 |
Spyware Warrior
Help with Spyware, Hijacking & Other Internet Nuisances
|
| View previous topic :: View next topic |
| Author |
Message |
ganther
Newbie
Joined: 08 Oct 2011
Last Visit: 11 Oct 2011
Posts: 7
|
 Posted: Sat Oct 08, 2011 7:59 am Post subject: Another Redirect with firefox |
 |
|
First Thanks in advance
Problem is when I used the navigation tool bar to search on Google any link would redirect to some ad site but if I did a search using Google's home page it would not redirect. Yesterday the Google home page started to redirect as well as Firefox's navigation bar.
Also on log in I am getting this message poping up in a notepad type window [.ShellClassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21787
I have noticed in the start --> all programs alot of my folders are empty.
Also in task manager I have a svchost.exe that is using way to much memory I leaks up to 1Gb most times I catch it at 500mb
And last thing I can see is I am missing computer management under administrator tools.
I have been fighting with this for 3 weeks and need help.
Here is the DDS log
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_20
Run by Ganther at 10:26:01 on 2011-10-08
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1161 [GMT -5:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: avast! antivirus 4.7.1098 [VPS 111008-0] *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uWindow Title =
mDefault_Search_URL = hxxp://www.google.com/ie
mWindow Title =
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {D593DE91-7B41-45C2-830E-E9A99AB142AA} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {00000055-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/fhg.CAB
DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://fb.familylink.com/we_are_related/stream/core/lib/AurigmaImageUploader/ImageUploader5.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1282711757643
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1282711745283
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://www.walmartphotocentre.ca/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {C86FF4B0-AA1D-46D4-8612-025FB86583C7} - hxxp://zone.msn.com/bingame/jobo/default/AstoundLauncher.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{9F00E4F3-412C-46F1-A20B-E6D95AC97B0E} : DhcpNameServer = 192.168.1.1
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\ganther\application data\mozilla\firefox\profiles\b6hj97cb.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=ConduitEngine&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=119&systemid=406&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\documents and settings\ganther\application data\mozilla\firefox\profiles\b6hj97cb.default\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\nos\bin\np_gp.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Garmin Communicator: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E} - %profile%\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-10-7 64512]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2007-3-9 140664]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-11-30 54752]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-8-18 2151640]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2007-3-9 247160]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2007-3-9 345464]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-8-18 15232]
S0 hcelqvs;hcelqvs;c:\windows\system32\drivers\yhclm.sys --> c:\windows\system32\drivers\yhclm.sys [?]
S3 dcdbas;System Management Driver;c:\windows\system32\drivers\dcdbas32.sys --> c:\windows\system32\drivers\dcdbas32.sys [?]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\eaglexnt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 SaiH0464;SaiH0464;c:\windows\system32\drivers\SaiH0464.sys [2005-11-3 176640]
S3 SiwvidStart;SiwvidStart;\??\c:\docume~1\ganther\locals~1\temp\_istmp1.dir\_istmp0.dir\siwvid.sys --> c:\docume~1\ganther\locals~1\temp\_istmp1.dir\_istmp0.dir\siwvid.sys [?]
S4 Licmgm;Licmgm;c:\windows\system32\drivers\crusoe.sys [2004-8-3 36736]
S4 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2004-8-4 14336]
S4 Winsermtaasu;Winsermtaasu; [x]
.
=============== Created Last 30 ================
.
2011-10-08 12:38:20 642 ---ha-w- C:\aaw7boot.cmd
2011-10-07 23:25:35 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-10-07 19:58:45 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-10-07 19:55:34 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-10-07 19:55:01 -------- d-----w- c:\program files\Lavasoft
2011-10-07 19:49:22 -------- d-----w- c:\documents and settings\ganther\application data\SUPERAntiSpyware.com
2011-10-07 19:48:49 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-10-07 19:48:49 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2011-10-03 03:47:25 -------- d-----w- c:\program files\Hidden Object Crosswords
2011-09-27 23:26:48 -------- d-----w- c:\documents and settings\ganther\application data\thTXwjUCeItPyAi
2011-09-27 23:26:48 -------- d-----w- c:\documents and settings\ganther\application data\kS2ibD3pn5Q6W8R
2011-09-27 04:58:11 -------- d-----w- c:\documents and settings\ganther\application data\uCCCellIBrzN
2011-09-27 04:58:11 -------- d-----w- c:\documents and settings\ganther\application data\H1uuvDD2onFpm5s
2011-09-24 19:48:02 -------- d-----w- c:\windows\system32\rH6sWK7fE9TqYeI
2011-09-16 05:01:08 -------- d-----w- c:\windows\system32\CatRoot2
2011-09-12 23:10:56 709968 ----a-w- c:\windows\isRS-000.tmp
.
==================== Find3M ====================
.
2011-09-04 21:09:41 0 ----a-w- c:\documents and settings\all users\application data\xwqp.exe
2011-09-04 21:09:41 0 ----a-w- c:\documents and settings\all users\application data\tnyt.exe
2011-09-04 21:09:41 0 ----a-w- c:\documents and settings\all users\application data\htgh.exe
2011-09-04 21:09:41 0 ----a-w- c:\documents and settings\all users\application data\erux.exe
2011-08-31 22:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-10 07:13:32 445 ----a-w- c:\program files\081020112133190.bat
2011-08-10 06:39:06 709968 ----a-w- c:\windows\is-8COC9.exe
2011-07-12 16:20:54 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 16:20:54 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-07-12 16:20:54 178536 ----a-w- c:\windows\system32\dnssdX.dll
2010-11-04 12:58:48 440 ----a-w- c:\program files\110420107584871.bat
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST3200822AS rev.3.01 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-5
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8A65B4D0]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8a6617d0]; MOV EAX, [0x8a66184c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 nt!IofCallDriver[0x804E13B9] -> \Device\Harddisk0\DR0[0x8A6F6AB8]
3 CLASSPNP[0xF7637FD7] -> nt!IofCallDriver[0x804E13B9] -> [0x8A6F6448]
\Driver\atapi[0x8A6E3F38] -> IRP_MJ_CREATE -> 0x8A65B4D0
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x8A65B31B
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 10:28:53.87 =============== |
|
| Back to top |
|
 |
Gary R
Moderator
Joined: 03 May 2005
Last Visit: 22 May 2013
Posts: 9700
Location: Yorkshire
|
| Posted: Sat Oct 08, 2011 4:59 pm Post subject: |
|
|
Looking over your log, back soon.
_________________
Gary R Administrator at Malware Removal University
If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations |
|
| Back to top |
|
|
Gary R
Moderator
Joined: 03 May 2005
Last Visit: 22 May 2013
Posts: 9700
Location: Yorkshire
|
| Posted: Sat Oct 08, 2011 5:05 pm Post subject: |
|
|
| Quote: |
Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.
If you think you have similar problems, please post a log in the "Help with spyware removal" forum and wait for help.
Unless informed of in advance, failure to post replies within 3 days will result in this thread being closed. |
Hi ganther
I'm Gary R, I'll be glad to help you with your computer problems.
Before we start: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.
Because of this, I advise you to backup any personal files and folders before you start.
Please observe these rules while we work:
- Perform all actions in the order given.
- If you don't know, stop and ask! Don't keep going on.
- Please reply to this thread. Do not start a new topic.
- Stick with it till you're given the all clear.
- Remember, absence of symptoms does not mean the infection is all gone.
- Don't attempt to install any new software (other than those I ask you to) until we've got your computer clean.
- Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process. If your defensive programmes warn you about any of those tools, be assured that they are not infected, and are safe to use.
If you can do these things, everything should go smoothly.
- If you're using XP, you'll need Administrator privileges to perform the fixes. (XP accounts are Administrator by default)
- If you're using Vista or Windows7, it will be necessary to right click all tools we use and select ----> Run as Administrator
Important As I said earlier removing Malware is a potentially hazardous thing to do, so to increase our chances of recovery in the event of something unexpected happening, I'd like you to make a backup of your Registry before we start to clean your computer.
- Download ERUNT to your desktop
- Alternate Download
- Double-click on erunt_setup.exe to install the program
- Untick the NTREGOPT desktop shortcut option
- Click No when you get the option to run Erunt at Windows startup.
- During the installation, tick Launch Erunt.
- Accept the default options for running a backup.
- Erunt will then backup your registry.
- Click OK to finish.
- If you are unable to back up your Registry with ERUNT ....
- Let me know.
- Do not follow any further instructions until I tell you to.
| Quote: |
| It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them. |
Looks like you might have one of the TDL rootkit infections, we need to check first before attempting any removal.
