsskiller.htm
[2010/10/09 11:18:57 | 000,000,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2010/10/09 02:27:47 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Wayne\Desktop\gmer.exe
[2010/10/08 14:26:11 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Wayne\Desktop\gmer.zip
[2010/10/08 14:12:56 | 000,081,069 | ---- | C] () -- C:\Documents and Settings\Wayne\Desktop\aptera-electric-car.jpg
[2010/10/08 01:02:05 | 000,736,854 | ---- | C] () -- C:\WINDOWS\Preponvue2.bmp
[2010/10/07 14:50:51 | 000,736,854 | ---- | C] () -- C:\WINDOWS\EmmaB.bmp
[2010/10/07 14:18:08 | 000,736,854 | ---- | C] () -- C:\WINDOWS\Alicia2.bmp
[2010/10/07 00:23:32 | 000,736,854 | ---- | C] () -- C:\WINDOWS\Abbyvue2.bmp
[2010/10/06 19:36:33 | 000,629,057 | ---- | C] () -- C:\Documents and Settings\Wayne\Desktop\RkU3.8.388.590.rar
[2010/10/05 22:03:47 | 000,736,854 | ---- | C] () -- C:\WINDOWS\Abbyvue.bmp
[2010/10/05 18:59:39 | 000,736,854 | ---- | C] () -- C:\WINDOWS\Preponvue.bmp
[2010/10/04 19:47:56 | 000,736,854 | ---- | C] () -- C:\WINDOWS\Nikkivue2.bmp
[2010/10/03 23:37:52 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/10/03 23:13:33 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/10/03 23:13:33 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/10/03 23:13:33 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/10/03 03:02:05 | 000,736,854 | ---- | C] () -- C:\WINDOWS\Nikkivue.bmp
[2010/10/01 14:35:35 | 000,000,657 | ---- | C] () -- C:\Documents and Settings\Wayne\Desktop\Shortcut to PropelAC.exe.lnk
[2010/09/28 18:29:34 | 001,274,454 | ---- | C] () -- C:\WINDOWS\Roadster2.bmp
[2010/09/26 15:46:02 | 000,007,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCTAppEvent.cat
[2010/09/26 15:46:02 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat
[2010/09/26 15:45:54 | 000,007,387 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctgntdi.cat
[2010/09/26 15:44:31 | 000,007,435 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctNdis-PacketFilter.cat
[2010/09/26 15:44:31 | 000,007,399 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctNdis-DNS.cat
[2010/09/26 15:44:28 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctplfw.cat
[2010/09/24 10:57:40 | 000,000,002 | RHS- | C] () -- C:\WINDOWS\winstart.bat
[2010/09/23 20:26:06 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/09/23 17:00:03 | 001,440,998 | ---- | C] () -- C:\WINDOWS\car00.bmp
[2010/09/22 12:54:42 | 001,440,054 | ---- | C] () -- C:\WINDOWS\car0.bmp
[2010/09/20 17:17:05 | 001,296,998 | ---- | C] () -- C:\WINDOWS\car10.bmp
[2010/09/20 14:56:40 | 001,440,998 | ---- | C] () -- C:\WINDOWS\Pagani-Zonda-Roadster.bmp
[2010/09/18 15:12:25 | 001,121,798 | ---- | C] () -- C:\WINDOWS\Bugatti Veyron2.bmp
[2010/09/18 14:45:20 | 000,896,198 | ---- | C] () -- C:\WINDOWS\Bugatti Veyron.bmp
[2010/09/18 01:39:44 | 001,083,398 | ---- | C] () -- C:\WINDOWS\McLaren3.bmp
[2010/09/18 01:06:40 | 001,356,054 | ---- | C] () -- C:\WINDOWS\McLaren2.bmp
[2010/09/12 15:54:42 | 001,440,054 | ---- | C] () -- C:\WINDOWS\carmen2.bmp
[2010/09/12 02:52:36 | 001,275,398 | ---- | C] () -- C:\WINDOWS\car5.bmp
[2010/09/10 15:02:58 | 001,016,198 | ---- | C] () -- C:\WINDOWS\car4.bmp
[2010/09/10 14:47:53 | 001,275,398 | ---- | C] () -- C:\WINDOWS\car3.bmp
[2010/09/09 13:14:33 | 000,004,681 | ---- | C] () -- C:\Documents and Settings\Wayne\.recently-used.xbel
[2010/09/07 14:21:59 | 000,063,109 | ---- | C] () -- C:\Documents and Settings\Wayne\Desktop\Puppy2.jpg
[2010/08/31 01:47:35 | 001,440,054 | ---- | C] () -- C:\WINDOWS\1982_lamborghini.bmp
[2010/08/19 17:54:52 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\GIMP 2.lnk
[2010/08/18 18:25:45 | 002,311,601 | ---- | C] () -- C:\Documents and Settings\Wayne\Desktop\ENGLISH.pdf
[2010/08/11 17:37:06 | 000,960,054 | ---- | C] () -- C:\WINDOWS\Bugatti.bmp
[2010/07/31 09:40:15 | 000,000,773 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Sonic CinePlayer Quick Launch.lnk
[2010/07/29 08:00:47 | 017,825,792 | ---- | C] () -- C:\Documents and Settings\Wayne\ntuser.dat
[2010/07/27 20:04:31 | 000,000,648 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Media Player Classic - Home Cinema.lnk
[2010/07/24 11:30:49 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\ac3filter.cpl
[2010/07/12 13:46:00 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/07/12 13:45:27 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\Wayne\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/05/26 00:36:35 | 000,000,085 | ---- | C] () -- C:\WINDOWS\lagarith.ini
[2010/05/10 22:47:00 | 000,000,090 | ---- | C] () -- C:\WINDOWS\huffyuv.ini
[2010/04/21 22:46:50 | 000,000,568 | ---- | C] () -- C:\WINDOWS\HCWPNP.INI
[2010/01/17 03:44:57 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/01/17 03:44:57 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010/01/17 03:44:54 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/01/17 03:44:54 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/01/17 03:44:51 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/01/17 03:44:51 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/12/15 00:38:54 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2009/08/01 20:55:29 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2009/08/01 20:55:29 | 000,038,912 | ---- | C] () -- C:\WINDOWS\System32\KPSYS32.DLL
[2008/05/30 13:31:47 | 007,151,616 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\sandra.mda
[2007/11/06 15:19:28 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2007/02/11 16:39:25 | 000,004,535 | ---- | C

jwfilion · « **Reply #26 on:** October 09, 2010, 08:43:17 PM »