Download TDSSKiller.zip and extract it to your Desktop.
- Double click on TDSSKiller.exe to launch it.
- If using Vista or Windows7, when prompted by UAC allow the prompt.
- Click on Start Scan
- The scan will run.
- When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
- Now click on Report to open the log file created by TDSSKiller in your root directory C:\
- Post the contents in your next reply please.
- DO NOT TRY TO FIX ANYTHING AT THIS POINT
Next
Download OTL by OldTimer to your Desktop.
If you already have a copy of OTL delete it and use this version.
- Double click OTL.exe to launch the programme.
- Check the following.
- Scan all users.
- Standard Output.
- Lop check.
- Purity check.
- Under Extra Registry section, select Use SafeList
- Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins).
- When finished it will produce two logs.
- OTL.txt (open on your desktop).
- Extras.txt (minimised in your taskbar)
- Please post me both logs.
Summary of the logs I need from you in your next post:
- TDSSKiller log
- OTL.txt
- Extras.txt
Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
_________________
Gary R Administrator at Malware Removal University
If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations |
|
| Back to top |
|
|
ganther
Newbie
Joined: 08 Oct 2011
Last Visit: 11 Oct 2011
Posts: 7
|
| Posted: Mon Oct 10, 2011 7:26 am Post subject: |
|
|
Thanks Gary for your help here are the logs you requested..
10:14:54.0468 3312 TDSS rootkit removing tool 2.6.7.0 Oct 10 2011 09:40:06
10:14:54.0859 3312 ============================================================
10:14:54.0859 3312 Current date / time: 2011/10/10 10:14:54.0859
10:14:54.0859 3312 SystemInfo:
10:14:54.0859 3312
10:14:54.0859 3312 OS Version: 5.1.2600 ServicePack: 3.0
10:14:54.0859 3312 Product type: Workstation
10:14:54.0859 3312 ComputerName: BOB
10:14:54.0859 3312 UserName: Ganther
10:14:54.0859 3312 Windows directory: C:\WINDOWS
10:14:54.0859 3312 System windows directory: C:\WINDOWS
10:14:54.0859 3312 Processor architecture: Intel x86
10:14:54.0859 3312 Number of processors: 2
10:14:54.0859 3312 Page size: 0x1000
10:14:54.0859 3312 Boot type: Normal boot
10:14:54.0859 3312 ============================================================
10:14:54.0953 3312 Initialize success
10:15:03.0828 2132 ============================================================
10:15:03.0828 2132 Scan started
10:15:03.0828 2132 Mode: Manual;
10:15:03.0828 2132 ============================================================
10:15:09.0234 2132 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys
10:15:09.0234 2132 61883 - ok
10:15:09.0328 2132 Aavmker4 (d301f57713a0f6f8a3295ae6ebb69617) C:\WINDOWS\system32\drivers\Aavmker4.sys
10:15:09.0328 2132 Aavmker4 - ok
10:15:09.0359 2132 Abiosdsk - ok
10:15:09.0421 2132 abp480n5 - ok
10:15:09.0531 2132 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
10:15:09.0531 2132 ACPI - ok
10:15:09.0578 2132 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
10:15:09.0578 2132 ACPIEC - ok
10:15:09.0656 2132 adpu160m - ok
10:15:09.0687 2132 aeaudio (e696e749bedcda8b23757b8b5ea93780) C:\WINDOWS\system32\drivers\aeaudio.sys
10:15:09.0687 2132 aeaudio - ok
10:15:09.0718 2132 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
10:15:09.0734 2132 aec - ok
10:15:09.0828 2132 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
10:15:09.0843 2132 AFD - ok
10:15:09.0890 2132 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
10:15:09.0890 2132 agp440 - ok
10:15:09.0906 2132 Aha154x - ok
10:15:09.0921 2132 aic78u2 - ok
10:15:09.0937 2132 aic78xx - ok
10:15:09.0968 2132 AliIde - ok
10:15:09.0984 2132 amsint - ok
10:15:10.0109 2132 AnyDVD (86ece8782f9ed297908bd89275bb06eb) C:\WINDOWS\system32\Drivers\AnyDVD.sys
10:15:10.0109 2132 AnyDVD - ok
10:15:10.0156 2132 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
10:15:10.0156 2132 Arp1394 - ok
10:15:10.0187 2132 asc - ok
10:15:10.0203 2132 asc3350p - ok
10:15:10.0234 2132 asc3550 - ok
10:15:10.0281 2132 aswMon2 (71785f529c7b251b188245843bbf85db) C:\WINDOWS\system32\drivers\aswMon2.sys
10:15:10.0281 2132 aswMon2 - ok
10:15:10.0312 2132 aswRdr (7bab4923cabb4404bf05fd111e75e49b) C:\WINDOWS\system32\drivers\aswRdr.sys
10:15:10.0312 2132 aswRdr - ok
10:15:10.0328 2132 aswTdi (e8a2678eab78c2060d5eb26803667dc2) C:\WINDOWS\system32\drivers\aswTdi.sys
10:15:10.0328 2132 aswTdi - ok
10:15:10.0375 2132 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
10:15:10.0375 2132 AsyncMac - ok
10:15:10.0531 2132 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
10:15:10.0531 2132 atapi - ok
10:15:10.0640 2132 Atdisk - ok
10:15:11.0406 2132 ati2mtag (662c08fef641d8d6e9dcdb39168895b0) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
10:15:11.0453 2132 ati2mtag - ok
10:15:11.0546 2132 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
10:15:11.0546 2132 Atmarpc - ok
10:15:11.0734 2132 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
10:15:11.0750 2132 audstub - ok
10:15:12.0062 2132 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys
10:15:12.0062 2132 Avc - ok
10:15:12.0187 2132 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
10:15:12.0187 2132 Beep - ok
10:15:12.0375 2132 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
10:15:12.0375 2132 cbidf2k - ok
10:15:12.0453 2132 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
10:15:12.0453 2132 CCDECODE - ok
10:15:12.0515 2132 cd20xrnt - ok
10:15:12.0656 2132 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
10:15:12.0656 2132 Cdaudio - ok
10:15:12.0718 2132 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
10:15:12.0734 2132 Cdfs - ok
10:15:12.0765 2132 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
10:15:12.0765 2132 Cdrom - ok
10:15:12.0781 2132 Changer - ok
10:15:12.0812 2132 CmdIde - ok
10:15:12.0843 2132 Cpqarray - ok
10:15:12.0875 2132 dac2w2k - ok
10:15:12.0906 2132 dac960nt - ok
10:15:12.0921 2132 dcdbas - ok
10:15:12.0968 2132 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
10:15:12.0968 2132 Disk - ok
10:15:13.0062 2132 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
10:15:13.0078 2132 dmboot - ok
10:15:13.0093 2132 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
10:15:13.0093 2132 dmio - ok
10:15:13.0140 2132 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
10:15:13.0140 2132 dmload - ok
10:15:13.0187 2132 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
10:15:13.0187 2132 DMusic - ok
10:15:13.0203 2132 dpti2o - ok
10:15:13.0234 2132 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
10:15:13.0234 2132 drmkaud - ok
10:15:13.0265 2132 EagleNT - ok
10:15:13.0281 2132 EagleXNt - ok
10:15:13.0359 2132 EL2000 (d0c7f8ca97d16263d434d943b4b7004f) C:\WINDOWS\system32\DRIVERS\EL2K_XP.sys
10:15:13.0359 2132 EL2000 - ok
10:15:13.0406 2132 ElbyCDFL (c6659672dff00368db73b73519486156) C:\WINDOWS\system32\Drivers\ElbyCDFL.sys
10:15:13.0406 2132 ElbyCDFL - ok
10:15:13.0437 2132 ElbyCDIO (24fe18891c173a7c76426d08d2b0630e) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
10:15:13.0437 2132 ElbyCDIO - ok
10:15:13.0500 2132 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
10:15:13.0515 2132 Fastfat - ok
10:15:13.0531 2132 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
10:15:13.0531 2132 Fdc - ok
10:15:13.0546 2132 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
10:15:13.0546 2132 Fips - ok
10:15:13.0593 2132 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
10:15:13.0593 2132 Flpydisk - ok
10:15:13.0640 2132 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
10:15:13.0640 2132 FltMgr - ok
10:15:13.0734 2132 fssfltr (c6ee3a87fe609d3e1db9dbd072a248de) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
10:15:13.0734 2132 fssfltr - ok
10:15:13.0859 2132 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
10:15:13.0859 2132 Fs_Rec - ok
10:15:13.0968 2132 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
10:15:13.0968 2132 Ftdisk - ok
10:15:14.0046 2132 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
10:15:14.0046 2132 GEARAspiWDM - ok
10:15:14.0078 2132 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
10:15:14.0078 2132 Gpc - ok
10:15:14.0093 2132 hcelqvs - ok
10:15:14.0171 2132 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
10:15:14.0171 2132 hidusb - ok
10:15:14.0203 2132 hpn - ok
10:15:14.0281 2132 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
10:15:14.0281 2132 HTTP - ok
10:15:14.0312 2132 i2omgmt - ok
10:15:14.0328 2132 i2omp - ok
10:15:14.0375 2132 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
10:15:14.0375 2132 i8042prt - ok
10:15:14.0437 2132 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
10:15:14.0437 2132 Imapi - ok
10:15:14.0468 2132 InCDFs - ok
10:15:14.0500 2132 InCDPass - ok
10:15:14.0531 2132 InCDRm - ok
10:15:14.0562 2132 ini910u - ok