[2007/02/11 16:39:25 | 000,004,535 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/02/07 00:58:00 | 000,000,846 | ---- | C] () -- C:\WINDOWS\xxclone.ini
[2005/05/20 13:25:42 | 000,000,339 | ---- | C] () -- C:\WINDOWS\vuepro32.ini
[2005/05/16 19:40:23 | 000,000,433 | ---- | C] () -- C:\WINDOWS\System32\imgdatwin.dll
[2005/05/16 19:40:22 | 000,000,052 | ---- | C] () -- C:\WINDOWS\System32\imgstpath.dll
[2005/05/16 19:39:28 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\LtDlgRes14n.dll
[2005/05/08 19:17:22 | 000,024,575 | ---- | C] () -- C:\WINDOWS\System32\Winapppiobas50.dll
[2005/05/08 19:16:02 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\lfkodak.dll
[2005/05/08 19:16:01 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[2004/09/30 18:23:07 | 000,000,052 | ---- | C] () -- C:\WINDOWS\Pex.INI
[2004/09/30 18:15:44 | 000,000,440 | ---- | C] () -- C:\WINDOWS\Ulead32.ini
[2004/09/17 17:37:42 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2004/09/06 19:04:09 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2004/09/01 10:49:17 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2004/08/27 01:00:32 | 000,000,086 | ---- | C] () -- C:\WINDOWS\POSTER.INI
[2004/08/19 16:33:08 | 000,000,155 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2004/07/13 12:12:22 | 000,000,583 | ---- | C] () -- C:\WINDOWS\videoimp.ini
[2004/04/06 14:28:53 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Wayne\Application Data\sversion.ini
[2004/04/01 12:40:14 | 000,000,263 | ---- | C] () -- C:\WINDOWS\phedit.ini
[2004/03/24 15:52:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\jppc.INI
[2004/03/19 15:36:51 | 002,270,720 | ---- | C] () -- C:\WINDOWS\Mgxrdr32.dll
[2004/03/19 15:36:51 | 000,046,080 | ---- | C] () -- C:\WINDOWS\LFTIF60N.DLL
[2004/03/19 15:36:51 | 000,043,008 | ---- | C] () -- C:\WINDOWS\LTFIL60N.DLL
[2004/03/19 15:36:51 | 000,019,968 | ---- | C] () -- C:\WINDOWS\LFTGA60N.DLL
[2004/03/19 15:36:50 | 000,141,824 | ---- | C] () -- C:\WINDOWS\LFCMP60N.DLL
[2004/03/19 15:36:50 | 000,110,080 | ---- | C] () -- C:\WINDOWS\LFPNG60N.DLL
[2004/03/19 15:36:50 | 000,023,552 | ---- | C] () -- C:\WINDOWS\LFPCX60N.DLL
[2004/03/19 15:36:50 | 000,022,016 | ---- | C] () -- C:\WINDOWS\LFGIF60N.DLL
[2004/03/19 15:36:50 | 000,020,480 | ---- | C] () -- C:\WINDOWS\LFPSD60N.DLL
[2004/03/19 15:36:50 | 000,018,432 | ---- | C] () -- C:\WINDOWS\LFRAS60N.DLL
[2004/03/19 15:36:18 | 000,399,350 | ---- | C] () -- C:\WINDOWS\ACCUGLD5.DLL
[2004/03/19 15:36:18 | 000,026,233 | ---- | C] () -- C:\WINDOWS\ACCUIFGL.DLL
[2004/02/09 04:25:28 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/11/08 18:43:56 | 000,000,005 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DirectCDUserNameD.txt
[2003/07/12 14:19:54 | 000,000,107 | ---- | C] () -- C:\WINDOWS\WEBLINK.INI
[2003/05/14 21:48:41 | 000,000,300 | ---- | C] () -- C:\WINDOWS\vuesav32.ini
[2003/05/14 11:03:50 | 000,004,673 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2003/02/08 21:41:09 | 000,000,036 | ---- | C] () -- C:\WINDOWS\cosdtp.ini
[2003/01/07 00:06:48 | 000,000,026 | ---- | C] () -- C:\WINDOWS\Magic40.INI
[2003/01/01 22:39:36 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2002/12/23 17:11:27 | 000,001,056 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2002/12/23 17:11:26 | 000,000,090 | ---- | C] () -- C:\WINDOWS\calera.ini
[2002/12/22 20:46:27 | 000,006,592 | ---- | C] () -- C:\WINDOWS\gwpreset.ini
[2002/12/22 20:46:27 | 000,001,248 | ---- | C] () -- C:\WINDOWS\goldwave.ini
[2002/12/22 18:25:52 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
[2002/12/21 20:37:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MTSTACK.INI
[2002/12/21 15:19:17 | 000,007,411 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2002/12/19 15:56:11 | 000,009,206 | ---- | C] () -- C:\WINDOWS\NTTuner.ini
[2002/12/19 15:04:25 | 000,269,312 | ---- | C] () -- C:\WINDOWS\System32\FPXIG.DLL
[2002/12/19 15:04:25 | 000,068,096 | ---- | C] () -- C:\WINDOWS\System32\IGFPX32P.DLL
[2002/12/19 15:04:25 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\JPEGACC.DLL
[2002/12/19 15:04:02 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\WELSOF32.DLL
[2002/12/19 00:52:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MusicEditor.INI
[2002/12/19 00:52:36 | 000,001,871 | ---- | C] () -- C:\WINDOWS\mp3maker.INI
[2002/12/19 00:50:45 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2002/12/18 15:13:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\dpcnav.INI
[2002/12/18 15:05:00 | 000,026,112 | ---- | C] () -- C:\WINDOWS\System32\inavevnt.dll
[2002/12/17 19:49:46 | 000,000,896 | ---- | C] () -- C:\WINDOWS\ACROREAD.INI
[2002/12/17 19:49:46 | 000,000,027 | ---- | C] () -- C:\WINDOWS\ACROGRAF.INI
[2002/12/17 00:20:57 | 000,001,952 | ---- | C] () -- C:\WINDOWS\SCANFX.INI
[2002/12/15 20:17:09 | 000,173,056 | ---- | C] () -- C:\Documents and Settings\Wayne\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2002/10/30 15:49:12 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2002/10/08 11:02:24 | 000,001,112 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2002/09/10 10:10:05 | 000,495,616 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2001/07/06 23:47:50 | 000,003,149 | ---- | C] () -- C:\Program Files\ReadMe.txt
[1999/10/06 17:48:28 | 000,016,476 | ---- | C] () -- C:\WINDOWS\System32\Snapv16.drv

========== LOP Check ==========

[2009/11/18 12:51:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2008/08/08 16:59:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eBay
[2010/09/23 20:33:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2009/01/08 23:44:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MediaMonkey
[2009/07/20 23:42:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2008/05/31 14:07:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2009/07/03 20:16:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2010/10/09 20:26:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2010/10/09 11:18:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/05/03 14:59:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2004/09/30 18:25:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2008/08/08 16:43:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WholeSecurity
[2006/11/27 21:24:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\101 Software
[2010/06/06 19:14:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\DeepBurner
[2008/08/08 16:59:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\eBay
[2008/02/19 17:30:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\Forte
[2009/04/01 02:19:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\Foxit
[2010/10/05 13:22:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\Foxit Software
[2009/03/07 02:27:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\GrabPro
[2010/09/09 13:14:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\gtk-2.0
[2009/04/24 13:09:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\hott notes 4
[2010/02/18 22:56:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\ImTOO Software Studio
[2008/09/22 15:35:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\IrfanView
[2009/05/01 13:35:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\K-Meleon
[2010/07/31 10:29:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\Leadertech
[2010/01/18 23:11:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\Leawo
[2006/11/28 09:48:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\M8 Software
[2008/01/25 12:27:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\MP3Rocket
[2010/05/24 15:17:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\Opera
[2009/03/07 03:03:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\Orbit
[2010/09/26 15:51:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\PCToolsFirewallPlus
[2010/01/13 22:34:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\Pegasys Inc
[2010/05/11 05:12:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\STOIK
[2010/09/22 13:59:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\Thunderbird
[2010/05/03 17:02:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\Trusteer
[2002/12/18 03:38:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\Ulead Systems
[2008/12/24 01:59:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wayne\Application Data\XnView

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< %systemroot%\*. /mp /s >

< c:\$recycle.bin\*.* /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-09-29 23:45:45

< MD5 for: AGP440.SYS >
[2004/10/07 21:22:29 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/10/07 21:22:29 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/10/01 13:04:16 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\sp3.cab:AGP440.sys
[2008/04/14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\agp440.sys
[2008/04/14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 01:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2002/08/29 03:50:10 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2004/10/07 21:22:29 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2002/08/29 03:50:10 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp1.cab:atapi.sys
[2004/10/07 21:22:29 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/10/01 13:04:16 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\sp3.cab:atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 00:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2008/04/14 05:42:14 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\cmdcons\autochk.exe
[2008/04/14 05:42:14 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\WINDOWS\ServicePackFiles\i386\autochk.exe
[2008/04/13 19:12:12 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\autochk.exe
[2008/04/14 05:42:14 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\WINDOWS\system32\autochk.exe
[2004/08/04 02:56:47 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=B3415B9D6026F65E43089ABED096C38C -- C:\WINDOWS\$NtServicePackUninstall$\autochk.exe

< MD5 for: BEEP.SYS >
[2001/08/18 07:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\ERDNT\cache\beep.sys
[2001/08/18 07:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\dllcache\beep.sys
[2001/08/18 07:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\eventlog.dll
[2008/04/14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 02:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\explorer.exe
[2007/06/13 06:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004/08/04 02:56:49 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

< MD5 for: IMM32.DLL >
[2008/04/14 05:41:56 | 000,110,080 | ---- | M] (Microsoft Corporation) MD5=0DA85218E92526972A821587E6A8BF8F -- C:\WINDOWS\ERDNT\cache\imm32.dll
[2008/04/14 05:41:56 | 000,110,080 | ---- | M] (Microsoft Corporation) MD5=0DA85218E92526972A821587E6A8BF8F -- C:\WINDOWS\ServicePackFiles\i386\imm32.dll
[2008/04/13 19:11:54 | 000,110,080 | ---- | M] (Microsoft Corporation) MD5=0DA85218E92526972A821587E6A8BF8F -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\imm32.dll
[2008/04/14 05:41:56 | 000,110,080 | ---- | M] (Microsoft Corporation) MD5=0DA85218E92526972A821587E6A8BF8F -- C:\WINDOWS\system32\imm32.dll
[2004/08/04 02:56:42 | 000,110,080 | ---- | M] (Microsoft Corporation) MD5=87CA7CE6469577F059297B9D6556D66D -- C:\WINDOWS\$NtServicePackUninstall$\imm32.dll

< MD5 for: KERNEL32.DLL >
[2007/04/16 11:07:27 | 000,986,112 | ---- | M] (Microsoft Corporation) MD5=09F7CB3687F86EDAA4CA081F7AB66C03 -- C:\WINDOWS\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[2006/07/05 05:57:10 | 000,985,088 | ---- | M] (Microsoft Corporation) MD5=0FDD84928A5DDE2510761B7EC76CCEC9 -- C:\WINDOWS\$hf_mig$\KB917422\SP2QFE\kernel32.dll
[2009/03/21 08:54:07 | 000,989,184 | ---- | M] (Microsoft Corporation) MD5=80202858D245FF07DAA1739C57A3E19B -- C:\WINDOWS\$hf_mig$\KB959426\SP2QFE\kernel32.dll
[2004/08/04 02:56:42 | 000,983,552 | ---- | M] (Microsoft Corporation) MD5=888190E31455FAD793312F8D087146EB -- C:\WINDOWS\$NtUninstallKB917422$\kernel32.dll
[2007/04/16 10:52:53 | 000,984,576 | ---- | M] (Microsoft Corporation) MD5=A01F9CA902A88F7CED06884174D6419D -- C:\WINDOWS\$NtUninstallKB959426_0$\kernel32.dll
[2009/03/21 09:18:57 | 000,986,112 | ---- | M] (Microsoft Corporation) MD5=B6ACAED7588295129791E0E6A2B0FADE -- C:\WINDOWS\$NtServicePackUninstall$\kernel32.dll
[2009/03/21 09:06:58 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=B921FB870C9AC0D509B2CCABBBBE95F3 -- C:\WINDOWS\$hf_mig$\KB959426\SP3GDR\kernel32.dll
[2009/03/21 09:06:58 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=B921FB870C9AC0D509B2CCABBBBE95F3 -- C:\WINDOWS\ERDNT\cache\kernel32.dll
[2009/03/21 09:06:58 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=B921FB870C9AC0D509B2CCABBBBE95F3 -- C:\WINDOWS\system32\dllcache\kernel32.dll
[2009/03/21 09:06:58 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=B921FB870C9AC0D509B2CCABBBBE95F3 -- C:\WINDOWS\system32\kernel32.dll
[2008/04/14 05:41:58 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=C24B983D211C34DA8FCC1AC38477971D -- C:\WINDOWS\$NtUninstallKB959426$\kernel32.dll
[2008/04/14 05:41:58 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=C24B983D211C34DA8FCC1AC38477971D -- C:\WINDOWS\ServicePackFiles\i386\kernel32.dll
[2008/04/13 19:11:56 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=C24B983D211C34DA8FCC1AC38477971D -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\kernel32.dll
[2006/07/05 05:55:01 | 000,984,064 | ---- | M] (Microsoft Corporation) MD5=D8DB5397DE07577C1CB50BA6D23B3AD4 -- C:\WINDOWS\$NtUninstallKB935839$\kernel32.dll
[2009/03/21 08:59:23 | 000,991,744 | ---- | M] (Microsoft Corporation) MD5=DA11D9D6ECBDF0F93436A4B7C13F7BEC -- C:\WINDOWS\$hf_mig$\KB959426\SP3QFE\kernel32.dll