10:15:14.0609 2132 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
10:15:14.0609 2132 IntelIde - ok
10:15:14.0656 2132 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
10:15:14.0656 2132 intelppm - ok
10:15:14.0703 2132 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
10:15:14.0703 2132 Ip6Fw - ok
10:15:14.0750 2132 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
10:15:14.0765 2132 IpFilterDriver - ok
10:15:14.0781 2132 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
10:15:14.0781 2132 IpInIp - ok
10:15:14.0859 2132 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
10:15:14.0859 2132 IpNat - ok
10:15:14.0921 2132 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
10:15:14.0921 2132 IPSec - ok
10:15:14.0953 2132 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
10:15:14.0953 2132 IRENUM - ok
10:15:15.0000 2132 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
10:15:15.0000 2132 isapnp - ok
10:15:15.0046 2132 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
10:15:15.0046 2132 Kbdclass - ok
10:15:15.0078 2132 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
10:15:15.0078 2132 kbdhid - ok
10:15:15.0156 2132 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
10:15:15.0171 2132 kmixer - ok
10:15:15.0203 2132 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
10:15:15.0203 2132 KSecDD - ok
10:15:15.0328 2132 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
10:15:15.0328 2132 Lavasoft Kernexplorer - ok
10:15:15.0437 2132 Lbd (336abe8721cbc3110f1c6426da633417) C:\WINDOWS\system32\DRIVERS\Lbd.sys
10:15:15.0437 2132 Lbd - ok
10:15:15.0453 2132 lbrtfdc - ok
10:15:15.0515 2132 MBAMSwissArmy - ok
10:15:15.0609 2132 mcdbus (af61a1c34e2d3f7543f9ccfc323170b8) C:\WINDOWS\system32\DRIVERS\mcdbus.sys
10:15:15.0609 2132 mcdbus - ok
10:15:15.0656 2132 MidiSyn (63c34814492aa65fc517b002de77b191) C:\WINDOWS\system32\drivers\MidiSyn.sys
10:15:15.0656 2132 MidiSyn - ok
10:15:15.0687 2132 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
10:15:15.0687 2132 mnmdd - ok
10:15:15.0781 2132 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
10:15:15.0781 2132 Modem - ok
10:15:15.0828 2132 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
10:15:15.0828 2132 Mouclass - ok
10:15:15.0875 2132 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
10:15:15.0875 2132 mouhid - ok
10:15:16.0015 2132 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
10:15:16.0015 2132 MountMgr - ok
10:15:16.0031 2132 mraid35x - ok
10:15:16.0062 2132 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
10:15:16.0062 2132 MRxDAV - ok
10:15:16.0187 2132 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
10:15:16.0187 2132 MRxSmb - ok
10:15:16.0234 2132 MSDV (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys
10:15:16.0234 2132 MSDV - ok
10:15:16.0265 2132 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
10:15:16.0265 2132 Msfs - ok
10:15:16.0312 2132 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
10:15:16.0312 2132 MSKSSRV - ok
10:15:16.0343 2132 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
10:15:16.0359 2132 MSPCLOCK - ok
10:15:16.0375 2132 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
10:15:16.0375 2132 MSPQM - ok
10:15:16.0421 2132 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
10:15:16.0421 2132 mssmbios - ok
10:15:16.0453 2132 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
10:15:16.0453 2132 MSTEE - ok
10:15:16.0500 2132 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
10:15:16.0500 2132 Mup - ok
10:15:16.0531 2132 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
10:15:16.0531 2132 NABTSFEC - ok
10:15:16.0562 2132 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
10:15:16.0578 2132 NDIS - ok
10:15:16.0609 2132 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
10:15:16.0609 2132 NdisIP - ok
10:15:16.0625 2132 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
10:15:16.0640 2132 NdisTapi - ok
10:15:16.0687 2132 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
10:15:16.0687 2132 Ndisuio - ok
10:15:16.0734 2132 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
10:15:16.0734 2132 NdisWan - ok
10:15:16.0843 2132 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
10:15:16.0843 2132 NDProxy - ok
10:15:16.0968 2132 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
10:15:16.0968 2132 NetBIOS - ok
10:15:17.0125 2132 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
10:15:17.0125 2132 NetBT - ok
10:15:17.0234 2132 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
10:15:17.0234 2132 NIC1394 - ok
10:15:17.0468 2132 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
10:15:17.0468 2132 nm - ok
10:15:17.0531 2132 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
10:15:17.0531 2132 Npfs - ok
10:15:17.0578 2132 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
10:15:17.0578 2132 Ntfs - ok
10:15:17.0656 2132 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
10:15:17.0656 2132 Null - ok
10:15:17.0734 2132 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
10:15:17.0734 2132 NwlnkFlt - ok
10:15:17.0796 2132 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
10:15:17.0796 2132 NwlnkFwd - ok
10:15:17.0937 2132 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
10:15:17.0937 2132 ohci1394 - ok
10:15:18.0000 2132 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
10:15:18.0015 2132 Parport - ok
10:15:18.0046 2132 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
10:15:18.0046 2132 PartMgr - ok
10:15:18.0125 2132 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
10:15:18.0125 2132 ParVdm - ok
10:15:18.0187 2132 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
10:15:18.0187 2132 PCI - ok
10:15:18.0203 2132 PCIDump - ok
10:15:18.0312 2132 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
10:15:18.0312 2132 PCIIde - ok
10:15:18.0359 2132 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
10:15:18.0359 2132 Pcmcia - ok
10:15:18.0390 2132 PDCOMP - ok
10:15:18.0406 2132 PDFRAME - ok
10:15:18.0453 2132 PDRELI - ok
10:15:18.0515 2132 PDRFRAME - ok
10:15:18.0531 2132 perc2 - ok
10:15:18.0546 2132 perc2hib - ok
10:15:18.0609 2132 pfc (444f122e68db44c0589227781f3c8b3f) C:\WINDOWS\system32\drivers\pfc.sys
10:15:18.0609 2132 pfc - ok
10:15:18.0687 2132 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
10:15:18.0687 2132 PptpMiniport - ok
10:15:18.0875 2132 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
10:15:18.0875 2132 PSched - ok
10:15:18.0953 2132 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
10:15:18.0953 2132 Ptilink - ok
10:15:19.0015 2132 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
10:15:19.0015 2132 PxHelp20 - ok
10:15:19.0062 2132 ql1080 - ok
10:15:19.0093 2132 Ql10wnt - ok
10:15:19.0156 2132 ql12160 - ok
10:15:19.0203 2132 ql1240 - ok
10:15:19.0234 2132 ql1280 - ok
10:15:19.0281 2132 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
10:15:19.0281 2132 RasAcd - ok
10:15:19.0359 2132 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
10:15:19.0375 2132 Rasl2tp - ok
10:15:19.0453 2132 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
10:15:19.0453 2132 RasPppoe - ok
10:15:19.0484 2132 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
10:15:19.0484 2132 Raspti - ok
10:15:19.0531 2132 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
10:15:19.0531 2132 Rdbss - ok
10:15:19.0546 2132 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
10:15:19.0546 2132 RDPCDD - ok
10:15:19.0687 2132 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
10:15:19.0687 2132 rdpdr - ok
10:15:19.0781 2132 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
10:15:19.0781 2132 RDPWD - ok
10:15:19.0906 2132 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
10:15:19.0906 2132 redbook - ok
10:15:19.0984 2132 SaiH0464 (99c7c809b34d2dbc383de491860eb4a3) C:\WINDOWS\system32\DRIVERS\SaiH0464.sys
10:15:19.0984 2132 SaiH0464 - ok
10:15:20.0203 2132 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
10:15:20.0203 2132 SASDIFSV - ok
10:15:20.0218 2132 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
10:15:20.0234 2132 SASKUTIL - ok
10:15:20.0390 2132 SCDEmu (ee7a1b6e155258288d99be61190e1112) C:\WINDOWS\system32\drivers\SCDEmu.sys
10:15:20.0390 2132 SCDEmu - ok
10:15:20.0468 2132 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
10:15:20.0484 2132 Secdrv - ok
10:15:20.0515 2132 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
10:15:20.0531 2132 serenum - ok
10:15:20.0578 2132 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
10:15:20.0578 2132 Serial - ok
10:15:20.0656 2132 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
10:15:20.0671 2132 Sfloppy - ok
10:15:20.0703 2132 Simbad - ok
10:15:20.0796 2132 SiwvidStart - ok
10:15:20.0828 2132 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
10:15:20.0828 2132 SLIP - ok
10:15:20.0968 2132 smwdm (7d9b50329af9fd94b0529282530d2cb7) C:\WINDOWS\system32\drivers\smwdm.sys
10:15:20.0968 2132 smwdm - ok
10:15:21.0015 2132 Sparrow - ok
10:15:21.0062 2132 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
10:15:21.0062 2132 splitter - ok
10:15:21.0203 2132 sptd (d15da1ba189770d93eea2d7e18f95af9) C:\WINDOWS\system32\Drivers\sptd.sys
10:15:21.0203 2132 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: d15da1ba189770d93eea2d7e18f95af9
10:15:21.0218 2132 sptd ( LockedFile.Multi.Generic ) - warning
10:15:21.0218 2132 sptd - detected LockedFile.Multi.Generic (1)
10:15:21.0281 2132 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
10:15:21.0281 2132 sr - ok
10:15:21.0343 2132 Srv (da852e3e0bf1cea75d756f9866241e57) C:\WINDOWS\system32\DRIVERS\srv.sys
10:15:21.0359 2132 Srv - ok
10:15:21.0390 2132 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
10:15:21.0390 2132 streamip - ok
10:15:21.0437 2132 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
10:15:21.0437 2132 swenum - ok
10:15:21.0546 2132 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
10:15:21.0546 2132 swmidi - ok
10:15:21.0656 2132 symc810 - ok
10:15:21.0734 2132 symc8xx - ok
10:15:21.0765 2132 sym_hi - ok
10:15:21.0812 2132 sym_u3 - ok
10:15:21.0906 2132 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
10:15:21.0906 2132 sysaudio - ok
10:15:22.0015 2132 taphss (0c3b2a9c4bd2dd9a6c2e4084314dd719) C:\WINDOWS\system32\DRIVERS\taphss.sys
10:15:22.0015 2132 taphss - ok
10:15:22.0109 2132 Tcpip (cbeebeb899e31ef52b962cb31fc8ca5c) C:\WINDOWS\system32\DRIVERS\tcpip.sys
10:15:22.0109 2132 Tcpip - ok
10:15:22.0203 2132 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
10:15:22.0203 2132 TDPIPE - ok
10:15:22.0265 2132 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
10:15:22.0265 2132 TDTCP - ok
10:15:22.0343 2132 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
10:15:22.0343 2132 TermDD - ok
10:15:22.0671 2132 tmcomm (df8444a8fa8fd38d8848bdd40a8403b3) C:\WINDOWS\system32\drivers\tmcomm.sys
10:15:22.0671 2132 tmcomm - ok
10:15:22.0718 2132 TosIde - ok
10:15:22.0859 2132 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
10:15:22.0859 2132 Udfs - ok
10:15:22.0937 2132 ultra - ok
10:15:23.0203 2132 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
10:15:23.0218 2132 Update - ok
10:15:23.0500 2132 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys
10:15:23.0500 2132 USBAAPL - ok
10:15:23.0984 2132 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
10:15:23.0984 2132 usbaudio - ok
10:15:24.0671 2132 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
10:15:24.0671 2132 usbccgp - ok
10:15:24.0984 2132 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
10:15:24.0984 2132 usbehci - ok
10:15:25.0109 2132 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
10:15:25.0109 2132 usbhub - ok
10:15:25.0140 2132 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
10:15:25.0156 2132 usbscan - ok
10:15:25.0187 2132 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
10:15:25.0187 2132 USBSTOR - ok
10:15:25.0265 2132 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
10:15:25.0265 2132 usbuhci - ok
10:15:25.0328 2132 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
10:15:25.0328 2132 VgaSave - ok
10:15:25.0359 2132 ViaIde - ok
10:15:25.0421 2132 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
10:15:25.0421 2132 VolSnap - ok
10:15:25.0468 2132 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
10:15:25.0468 2132 Wanarp - ok
10:15:25.0484 2132 WDICA - ok
10:15:25.0562 2132 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
10:15:25.0562 2132 wdmaud - ok
10:15:25.0687 2132 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
10:15:25.0703 2132 WSTCODEC - ok
10:15:25.0781 2132 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
10:15:25.0781 2132 WudfPf - ok
10:15:25.0796 2132 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
10:15:25.0796 2132 WudfRd - ok
10:15:25.0875 2132 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
10:15:27.0500 2132 \Device\Harddisk0\DR0 - ok
10:15:27.0515 2132 Boot (0x1200) (ae8af7d23b1780d6887eb995a9c9a7f5) \Device\Harddisk0\DR0\Partition0
10:15:27.0515 2132 \Device\Harddisk0\DR0\Partition0 - ok
10:15:27.0515 2132 ============================================================
10:15:27.0515 2132 Scan finished
10:15:27.0515 2132 ============================================================
10:15:27.0546 2492 Detected object count: 1
10:15:27.0546 2492 Actual detected object count: 1
10:15:32.0031 2492 sptd ( LockedFile.Multi.Generic ) - skipped by user
10:15:32.0031 2492 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
10:14:54.0468 3312 TDSS rootkit removing tool 2.6.7.0 Oct 10 2011 09:40:06
10:14:54.0859 3312 ============================================================
10:14:54.0859 3312 Current date / time: 2011/10/10 10:14:54.0859
10:14:54.0859 3312 SystemInfo:
10:14:54.0859 3312
10:14:54.0859 3312 OS Version: 5.1.2600 ServicePack: 3.0
10:14:54.0859 3312 Product type: Workstation
10:14:54.0859 3312 ComputerName: BOB
10:14:54.0859 3312 UserName: Ganther
10:14:54.0859 3312 Windows directory: C:\WINDOWS
10:14:54.0859 3312 System windows directory: C:\WINDOWS
10:14:54.0859 3312 Processor architecture: Intel x86
10:14:54.0859 3312 Number of processors: 2
10:14:54.0859 3312 Page size: 0x1000
10:14:54.0859 3312 Boot type: Normal boot
10:14:54.0859 3312 ============================================================
10:14:54.0953 3312 Initialize success
10:15:03.0828 2132 ============================================================
10:15:03.0828 2132 Scan started
10:15:03.0828 2132 Mode: Manual;
10:15:03.0828 2132 ============================================================
10:15:09.0234 2132 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys
10:15:09.0234 2132 61883 - ok
10:15:09.0328 2132 Aavmker4 (d301f57713a0f6f8a3295ae6ebb69617) C:\WINDOWS\system32\drivers\Aavmker4.sys
10:15:09.0328 2132 Aavmker4 - ok
10:15:09.0359 2132 Abiosdsk - ok
10:15:09.0421 2132 abp480n5 - ok
10:15:09.0531 2132 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
10:15:09.0531 2132 ACPI - ok
10:15:09.0578 2132 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
10:15:09.0578 2132 ACPIEC - ok
10:15:09.0656 2132 adpu160m - ok
10:15:09.0687 2132 aeaudio (e696e749bedcda8b23757b8b5ea93780) C:\WINDOWS\system32\drivers\aeaudio.sys
10:15:09.0687 2132 aeaudio - ok
10:15:09.0718 2132 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
10:15:09.0734 2132 aec - ok
10:15:09.0828 2132 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
10:15:09.0843 2132 AFD - ok
10:15:09.0890 2132 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
10:15:09.0890 2132 agp440 - ok
10:15:09.0906 2132 Aha154x - ok
10:15:09.0921 2132 aic78u2 - ok
10:15:09.0937 2132 aic78xx - ok
10:15:09.0968 2132 AliIde - ok
10:15:09.0984 2132 amsint - ok
10:15:10.0109 2132 AnyDVD (86ece8782f9ed297908bd89275bb06eb) C:\WINDOWS\system32\Drivers\AnyDVD.sys
10:15:10.0109 2132 AnyDVD - ok
10:15:10.0156 2132 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
10:15:10.0156 2132 Arp1394 - ok
10:15:10.0187 2132 asc - ok
10:15:10.0203 2132 asc3350p - ok
10:15:10.0234 2132 asc3550 - ok
10:15:10.0281 2132 aswMon2 (71785f529c7b251b188245843bbf85db) C:\WINDOWS\system32\drivers\aswMon2.sys
10:15:10.0281 2132 aswMon2 - ok
10:15:10.0312 2132 aswRdr (7bab4923cabb4404bf05fd111e75e49b) C:\WINDOWS\system32\drivers\aswRdr.sys
10:15:10.0312 2132 aswRdr - ok
10:15:10.0328 2132 aswTdi (e8a2678eab78c2060d5eb26803667dc2) C:\WINDOWS\system32\drivers\aswTdi.sys
10:15:10.0328 2132 aswTdi - ok
10:15:10.0375 2132 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
10:15:10.0375 2132 AsyncMac - ok
10:15:10.0531 2132 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
10:15:10.0531 2132 atapi - ok
10:15:10.0640 2132 Atdisk - ok
10:15:11.0406 2132 ati2mtag (662c08fef641d8d6e9dcdb39168895b0) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
10:15:11.0453 2132 ati2mtag - ok
10:15:11.0546 2132 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
10:15:11.0546 2132 Atmarpc - ok
10:15:11.0734 2132 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
10:15:11.0750 2132 audstub - ok
10:15:12.0062 2132 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys
10:15:12.0062 2132 Avc - ok
10:15:12.0187 2132 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
10:15:12.0187 2132 Beep - ok
10:15:12.0375 2132 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
10:15:12.0375 2132 cbidf2k - ok
10:15:12.0453 2132 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
10:15:12.0453 2132 CCDECODE - ok
10:15:12.0515 2132 cd20xrnt - ok
10:15:12.0656 2132 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
10:15:12.0656 2132 Cdaudio - ok
10:15:12.0718 2132 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
10:15:12.0734 2132 Cdfs - ok