< MD5 for: MSWSOCK.DLL >
[2008/06/20 12:41:10 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=097722F235A1FB698BF9234E01B52637 -- C:\WINDOWS\$NtServicePackUninstall$\mswsock.dll
[2008/06/20 12:36:11 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=1DFCA7713EA5A70D5D93B436AEA0317A -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\mswsock.dll
[2004/08/04 02:56:44 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=4E74AF063C3271FBEA20DD940CFD1184 -- C:\WINDOWS\$NtUninstallKB951748_0$\mswsock.dll
[2008/06/20 12:46:57 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\mswsock.dll
[2008/06/20 12:46:57 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\ERDNT\cache\mswsock.dll
[2008/06/20 12:46:57 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\system32\dllcache\mswsock.dll
[2008/06/20 12:46:57 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\system32\mswsock.dll
[2008/04/14 05:42:02 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=B4138E99236F0F57D4CF49BAE98A0746 -- C:\WINDOWS\$NtUninstallKB951748$\mswsock.dll
[2008/04/14 05:42:02 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=B4138E99236F0F57D4CF49BAE98A0746 -- C:\WINDOWS\ServicePackFiles\i386\mswsock.dll
[2008/04/13 19:12:01 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=B4138E99236F0F57D4CF49BAE98A0746 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\mswsock.dll
[2008/06/20 12:43:05 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=FCEE5FCB99F7C724593365C706D28388 -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\mswsock.dll

< MD5 for: NDIS.SYS >
[2008/04/14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ERDNT\cache\ndis.sys
[2008/04/14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008/04/13 14:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ndis.sys
[2008/04/14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
[2004/08/04 01:14:28 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys

< MD5 for: NETLOGON.DLL >
[2008/04/14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\netlogon.dll
[2008/04/14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2009/02/06 13:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 13:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2004/08/04 02:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: NTFS.SYS >
[2007/02/09 06:23:36 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=05AB81909514BFD69CBB1F2C147CF6B9 -- C:\WINDOWS\$hf_mig$\KB930916\SP2QFE\ntfs.sys
[2007/02/09 06:10:35 | 000,574,464 | ---- | M] (Microsoft Corporation) MD5=19A811EF5F1ED5C926A028CE107FF1AF -- C:\WINDOWS\$NtServicePackUninstall$\ntfs.sys
[2008/04/14 00:45:54 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\ERDNT\cache\ntfs.sys
[2008/04/14 00:45:54 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\ServicePackFiles\i386\ntfs.sys
[2008/04/13 14:15:53 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ntfs.sys
[2008/04/14 00:45:54 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\system32\drivers\ntfs.sys
[2004/08/03 23:15:10 | 000,574,592 | ---- | M] (Microsoft Corporation) MD5=B78BE402C3F63DD55521F73876951CDD -- C:\cmdcons\NTFS.SYS
[2004/08/04 01:15:09 | 000,574,592 | ---- | M] (Microsoft Corporation) MD5=B78BE402C3F63DD55521F73876951CDD -- C:\WINDOWS\$NtUninstallKB930916$\ntfs.sys

< MD5 for: NTMSSVC.DLL >
[2008/04/14 05:42:04 | 000,435,200 | ---- | M] (Microsoft Corporation) MD5=156F64A3345BD23C600655FB4D10BC08 -- C:\WINDOWS\ERDNT\cache\ntmssvc.dll
[2008/04/14 05:42:04 | 000,435,200 | ---- | M] (Microsoft Corporation) MD5=156F64A3345BD23C600655FB4D10BC08 -- C:\WINDOWS\ServicePackFiles\i386\ntmssvc.dll
[2008/04/13 19:12:02 | 000,435,200 | ---- | M] (Microsoft Corporation) MD5=156F64A3345BD23C600655FB4D10BC08 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ntmssvc.dll
[2008/04/14 05:42:04 | 000,435,200 | ---- | M] (Microsoft Corporation) MD5=156F64A3345BD23C600655FB4D10BC08 -- C:\WINDOWS\system32\ntmssvc.dll
[2004/08/04 02:56:44 | 000,435,200 | ---- | M] (Microsoft Corporation) MD5=B62F29C00AC55A761B2E45877D85EA0F -- C:\WINDOWS\$NtServicePackUninstall$\ntmssvc.dll

< MD5 for: PROQUOTA.EXE >
[2004/08/04 02:56:55 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=4D9D45A4370E0C2AD00C362B7118E2A4 -- C:\WINDOWS\$NtServicePackUninstall$\proquota.exe
[2008/04/14 05:42:34 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=F6465A2EEF75468988A4FCF124148FA8 -- C:\WINDOWS\ServicePackFiles\i386\proquota.exe
[2008/04/13 19:12:32 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=F6465A2EEF75468988A4FCF124148FA8 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\proquota.exe
[2008/04/14 05:42:34 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=F6465A2EEF75468988A4FCF124148FA8 -- C:\WINDOWS\system32\proquota.exe

< MD5 for: QMGR.DLL >
[2004/08/04 02:56:44 | 000,382,464 | ---- | M] (Microsoft Corporation) MD5=2C69EC7E5A311334D10DD95F338FCCEA -- C:\WINDOWS\$NtServicePackUninstall$\qmgr.dll
[2008/04/14 05:42:04 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\ERDNT\cache\qmgr.dll
[2008/04/14 05:42:04 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\ServicePackFiles\i386\qmgr.dll
[2008/04/13 19:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\qmgr.dll
[2008/04/14 05:42:04 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\bits\qmgr.dll
[2008/04/14 05:42:04 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\qmgr.dll
[2002/08/29 03:41:10 | 000,221,696 | ---- | M] (Microsoft Corporation) MD5=6A1CF14D0E7D0B2241F552223769C8A7 -- C:\WINDOWS\$NtUninstallKB842773$\qmgr.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 02:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/14 05:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/14 05:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\scecli.dll
[2008/04/14 05:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SFCFILES.DLL >
[2004/08/04 02:56:45 | 001,580,544 | ---- | M] (Microsoft Corporation) MD5=30A609E00BD1D4FFC49D6B5A432BE7F2 -- C:\WINDOWS\$NtServicePackUninstall$\sfcfiles.dll
[2008/04/14 05:42:06 | 001,614,848 | ---- | M] (Microsoft Corporation) MD5=9DD07AF82244867CA36681EA2D29CE79 -- C:\WINDOWS\ERDNT\cache\sfcfiles.dll
[2008/04/14 05:42:06 | 001,614,848 | ---- | M] (Microsoft Corporation) MD5=9DD07AF82244867CA36681EA2D29CE79 -- C:\WINDOWS\ServicePackFiles\i386\sfcfiles.dll
[2008/04/13 19:12:05 | 001,614,848 | ---- | M] (Microsoft Corporation) MD5=9DD07AF82244867CA36681EA2D29CE79 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\sfcfiles.dll
[2008/04/14 05:42:06 | 001,614,848 | ---- | M] (Microsoft Corporation) MD5=9DD07AF82244867CA36681EA2D29CE79 -- C:\WINDOWS\system32\sfcfiles.dll

< MD5 for: SPOOLSV.EXE >
[2010/08/17 08:19:36 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=258DD5D4283FD9F9A7166BE9AE45CE73 -- C:\WINDOWS\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe
[2010/08/17 08:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=60784F891563FB1B767F70117FC2428F -- C:\WINDOWS\ERDNT\cache\spoolsv.exe
[2010/08/17 08:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=60784F891563FB1B767F70117FC2428F -- C:\WINDOWS\system32\dllcache\spoolsv.exe
[2010/08/17 08:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=60784F891563FB1B767F70117FC2428F -- C:\WINDOWS\system32\spoolsv.exe
[2004/08/04 02:56:57 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=7435B108B935E42EA92CA94F59C8E717 -- C:\WINDOWS\$NtUninstallKB896423$\spoolsv.exe
[2005/06/10 19:17:13 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=AD3D9D191AEA7B5445FE1D82FFBB4788 -- C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[2008/04/14 05:42:38 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=D8E14A61ACC1D4A6CD0D38AEBAC7FA3B -- C:\WINDOWS\$NtUninstallKB2347290$\spoolsv.exe
[2008/04/14 05:42:38 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=D8E14A61ACC1D4A6CD0D38AEBAC7FA3B -- C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe
[2008/04/13 19:12:36 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=D8E14A61ACC1D4A6CD0D38AEBAC7FA3B -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\spoolsv.exe
[2005/06/10 18:53:32 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=DA81EC57ACD4CDC3D4C51CF3D409AF9F -- C:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe

< MD5 for: SRSVC.DLL >
[2008/04/14 05:42:08 | 000,171,008 | ---- | M] (Microsoft Corporation) MD5=3805DF0AC4296A34BA4BF93B346CC378 -- C:\WINDOWS\ERDNT\cache\srsvc.dll
[2008/04/14 05:42:08 | 000,171,008 | ---- | M] (Microsoft Corporation) MD5=3805DF0AC4296A34BA4BF93B346CC378 -- C:\WINDOWS\ServicePackFiles\i386\srsvc.dll
[2008/04/13 19:12:07 | 000,171,008 | ---- | M] (Microsoft Corporation) MD5=3805DF0AC4296A34BA4BF93B346CC378 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\srsvc.dll
[2008/04/14 05:42:08 | 000,171,008 | ---- | M] (Microsoft Corporation) MD5=3805DF0AC4296A34BA4BF93B346CC378 -- C:\WINDOWS\system32\srsvc.dll
[2004/08/04 02:56:45 | 000,170,496 | ---- | M] (Microsoft Corporation) MD5=92BDF74F12D6CBEC43C94D4B7F804838 -- C:\WINDOWS\$NtServicePackUninstall$\srsvc.dll

< MD5 for: SVCHOST.EXE >
[2008/04/14 05:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008/04/14 05:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\svchost.exe
[2008/04/14 05:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/04 02:56:57 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: TERMSRV.DLL >
[2004/08/04 02:56:46 | 000,295,424 | ---- | M] (Microsoft Corporation) MD5=B60C877D16D9C880B952FDA04ADF16E6 -- C:\WINDOWS\$NtServicePackUninstall$\termsrv.dll
[2008/04/14 05:42:08 | 000,295,424 | ---- | M] (Microsoft Corporation) MD5=FF3477C03BE7201C294C35F684B3479F -- C:\WINDOWS\ERDNT\cache\termsrv.dll
[2008/04/14 05:42:08 | 000,295,424 | ---- | M] (Microsoft Corporation) MD5=FF3477C03BE7201C294C35F684B3479F -- C:\WINDOWS\ServicePackFiles\i386\termsrv.dll
[2008/04/13 19:12:07 | 000,295,424 | ---- | M] (Microsoft Corporation) MD5=FF3477C03BE7201C294C35F684B3479F -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\termsrv.dll
[2008/04/14 05:42:08 | 000,295,424 | ---- | M] (Microsoft Corporation) MD5=FF3477C03BE7201C294C35F684B3479F -- C:\WINDOWS\system32\termsrv.dll