10:15:12.0765 2132 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
10:15:12.0765 2132 Cdrom - ok
10:15:12.0781 2132 Changer - ok
10:15:12.0812 2132 CmdIde - ok
10:15:12.0843 2132 Cpqarray - ok
10:15:12.0875 2132 dac2w2k - ok
10:15:12.0906 2132 dac960nt - ok
10:15:12.0921 2132 dcdbas - ok
10:15:12.0968 2132 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
10:15:12.0968 2132 Disk - ok
10:15:13.0062 2132 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
10:15:13.0078 2132 dmboot - ok
10:15:13.0093 2132 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
10:15:13.0093 2132 dmio - ok
10:15:13.0140 2132 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
10:15:13.0140 2132 dmload - ok
10:15:13.0187 2132 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
10:15:13.0187 2132 DMusic - ok
10:15:13.0203 2132 dpti2o - ok
10:15:13.0234 2132 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
10:15:13.0234 2132 drmkaud - ok
10:15:13.0265 2132 EagleNT - ok
10:15:13.0281 2132 EagleXNt - ok
10:15:13.0359 2132 EL2000 (d0c7f8ca97d16263d434d943b4b7004f) C:\WINDOWS\system32\DRIVERS\EL2K_XP.sys
10:15:13.0359 2132 EL2000 - ok
10:15:13.0406 2132 ElbyCDFL (c6659672dff00368db73b73519486156) C:\WINDOWS\system32\Drivers\ElbyCDFL.sys
10:15:13.0406 2132 ElbyCDFL - ok
10:15:13.0437 2132 ElbyCDIO (24fe18891c173a7c76426d08d2b0630e) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
10:15:13.0437 2132 ElbyCDIO - ok
10:15:13.0500 2132 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
10:15:13.0515 2132 Fastfat - ok
10:15:13.0531 2132 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
10:15:13.0531 2132 Fdc - ok
10:15:13.0546 2132 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
10:15:13.0546 2132 Fips - ok
10:15:13.0593 2132 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
10:15:13.0593 2132 Flpydisk - ok
10:15:13.0640 2132 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
10:15:13.0640 2132 FltMgr - ok
10:15:13.0734 2132 fssfltr (c6ee3a87fe609d3e1db9dbd072a248de) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
10:15:13.0734 2132 fssfltr - ok
10:15:13.0859 2132 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
10:15:13.0859 2132 Fs_Rec - ok
10:15:13.0968 2132 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
10:15:13.0968 2132 Ftdisk - ok
10:15:14.0046 2132 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
10:15:14.0046 2132 GEARAspiWDM - ok
10:15:14.0078 2132 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
10:15:14.0078 2132 Gpc - ok
10:15:14.0093 2132 hcelqvs - ok
10:15:14.0171 2132 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
10:15:14.0171 2132 hidusb - ok
10:15:14.0203 2132 hpn - ok
10:15:14.0281 2132 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
10:15:14.0281 2132 HTTP - ok
10:15:14.0312 2132 i2omgmt - ok
10:15:14.0328 2132 i2omp - ok
10:15:14.0375 2132 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
10:15:14.0375 2132 i8042prt - ok
10:15:14.0437 2132 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
10:15:14.0437 2132 Imapi - ok
10:15:14.0468 2132 InCDFs - ok
10:15:14.0500 2132 InCDPass - ok
10:15:14.0531 2132 InCDRm - ok
10:15:14.0562 2132 ini910u - ok
10:15:14.0609 2132 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
10:15:14.0609 2132 IntelIde - ok
10:15:14.0656 2132 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
10:15:14.0656 2132 intelppm - ok
10:15:14.0703 2132 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
10:15:14.0703 2132 Ip6Fw - ok
10:15:14.0750 2132 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
10:15:14.0765 2132 IpFilterDriver - ok
10:15:14.0781 2132 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
10:15:14.0781 2132 IpInIp - ok
10:15:14.0859 2132 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
10:15:14.0859 2132 IpNat - ok
10:15:14.0921 2132 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
10:15:14.0921 2132 IPSec - ok
10:15:14.0953 2132 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
10:15:14.0953 2132 IRENUM - ok
10:15:15.0000 2132 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
10:15:15.0000 2132 isapnp - ok
10:15:15.0046 2132 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
10:15:15.0046 2132 Kbdclass - ok
10:15:15.0078 2132 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
10:15:15.0078 2132 kbdhid - ok
10:15:15.0156 2132 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
10:15:15.0171 2132 kmixer - ok
10:15:15.0203 2132 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
10:15:15.0203 2132 KSecDD - ok
10:15:15.0328 2132 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
10:15:15.0328 2132 Lavasoft Kernexplorer - ok
10:15:15.0437 2132 Lbd (336abe8721cbc3110f1c6426da633417) C:\WINDOWS\system32\DRIVERS\Lbd.sys
10:15:15.0437 2132 Lbd - ok
10:15:15.0453 2132 lbrtfdc - ok
10:15:15.0515 2132 MBAMSwissArmy - ok
10:15:15.0609 2132 mcdbus (af61a1c34e2d3f7543f9ccfc323170b8) C:\WINDOWS\system32\DRIVERS\mcdbus.sys
10:15:15.0609 2132 mcdbus - ok
10:15:15.0656 2132 MidiSyn (63c34814492aa65fc517b002de77b191) C:\WINDOWS\system32\drivers\MidiSyn.sys
10:15:15.0656 2132 MidiSyn - ok
10:15:15.0687 2132 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
10:15:15.0687 2132 mnmdd - ok
10:15:15.0781 2132 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
10:15:15.0781 2132 Modem - ok
10:15:15.0828 2132 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
10:15:15.0828 2132 Mouclass - ok
10:15:15.0875 2132 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
10:15:15.0875 2132 mouhid - ok
10:15:16.0015 2132 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
10:15:16.0015 2132 MountMgr - ok
10:15:16.0031 2132 mraid35x - ok
10:15:16.0062 2132 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
10:15:16.0062 2132 MRxDAV - ok
10:15:16.0187 2132 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
10:15:16.0187 2132 MRxSmb - ok
10:15:16.0234 2132 MSDV (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys
10:15:16.0234 2132 MSDV - ok
10:15:16.0265 2132 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
10:15:16.0265 2132 Msfs - ok
10:15:16.0312 2132 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
10:15:16.0312 2132 MSKSSRV - ok
10:15:16.0343 2132 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
10:15:16.0359 2132 MSPCLOCK - ok
10:15:16.0375 2132 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
10:15:16.0375 2132 MSPQM - ok
10:15:16.0421 2132 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
10:15:16.0421 2132 mssmbios - ok
10:15:16.0453 2132 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
10:15:16.0453 2132 MSTEE - ok
10:15:16.0500 2132 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
10:15:16.0500 2132 Mup - ok
10:15:16.0531 2132 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
10:15:16.0531 2132 NABTSFEC - ok
10:15:16.0562 2132 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
10:15:16.0578 2132 NDIS - ok
10:15:16.0609 2132 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
10:15:16.0609 2132 NdisIP - ok
10:15:16.0625 2132 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
10:15:16.0640 2132 NdisTapi - ok
10:15:16.0687 2132 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
10:15:16.0687 2132 Ndisuio - ok
10:15:16.0734 2132 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
10:15:16.0734 2132 NdisWan - ok
10:15:16.0843 2132 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
10:15:16.0843 2132 NDProxy - ok
10:15:16.0968 2132 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
10:15:16.0968 2132 NetBIOS - ok
10:15:17.0125 2132 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
10:15:17.0125 2132 NetBT - ok
10:15:17.0234 2132 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
10:15:17.0234 2132 NIC1394 - ok
10:15:17.0468 2132 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
10:15:17.0468 2132 nm - ok
10:15:17.0531 2132 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
10:15:17.0531 2132 Npfs - ok
10:15:17.0578 2132 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
10:15:17.0578 2132 Ntfs - ok
10:15:17.0656 2132 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
10:15:17.0656 2132 Null - ok
10:15:17.0734 2132 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
10:15:17.0734 2132 NwlnkFlt - ok
10:15:17.0796 2132 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
10:15:17.0796 2132 NwlnkFwd - ok
10:15:17.0937 2132 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
10:15:17.0937 2132 ohci1394 - ok
10:15:18.0000 2132 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
10:15:18.0015 2132 Parport - ok
10:15:18.0046 2132 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
10:15:18.0046 2132 PartMgr - ok
10:15:18.0125 2132 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
10:15:18.0125 2132 ParVdm - ok
10:15:18.0187 2132 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