< MD5 for: USERINIT.EXE >
[2004/08/04 02:56:57 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\userinit.exe
[2008/04/14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: VIAMRAID.SYS >
[2008/07/10 11:19:02 | 000,117,248 | ---- | M] (VIA Technologies inc,.ltd) MD5=00046AA2E396EDC2238556E740A8E5AF -- C:\DRIVERS\VIA_HyperionPro_V520A\VRAIDDrv\2K\viamraid.sys
[2008/07/10 11:19:02 | 000,117,248 | ---- | M] (VIA Technologies inc,.ltd) MD5=00046AA2E396EDC2238556E740A8E5AF -- C:\DRIVERS\VIA_HyperionPro_V520A\VRAIDDrv\drvdisk\x86\NT5\viamraid.sys
[2008/07/10 11:19:02 | 000,117,248 | ---- | M] (VIA Technologies inc,.ltd) MD5=00046AA2E396EDC2238556E740A8E5AF -- C:\DRIVERS\VIA_HyperionPro_V520A\VRAIDDrv\SRV2003\x86\viamraid.sys
[2008/07/10 11:19:02 | 000,117,248 | ---- | M] (VIA Technologies inc,.ltd) MD5=00046AA2E396EDC2238556E740A8E5AF -- C:\DRIVERS\VIA_HyperionPro_V520A\VRAIDDrv\XP\x86\viamraid.sys
[2008/07/23 20:18:28 | 000,137,880 | ---- | M] (VIA Technologies Inc.,Ltd) MD5=0C619F1C0F1D0150C155C3CD7687DC87 -- C:\DRIVERS\VIA_HyperionPro_V520A\VRAIDDrv\drvdisk\VISTA\x86\viamraid.sys
[2008/07/23 20:18:28 | 000,137,880 | ---- | M] (VIA Technologies Inc.,Ltd) MD5=0C619F1C0F1D0150C155C3CD7687DC87 -- C:\DRIVERS\VIA_HyperionPro_V520A\VRAIDDrv\VISTA\x86\viamraid.sys
[2007/12/20 10:02:18 | 000,117,872 | ---- | M] (VIA Technologies inc,.ltd) MD5=923C74DE7CB0B4E060B8748968F9A620 -- C:\DRIVERS\VIA_HyperionPro_V520A\VRAIDDrv\drvdisk\x86\NT4\viamraid.sys
[2007/12/20 10:02:18 | 000,117,872 | ---- | M] (VIA Technologies inc,.ltd) MD5=923C74DE7CB0B4E060B8748968F9A620 -- C:\DRIVERS\VIA_HyperionPro_V520A\VRAIDDrv\NT4\viamraid.sys

< MD5 for: WS2_32.DLL >
[2008/04/14 05:42:12 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\ERDNT\cache\ws2_32.dll
[2008/04/14 05:42:12 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
[2008/04/13 19:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ws2_32.dll
[2008/04/14 05:42:12 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll
[2004/08/04 02:56:46 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=2ED0B7F12A60F90092081C50FA0EC2B2 -- C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll
[2005/10/08 18:36:08 | 000,032,768 | ---- | M] () MD5=EFE5D9AF9156C2E9D92EA1078D529753 -- C:\Program Files\WinMX\ws2_32.dll

< MD5 for: XMLPROV.DLL >
[2008/04/14 05:42:12 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=295D21F14C335B53CB8154E5B1F892B9 -- C:\WINDOWS\ERDNT\cache\xmlprov.dll
[2008/04/14 05:42:12 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=295D21F14C335B53CB8154E5B1F892B9 -- C:\WINDOWS\ServicePackFiles\i386\xmlprov.dll
[2008/04/13 19:12:11 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=295D21F14C335B53CB8154E5B1F892B9 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\xmlprov.dll
[2008/04/14 05:42:12 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=295D21F14C335B53CB8154E5B1F892B9 -- C:\WINDOWS\system32\xmlprov.dll
[2004/08/04 02:56:46 | 000,129,536 | ---- | M] (Microsoft Corporation) MD5=EEF46DAB68229A14DA3D8E73C99E2959 -- C:\WINDOWS\$NtServicePackUninstall$\xmlprov.dll

< %systemroot%\system32\*.dll /lockedfiles >
[943 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8CE646EE
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C31F31E6
< End of report >

OTL Extras logfile created on: 10/9/2010 8:27:40 PM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\Wayne\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 61.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): C:\pagefile.sys 360 720 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 262.56 Gb Free Space | 88.08% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OWNER-X35LSKRDA
Current User Name: Wayne
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- C:\PROGRA~1\MOZILL~2\FIREFOX.EXE -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- C:\PROGRA~1\MOZILL~2\FIREFOX.EXE -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with XnView] -- Reg Error: Value error.
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\PROGRA~1\MEDIAM~1\MEDIAM~2.EXE" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\PROGRA~1\MEDIAM~1\MEDIAM~2.EXE" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\PROGRA~1\MEDIAM~1\MEDIAM~2.EXE" /ADD "%1" (Ventis Media Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UpdatesDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" = C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:Malwarebytes' Anti-Malware -- (Malwarebytes Corporation)
"C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe" = C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe:*:Enabled:SiSoftware Deployment Agent Service -- (SiSoftware)
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Disabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" = C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe:*:Enabled:SUPERAntiSpyware Free Edition -- (SUPERAntiSpyware.com)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\AVG\AVG9\avgemc.exe" = C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\WNt500x86\RpcSandraSrv.exe" = C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\WNt500x86\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service -- (SiSoftware)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0E66AFD6-5E76-4FDB-BB7B-05871F5CDFE3}" = ArcSoft ShowBiz DVD 2
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1D2C96C3-A3F3-49E7-B839-95279DED837F}" = Opera 10.60
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F85CAAA-B786-4E5B-AADD-638856992EF3}" = Opera 10.53
"{22DEF4A1-7A4E-42C8-BC27-6F14CA63E6FF}" = Accusoft PICVideo Motion JPEG 4
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v. 1.3.1249.0
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 21
"{2BA00471-0328-3743-93BD-FA813353A783}" = Microsoft .NET Framework 3.0 Service Pack 1
"{2FC099BD-AC9B-33EB-809C-D332E1B27C40}" = Microsoft .NET Framework 3.5
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3A1AB8E6-748E-4B95-AA2D-FE9952EB3106}" = OLYMPUS Master 2
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{428102E6-8A39-48B9-8389-847F5A44A600}" = MSXML 4.0
"{48B0F38D-1913-44F3-99AA-D4C55A2B038E}" = Drive Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{54BB0384-1C33-488F-A95B-877E480D3EDC}" = MSXML 4.0
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{647AC9E7-F65F-45B6-ADB1-17786D222247}" = STOPzilla
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{7D42B43A-EA63-4234-B00A-757C15B2B185}_is1" = Leawo AVI Converter version 2.2.0.2
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{838F0053-8744-4B63-8819-CC44C06308AC}" = Visualizer Photo Resize
"{85F49DC5-81F1-11D5-B626-0010B5557563}" = Ulead DVD MovieFactory SE
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{9604876E-6DF3-11D9-9526-CC60569E6209}" = DupDetector
"{9C4DE53B-FF00-4213-9C7A-8771877CCA72}" = CSTDT600MA
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AAF4238F-7C29-451D-9925-C753271A5728}" = Microsoft Visual C++ Run Time Lib Setup
"{AC76BA86-7AD7-1033-7B44-A70900000002}" = Adobe Reader 7.0.9
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B8B4D43C-EAA0-4EEC-B93E-D4D012316286}" = Free DWG Viewer 6.3
"{BCC5DC79-2275-4171-8CEA-39F0DD9ADF58}" = USB Video/Audio Device Driver
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2196}_is1" = SiSoftware Sandra Lite XII.SP2c
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}" = Windows Resource Kit Tools - SubInAcl.exe
"{D4576E0D-2295-4B8E-B663-B68086B00EE5}" = Sonic CinePlayer DVD Pack
"{E1E502E2-C006-49DB-9C0C-F2196E51826F}_is1" = Rootkit Unhooker LE 3.8 SR 2
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F59AC46C-10C3-4023-882C-4212A92283B3}_is1" = Lagarith Lossless Codec (1.3.20)
"7-Zip" = 7-Zip 4.65
"A Simple Unit Converter_is1" = A Simple Unit Converter 0.97.00 Beta
"AbiWord2" = "AbiWord 2.0.6 (remove only)"
"AC3Filter" = AC3Filter (remove only)
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"AltoMP3 Gold" = AltoMP3 Gold 5.20
"Audacity_is1" = Audacity 1.2.3
"AutoCAD R14.0 Uninstall" = AutoCAD R14.0
"AVG9Uninstall" = AVG Free 9.0
"Battle Master_is1" = Battle Master 2.0
"BtcMaestro" = KeyMaestro Input Device Driver V2.1.1-126A6 MUL
"CANONBJ_Deinstall" = BJ Printer Driver
"CCleaner" = CCleaner
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2009-09-09
"Cool Timer_is1" = Cool Timer 3.6
"CPUID HWMonitor_is1" = CPUID HWMonitor 1.16
"CutePDF Writer Installation" = CutePDF Writer 2.2
"DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DVD Flick_is1" = DVD Flick 1.3.0.7
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDStyler_is1" = DVDStyler v1.8.1
"EndItAll_is1" = EndItAll 2.0
"ERUNT_is1" = ERUNT 1.1j
"ESET Online Scanner" = ESET Online Scanner v3
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"ffdshow" = ffdshow (remove only)
"Forte Agent" = Forté Agent
"Foxit PDF Editor" = Foxit PDF Editor
"Foxit Reader" = Foxit Reader
"Free Mp3/Wma/Ogg Converter_is1" = Free Mp3/Wma/Ogg Converter 4.0.1
"Free Video Converter_is1" = Free Video Converter V 1.0
"Free WMV to AVI MPEG Converter_is1" = Free WMV to AVI MPEG Converter v1.2
"GoldWave v4.26" = GoldWave v4.26
"HijackThis" = HijackThis 2.0.2
"HitmanPro35" = Hitman Pro 3.5
"hott notes 4" = hott notes 4
"HP Photo Imaging Software" = HP Photo Imaging Software
"HUFFYUV" = Huffyuv AVI lossless video codec (Remove Only)
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{22DEF4A1-7A4E-42C8-BC27-6F14CA63E6FF}" = Accusoft PICVideo Motion JPEG 4
"InstallShield_{48B0F38D-1913-44F3-99AA-D4C55A2B038E}" = Drive Manager
"InstallShield_{BCC5DC79-2275-4171-8CEA-39F0DD9ADF58}" = USB Video/Audio Device Driver
"IrfanView" = IrfanView (remove only)
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.6.1 (Full)
"LarrysAnyTextFileIndexer" = Larry's Any Text File Indexer
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaMonkey_is1" = MediaMonkey 3.1
"Microsoft .NET Framework 3.5" = Microsoft .NET Framework 3.5
"MoffFreeCalc_is1" = Moffsoft FreeCalc
"MovieJoiner" = Movie Joiner
"Mozilla Firefox (2.0.0.20)" = Mozilla Firefox (2.0.0.20)
"Mozilla Thunderbird (2.0.0.24)" = Mozilla Thunderbird (2.0.0.24)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MTS Accelerator" = MTS Accelerator
"Neat Video for VirtualDub_is1" = Neat Video v2.2 Home plug-in for VirtualDub
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OneTouch Version 3.0" = OneTouch Version 3.0
"OpticPro Key" = OpticPro 4830P
"P4M266" = ProSavageDDR and Utilities
"PaperPort 7.02" = PaperPort 7.02
"PC Tools Firewall Plus" = PC Tools Firewall Plus 6.0
"POSTER_is1" = 7.9
"QuickPar" = QuickPar 0.9
"RealAlt_is1" = Real Alternative 1.9.0
"Revo Uninstaller" = Revo Uninstaller 1.88
"S3Display" = S3Display
"S3Gamma2" = S3Gamma2
"S3Info2" = S3Info2
"S3Overlay" = S3Overlay
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"Snowflakes_is1" = Snowflakes Screensaver
"SpywareBlaster_is1" = SpywareBlaster 4.4
"Super Video Joiner_is1" = Super Video Joiner 2.0
"Ultra QuickTime Converter_is1" = Ultra QuickTime Converter 1.3.6
"UndeletePlus_is1" = Undelete Plus 2.94
"Unlocker" = Unlocker 1.8.7
"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast-Ethernet Adapter
"VuePrint" = VuePrint
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.10
"WinGTK-2_is1" = GTK+ 2.6.7 runtime environment
"WinPcapInst" = WinPcap 4.0.2
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XviD" = XviD MPEG-4 Codec
"XXClone" = XXClone ver 0.58.0
"Yule Log" = Yule Log Screen Saver

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/29/2010 7:33:25 PM | Computer Name = OWNER-X35LSKRDA | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb982865,
P2 1033, P3 1605, P4 msi, P5 f, P6 9.0.40302.0, P7 install, P8 x86, P9 xp, P10
0.