10:15:18.0187 2132 PCI - ok
10:15:18.0203 2132 PCIDump - ok
10:15:18.0312 2132 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
10:15:18.0312 2132 PCIIde - ok
10:15:18.0359 2132 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
10:15:18.0359 2132 Pcmcia - ok
10:15:18.0390 2132 PDCOMP - ok
10:15:18.0406 2132 PDFRAME - ok
10:15:18.0453 2132 PDRELI - ok
10:15:18.0515 2132 PDRFRAME - ok
10:15:18.0531 2132 perc2 - ok
10:15:18.0546 2132 perc2hib - ok
10:15:18.0609 2132 pfc (444f122e68db44c0589227781f3c8b3f) C:\WINDOWS\system32\drivers\pfc.sys
10:15:18.0609 2132 pfc - ok
10:15:18.0687 2132 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
10:15:18.0687 2132 PptpMiniport - ok
10:15:18.0875 2132 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
10:15:18.0875 2132 PSched - ok
10:15:18.0953 2132 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
10:15:18.0953 2132 Ptilink - ok
10:15:19.0015 2132 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
10:15:19.0015 2132 PxHelp20 - ok
10:15:19.0062 2132 ql1080 - ok
10:15:19.0093 2132 Ql10wnt - ok
10:15:19.0156 2132 ql12160 - ok
10:15:19.0203 2132 ql1240 - ok
10:15:19.0234 2132 ql1280 - ok
10:15:19.0281 2132 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
10:15:19.0281 2132 RasAcd - ok
10:15:19.0359 2132 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
10:15:19.0375 2132 Rasl2tp - ok
10:15:19.0453 2132 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
10:15:19.0453 2132 RasPppoe - ok
10:15:19.0484 2132 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
10:15:19.0484 2132 Raspti - ok
10:15:19.0531 2132 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
10:15:19.0531 2132 Rdbss - ok
10:15:19.0546 2132 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
10:15:19.0546 2132 RDPCDD - ok
10:15:19.0687 2132 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
10:15:19.0687 2132 rdpdr - ok
10:15:19.0781 2132 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
10:15:19.0781 2132 RDPWD - ok
10:15:19.0906 2132 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
10:15:19.0906 2132 redbook - ok
10:15:19.0984 2132 SaiH0464 (99c7c809b34d2dbc383de491860eb4a3) C:\WINDOWS\system32\DRIVERS\SaiH0464.sys
10:15:19.0984 2132 SaiH0464 - ok
10:15:20.0203 2132 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
10:15:20.0203 2132 SASDIFSV - ok
10:15:20.0218 2132 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
10:15:20.0234 2132 SASKUTIL - ok
10:15:20.0390 2132 SCDEmu (ee7a1b6e155258288d99be61190e1112) C:\WINDOWS\system32\drivers\SCDEmu.sys
10:15:20.0390 2132 SCDEmu - ok
10:15:20.0468 2132 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
10:15:20.0484 2132 Secdrv - ok
10:15:20.0515 2132 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
10:15:20.0531 2132 serenum - ok
10:15:20.0578 2132 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
10:15:20.0578 2132 Serial - ok
10:15:20.0656 2132 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
10:15:20.0671 2132 Sfloppy - ok
10:15:20.0703 2132 Simbad - ok
10:15:20.0796 2132 SiwvidStart - ok
10:15:20.0828 2132 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
10:15:20.0828 2132 SLIP - ok
10:15:20.0968 2132 smwdm (7d9b50329af9fd94b0529282530d2cb7) C:\WINDOWS\system32\drivers\smwdm.sys
10:15:20.0968 2132 smwdm - ok
10:15:21.0015 2132 Sparrow - ok
10:15:21.0062 2132 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
10:15:21.0062 2132 splitter - ok
10:15:21.0203 2132 sptd (d15da1ba189770d93eea2d7e18f95af9) C:\WINDOWS\system32\Drivers\sptd.sys
10:15:21.0203 2132 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: d15da1ba189770d93eea2d7e18f95af9
10:15:21.0218 2132 sptd ( LockedFile.Multi.Generic ) - warning
10:15:21.0218 2132 sptd - detected LockedFile.Multi.Generic (1)
10:15:21.0281 2132 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
10:15:21.0281 2132 sr - ok
10:15:21.0343 2132 Srv (da852e3e0bf1cea75d756f9866241e57) C:\WINDOWS\system32\DRIVERS\srv.sys
10:15:21.0359 2132 Srv - ok
10:15:21.0390 2132 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
10:15:21.0390 2132 streamip - ok
10:15:21.0437 2132 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
10:15:21.0437 2132 swenum - ok
10:15:21.0546 2132 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
10:15:21.0546 2132 swmidi - ok
10:15:21.0656 2132 symc810 - ok
10:15:21.0734 2132 symc8xx - ok
10:15:21.0765 2132 sym_hi - ok
10:15:21.0812 2132 sym_u3 - ok
10:15:21.0906 2132 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
10:15:21.0906 2132 sysaudio - ok
10:15:22.0015 2132 taphss (0c3b2a9c4bd2dd9a6c2e4084314dd719) C:\WINDOWS\system32\DRIVERS\taphss.sys
10:15:22.0015 2132 taphss - ok
10:15:22.0109 2132 Tcpip (cbeebeb899e31ef52b962cb31fc8ca5c) C:\WINDOWS\system32\DRIVERS\tcpip.sys
10:15:22.0109 2132 Tcpip - ok
10:15:22.0203 2132 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
10:15:22.0203 2132 TDPIPE - ok
10:15:22.0265 2132 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
10:15:22.0265 2132 TDTCP - ok
10:15:22.0343 2132 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
10:15:22.0343 2132 TermDD - ok
10:15:22.0671 2132 tmcomm (df8444a8fa8fd38d8848bdd40a8403b3) C:\WINDOWS\system32\drivers\tmcomm.sys
10:15:22.0671 2132 tmcomm - ok
10:15:22.0718 2132 TosIde - ok
10:15:22.0859 2132 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
10:15:22.0859 2132 Udfs - ok
10:15:22.0937 2132 ultra - ok
10:15:23.0203 2132 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
10:15:23.0218 2132 Update - ok
10:15:23.0500 2132 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys
10:15:23.0500 2132 USBAAPL - ok
10:15:23.0984 2132 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
10:15:23.0984 2132 usbaudio - ok
10:15:24.0671 2132 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
10:15:24.0671 2132 usbccgp - ok
10:15:24.0984 2132 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
10:15:24.0984 2132 usbehci - ok
10:15:25.0109 2132 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
10:15:25.0109 2132 usbhub - ok
10:15:25.0140 2132 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
10:15:25.0156 2132 usbscan - ok
10:15:25.0187 2132 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
10:15:25.0187 2132 USBSTOR - ok
10:15:25.0265 2132 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
10:15:25.0265 2132 usbuhci - ok
10:15:25.0328 2132 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
10:15:25.0328 2132 VgaSave - ok
10:15:25.0359 2132 ViaIde - ok
10:15:25.0421 2132 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
10:15:25.0421 2132 VolSnap - ok
10:15:25.0468 2132 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
10:15:25.0468 2132 Wanarp - ok
10:15:25.0484 2132 WDICA - ok
10:15:25.0562 2132 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
10:15:25.0562 2132 wdmaud - ok
10:15:25.0687 2132 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
10:15:25.0703 2132 WSTCODEC - ok
10:15:25.0781 2132 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
10:15:25.0781 2132 WudfPf - ok
10:15:25.0796 2132 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
10:15:25.0796 2132 WudfRd - ok
10:15:25.0875 2132 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
10:15:27.0500 2132 \Device\Harddisk0\DR0 - ok
10:15:27.0515 2132 Boot (0x1200) (ae8af7d23b1780d6887eb995a9c9a7f5) \Device\Harddisk0\DR0\Partition0
10:15:27.0515 2132 \Device\Harddisk0\DR0\Partition0 - ok
10:15:27.0515 2132 ============================================================
10:15:27.0515 2132 Scan finished
10:15:27.0515 2132 ============================================================
10:15:27.0546 2492 Detected object count: 1
10:15:27.0546 2492 Actual detected object count: 1
10:15:32.0031 2492 sptd ( LockedFile.Multi.Generic ) - skipped by user
10:15:32.0031 2492 sptd ( LockedFile.Multi.Generic ) - User select action: Skip |
|
| Back to top |
|
|
ganther
Newbie
Joined: 08 Oct 2011
Last Visit: 11 Oct 2011
Posts: 7
|
| Posted: Mon Oct 10, 2011 7:27 am Post subject: |
|
|
OTL logfile created on: 10/10/2011 10:14:05 AM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\Ganther\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 0.96 Gb Available Physical Memory | 47.83% Memory free
3.11 Gb Paging File | 2.08 Gb Available in Paging File | 66.84% Paging File free
Paging file location(s): C:\pagefile.sys 1024 2048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 186.30 Gb Total Space | 33.48 Gb Free Space | 17.97% Space Free | Partition Type: NTFS
Drive J: | 4.17 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Computer Name: BOB | User Name: Ganther | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/10/10 10:12:52 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ganther\Desktop\OTL.exe
PRC - [2011/10/07 14:58:13 | 001,191,216 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011/10/07 14:58:11 | 002,151,640 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011/10/02 07:43:41 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/08/11 18:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2008/04/13 19:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/12/04 09:36:33 | 000,017,272 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2007/12/04 08:00:23 | 000,079,224 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2007/12/04 08:00:16 | 000,140,664 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2007/12/04 07:59:53 | 000,247,160 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2007/12/04 07:59:01 | 000,345,464 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2007/01/18 20:04:04 | 000,067,056 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2006/08/11 12:15:36 | 000,200,704 | ---- | M] (InterVideo Inc.) -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
PRC - [2002/09/20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
========== Modules (No Company Name) ==========
MOD - [2011/10/07 14:58:38 | 000,430,568 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\VipreBridge.dll
MOD - [2011/10/07 14:58:36 | 000,589,184 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\RPAPI.dll
MOD - [2011/10/07 14:56:53 | 000,508,776 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\thorax.aaw
MOD - [2011/10/02 07:43:41 | 001,015,256 | ---- | M] () -- C:\Program Files\Mozilla Firefox\js3250.dll
MOD - [2011/09/20 16:06:04 | 000,193,904 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libMachoUniv.dll
MOD - [2011/09/20 16:06:02 | 000,210,288 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libBase64.dll
MOD - [2011/08/18 15:25:12 | 000,308,560 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\Vipre.dll
MOD - [2011/08/18 15:25:12 | 000,173,504 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\unrar.dll
MOD - [2010/02/05 13:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2009/02/06 16:13:50 | 000,094,720 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2008/04/13 19:12:03 | 000,386,048 | ---- | M] () -- C:\WINDOWS\system32\qdvd.dll
MOD - [2008/04/13 19:12:03 | 000,192,512 | ---- | M] () -- C:\WINDOWS\system32\qcap.dll
MOD - [2008/04/13 19:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 19:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2006/12/03 15:53:06 | 000,126,464 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2005/07/01 08:29:48 | 000,075,776 | ---- | M] () -- C:\Program Files\Alwil Software\Avast4\unacev2.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Disabled | Stopped] -- -- (Winsermtaasu)
SRV - File not found [Auto | Stopped] -- -- (AcrSch2Svc)
SRV - [2011/10/07 14:58:11 | 002,151,640 | ---- | M] (Lavasoft Limited) [Auto | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/08/11 18:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2010/09/01 15:51:28 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [Disabled | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R)
SRV - [2009/03/08 10:43:40 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/04/13 19:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)
SRV - [2008/04/13 19:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (MSFtpsvc)
SRV - [2008/04/13 19:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2007/12/04 09:36:33 | 000,017,272 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2007/12/04 08:00:16 | 000,140,664 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2007/12/04 07:59:53 | 000,247,160 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2007/12/04 07:59:01 | 000,345,464 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2007/10/12 09:34:56 | 000,071,096 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Super_DVD_Creator_9.8\NMSAccessU.exe -- (NMSAccessU)
SRV - [2007/01/18 20:04:04 | 000,067,056 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2006/12/22 07:31:50 | 000,108,712 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor5.0)
SRV - [2006/08/11 12:15:36 | 000,200,704 | ---- | M] (InterVideo Inc.) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe -- (Capture Device Service)
SRV - [2002/09/20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))
========== Driver Services (SafeList) ==========
DRV - [2011/08/18 15:25:12 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2011/07/22 11:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 16:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/09/22 14:19:02 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\taphss.sys -- (taphss)
DRV - [2010/09/10 21:19:16 | 005,417,472 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009/08/05 23:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/06/22 13:43:12 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/11/18 20:39:53 | 000,102,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2008/07/28 18:19:28 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/07/16 08:45:49 | 000,099,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2008/04/13 13:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2007/12/04 09:55:46 | 000,094,544 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2007/12/04 09:53:39 | 000,023,152 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2007/12/04 09:51:52 | 000,042,912 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2007/12/04 09:49:02 | 000,026,624 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2007/04/09 07:27:07 | 000,031,548 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2005/11/03 11:52:14 | 000,176,640 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SaiH0464.sys -- (SaiH0464)
DRV - [2004/04/01 16:30:46 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/07/17 11:22:00 | 000,147,328 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\EL2K_XP.sys -- (EL2000)
DRV - [2002/09/20 10:53:34 | 000,235,100 | ---- | M] (Analog Devices Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MidiSyn.sys -- (MidiSyn)
DRV - [2002/06/08 10:07:30 | 000,004,480 | ---- | M] (Elaborate Bytes) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-823518204-179605362-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-823518204-179605362-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-823518204-179605362-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-823518204-179605362-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-823518204-179605362-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "bing"
FF - prefs.js..browser.search.defaultthis.engineName: "Conduit Engine Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=ConduitEngine&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.1.0
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=119&systemid=406&q="
FF - prefs.js..network.proxy.type: 0
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@funwebproducts.com/Plugin: C:\Program Files\FunWebProducts\Installr\2.bin\NPFunWeb.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\3.0.40624.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.91: C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2571: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2629: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1739: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{98e34367-8df7-42b4-837b-20b892ff0849}: C:\Program Files\iWin Games\firefox\ [2011/07/28 08:26:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/04 00:30:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/02 07:43:49 | 000,000,000 | ---D | M]
[2008/08/01 23:27:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ganther\Application Data\Mozilla\Extensions
[2011/10/08 10:18:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ganther\Application Data\Mozilla\Firefox\Profiles\b6hj97cb.default\extensions
[2010/03/14 19:26:54 | 000,000,000 | ---D | M] ("Garmin Communicator") -- C:\Documents and Settings\Ganther\Application Data\Mozilla\Firefox\Profiles\b6hj97cb.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2009/02/02 23:43:32 | 000,000,000 | ---D | M] (Tweak Network) -- C:\Documents and Settings\Ganther\Application Data\Mozilla\Firefox\Profiles\b6hj97cb.default\extensions\{DAD0F81A-CF67-4eed-98D6-26F6E47274CA}
[2011/10/09 21:48:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/24 23:31:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/24 23:31:27 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/08/24 23:31:27 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/08/09 11:33:48 | 000,002,501 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchResults.xml
O1 HOSTS File: ([2011/10/07 15:13:23 | 000,437,101 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 15060 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-823518204-179605362-682003330-1003\..\Toolbar\WebBrowser: (no name) - {D593DE91-7B41-45C2-830E-E9A99AB142AA} - No CLSID value found.