Error - 9/29/2010 7:45:32 PM | Computer Name = OWNER-X35LSKRDA | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb983582,
P2 1033, P3 1605, P4 msi, P5 f, P6 9.0.40302.0, P7 install, P8 x86, P9 xp, P10
0.

Error - 9/29/2010 7:45:43 PM | Computer Name = OWNER-X35LSKRDA | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb982865,
P2 1033, P3 1605, P4 msi, P5 f, P6 9.0.40302.0, P7 install, P8 x86, P9 xp, P10
0.

Error - 9/30/2010 11:15:03 AM | Computer Name = OWNER-X35LSKRDA | Source = Ci | ID = 4128
Description = Error 2147942414 detected in content index on c:\system volume information\catalog.wci.

Error - 9/30/2010 8:11:48 PM | Computer Name = OWNER-X35LSKRDA | Source = Application Error | ID = 1000
Description = Faulting application javara.exe, version 1.16.1.1763, faulting module
ntdll.dll, version 5.1.2600.5755, fault address 0x0000100b.

Error - 9/30/2010 8:12:17 PM | Computer Name = OWNER-X35LSKRDA | Source = Application Error | ID = 1001
Description = Fault bucket 1987575260.

Error - 9/30/2010 9:47:45 PM | Computer Name = OWNER-X35LSKRDA | Source = Ci | ID = 4128
Description = Error 2147942414 detected in content index on c:\system volume information\catalog.wci.

Error - 10/1/2010 3:32:19 PM | Computer Name = OWNER-X35LSKRDA | Source = Ci | ID = 4128
Description = Error 2147942414 detected in content index on c:\system volume information\catalog.wci.

Error - 10/2/2010 10:58:24 AM | Computer Name = OWNER-X35LSKRDA | Source = Ci | ID = 4128
Description = Error 2147942414 detected in content index on c:\system volume information\catalog.wci.

Error - 10/3/2010 12:31:36 PM | Computer Name = OWNER-X35LSKRDA | Source = Ci | ID = 4128
Description = Error 2147942414 detected in content index on c:\system volume information\catalog.wci.

[ System Events ]
Error - 10/7/2010 1:06:46 PM | Computer Name = OWNER-X35LSKRDA | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
viaagp ViaIde

Error - 10/8/2010 1:15:42 PM | Computer Name = OWNER-X35LSKRDA | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%126

Error - 10/8/2010 1:16:04 PM | Computer Name = OWNER-X35LSKRDA | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
viaagp ViaIde

Error - 10/8/2010 3:35:57 PM | Computer Name = OWNER-X35LSKRDA | Source = Service Control Manager | ID = 7000
Description = The afroruob service failed to start due to the following error: %%2

Error - 10/9/2010 3:08:10 AM | Computer Name = OWNER-X35LSKRDA | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%126

Error - 10/9/2010 3:08:26 AM | Computer Name = OWNER-X35LSKRDA | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
viaagp ViaIde

Error - 10/9/2010 3:20:56 AM | Computer Name = OWNER-X35LSKRDA | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%126

Error - 10/9/2010 3:21:17 AM | Computer Name = OWNER-X35LSKRDA | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
viaagp ViaIde

Error - 10/9/2010 12:17:53 PM | Computer Name = OWNER-X35LSKRDA | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%126

Error - 10/9/2010 12:18:15 PM | Computer Name = OWNER-X35LSKRDA | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
viaagp ViaIde

< End of report >

SuperDave · « **Reply #27 on:** October 10, 2010, 06:50:14 PM »

* Open OTL
* Copy and Paste the following text in the codebox into the Custom Scans/Fixes window.

Code: [Select]

:OTL
FF - prefs.js..keyword.URL: "http://www.veerboo.com/results.php?q="
O15 - HKCU\..Trusted Domains:   ([]msn in My Computer)
:Files
C:\Temp

:COMMANDS
[resethosts]
[purity]
[clearrestorepoints]
[emptytemp]
[start explorer]

* Click Run Fix
* OTLI2 may ask to reboot the machine. Please do so if asked.
* Click OK
* A report will open. Copy and Paste that report in your next reply.

jwfilion · « **Reply #28 on:** October 11, 2010, 03:36:25 AM »

SuperDave, something has happened, something serious I think. I did as you asked, I copied and pasted the lines into OTL and ran the fix. Almost immediately, an error window popped up saying that the host file could not be found or opened. I don't remember the exact wording. I did a PrintScreen to post it, however the computer locked up when I clicked the OK button. The interface remained and the bottom bar said that OTL was resetting the host files and not to interrupt it. I left it to do it's job, as I was called away on business. Five hours later, when I returned, it was still running. I finally took the hint that it wasn't working properly. When I minimized it, to see if there was another screen beneath it, I found that all my desktop icons had disappeared, and then discovered that I could not restore OTL. There was no response from my computer at all. I finally had to turn it off. On reboot, I discovered the log from OTL on the desktop. When I went online to try and report it, I also found that all my proxy server settings were disabled or changed. I tried to restore them, but they can't be saved, I have to input them each time I go online. Something has definitely happened. Below is the OTL report...

Files\Folders moved on Reboot...
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.

Registry entries deleted on Reboot...

I hope you can figure this out.

jwfilion · « **Reply #29 on:** October 11, 2010, 12:18:09 PM »

Apparently, there was no "fix". I just got jacked again, but at least my setting were saved. No problem with proxy server today.

Computer Hope Forum

News:

Author Topic: Please help, being hijacked while web surfing... (Read 31469 times)

SuperDave

Re: Please help, being hijacked while web surfing...

jwfilion

Re: Please help, being hijacked while web surfing...

SuperDave

Re: Please help, being hijacked while web surfing...

jwfilion

Re: Please help, being hijacked while web surfing...

SuperDave

Re: Please help, being hijacked while web surfing...

jwfilion

Re: Please help, being hijacked while web surfing...

SuperDave

Re: Please help, being hijacked while web surfing...

jwfilion

Re: Please help, being hijacked while web surfing...

jwfilion

Re: Please help, being hijacked while web surfing...

SuperDave

Re: Please help, being hijacked while web surfing...

jwfilion

Re: Please help, being hijacked while web surfing...

jwfilion

Re: Please help, being hijacked while web surfing...

SuperDave

Re: Please help, being hijacked while web surfing...

jwfilion

Re: Please help, being hijacked while web surfing...

jwfilion

Re: Please help, being hijacked while web surfing...