O3 - HKU\S-1-5-21-823518204-179605362-682003330-1003\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [muBlinder] C:\Documents and Settings\Ganther\Desktop\muBlinder.exe (KRX)
O4 - HKU\S-1-5-21-823518204-179605362-682003330-1003..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-823518204-179605362-682003330-1003..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\Joan\Start Menu\Programs\Startup\IMVU.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-823518204-179605362-682003330-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-823518204-179605362-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/fhg.CAB (Reg Error: Key error.)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://fb.familylink.com/we_are_related/stream/core/lib/AurigmaImageUploader/ImageUploader5.cab (Image Uploader Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1282711757643 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1282711745283 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://www.walmartphotocentre.ca/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {C86FF4B0-AA1D-46D4-8612-025FB86583C7} http://zone.msn.com/bingame/jobo/default/AstoundLauncher.cab (AstoundLauncher Control)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9F00E4F3-412C-46F1-A20B-E6D95AC97B0E}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/03/09 01:03:57 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/10/10 10:12:57 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ganther\Desktop\OTL.exe
[2011/10/10 10:10:06 | 001,558,832 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Ganther\Desktop\TDSSKiller.exe
[2011/10/10 10:07:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/10/10 10:07:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2011/10/10 10:07:10 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/10/10 10:05:46 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Ganther\Desktop\erunt-setup.exe
[2011/10/07 14:58:45 | 000,101,720 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/10/07 14:55:34 | 000,064,512 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2011/10/07 14:55:01 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2011/10/07 14:55:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Lavasoft
[2011/10/07 14:54:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2011/10/07 14:53:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/10/07 14:49:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ganther\Application Data\SUPERAntiSpyware.com
[2011/10/07 14:48:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/10/07 14:48:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/10/07 14:48:49 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/10/02 22:47:25 | 000,000,000 | ---D | C] -- C:\Program Files\Hidden Object Crosswords
[2011/10/02 22:47:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Hidden Object Crosswords
[2011/09/27 18:26:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ganther\Application Data\thTXwjUCeItPyAi
[2011/09/27 18:26:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ganther\Application Data\kS2ibD3pn5Q6W8R
[2011/09/26 23:58:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ganther\Application Data\uCCCellIBrzN
[2011/09/26 23:58:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ganther\Application Data\H1uuvDD2onFpm5s
[2011/09/24 14:48:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\rH6sWK7fE9TqYeI
[2011/09/23 16:12:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/09/20 00:23:42 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Ganther\Recent
[2011/09/16 00:01:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2011/09/13 04:13:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Apple Computer
[2011/09/13 04:13:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/10/10 10:12:52 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ganther\Desktop\OTL.exe
[2011/10/10 10:08:53 | 001,540,270 | ---- | M] () -- C:\Documents and Settings\Ganther\Desktop\tdsskiller.zip
[2011/10/10 10:07:11 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Ganther\Desktop\ERUNT.lnk
[2011/10/10 10:05:41 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Ganther\Desktop\erunt-setup.exe
[2011/10/10 10:03:12 | 000,000,466 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Scan (Daily).job
[2011/10/10 10:02:28 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/10/10 10:01:10 | 000,192,512 | ---- | M] (ICSharpCode.net) -- C:\Documents and Settings\Ganther\Desktop\ICSharpCode.SharpZipLib.dll
[2011/10/10 09:42:26 | 001,558,832 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Ganther\Desktop\TDSSKiller.exe
[2011/10/09 22:40:51 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/10/09 21:36:43 | 000,002,048 | ---- | M] () -- C:\WINDOWS\bootstat.dat
[2011/10/09 21:36:32 | 2146,226,176 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/09 11:13:43 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/10/07 23:10:06 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/10/07 15:13:23 | 000,437,101 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/10/07 14:58:41 | 000,101,720 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/10/07 14:58:40 | 000,016,432 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2011/10/07 14:55:40 | 000,000,797 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2011/10/07 14:53:52 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\Ganther\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/10/07 14:53:52 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Ganther\Desktop\Spybot - Search & Destroy.lnk
[2011/10/07 14:48:57 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/10/02 22:48:02 | 000,001,692 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Play Hidden Object Crosswords.lnk
[2011/10/02 22:48:02 | 000,001,214 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\More Great Games.lnk
[2011/09/26 23:59:10 | 000,001,212 | ---- | M] () -- C:\Documents and Settings\Ganther\Application Data\ldr.ini
[2011/09/22 00:39:55 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Ganther\Desktop\bptp8cqq.exe
[2011/09/20 00:02:33 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Ganther\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003.lnk
[2011/09/16 00:01:07 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/09/16 00:01:07 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/09/13 02:23:07 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2011/09/12 18:10:56 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\Ganther\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/09/12 18:10:56 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/10/10 10:08:56 | 001,540,270 | ---- | C] () -- C:\Documents and Settings\Ganther\Desktop\tdsskiller.zip
[2011/10/10 10:07:11 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Ganther\Desktop\ERUNT.lnk
[2011/10/07 18:27:59 | 000,000,466 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Scan (Daily).job
[2011/10/07 18:25:35 | 000,016,432 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2011/10/07 14:55:51 | 000,000,486 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/10/07 14:55:40 | 000,000,797 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2011/10/07 14:53:52 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\Ganther\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/10/07 14:53:52 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Ganther\Desktop\Spybot - Search & Destroy.lnk
[2011/10/07 14:48:57 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/10/02 22:48:02 | 000,001,692 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Play Hidden Object Crosswords.lnk
[2011/10/02 22:48:02 | 000,001,214 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\More Great Games.lnk
[2011/10/02 21:31:00 | 000,001,584 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Game Manager.lnk
[2011/10/02 21:31:00 | 000,001,184 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\More Great Games.lnk
[2011/10/02 17:52:47 | 000,000,664 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\d3d9caps.dat
[2011/09/26 23:58:11 | 000,001,212 | ---- | C] () -- C:\Documents and Settings\Ganther\Application Data\ldr.ini
[2011/09/22 00:40:02 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Ganther\Desktop\bptp8cqq.exe
[2011/09/21 17:27:10 | 2146,226,176 | -HS- | C] () -- C:\hiberfil.sys
[2011/09/12 18:10:56 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\Ganther\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/09/05 03:05:15 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2011/09/04 16:09:43 | 000,001,096 | -HS- | C] () -- C:\Documents and Settings\Ganther\Local Settings\Application Data\tj2vklcg1400ug20s8k78nmljo6db307o02585k687ye
[2011/09/04 16:09:43 | 000,001,096 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\tj2vklcg1400ug20s8k78nmljo6db307o02585k687ye
[2011/09/04 16:09:41 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\xwqp.exe
[2011/09/04 16:09:41 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Ganther\Local Settings\Application Data\vnbo.exe
[2011/09/04 16:09:41 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\tnyt.exe
[2011/09/04 16:09:41 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Ganther\Local Settings\Application Data\orhl.exe
[2011/09/04 16:09:41 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Ganther\Local Settings\Application Data\ntyo.exe
[2011/09/04 16:09:41 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Ganther\Local Settings\Application Data\losd.exe
[2011/09/04 16:09:41 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\htgh.exe
[2011/09/04 16:09:41 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\erux.exe
[2011/08/10 02:13:32 | 000,000,445 | ---- | C] () -- C:\Program Files\081020112133190.bat
[2011/08/10 01:39:06 | 000,709,968 | ---- | C] () -- C:\WINDOWS\is-8COC9.exe
[2011/05/31 19:13:35 | 000,000,152 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~14540580r
[2011/05/31 19:13:35 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~14540580
[2011/05/31 19:13:30 | 000,000,336 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\14540580
[2011/05/28 11:25:53 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\1522B2.sys
[2011/05/25 22:39:09 | 000,007,909 | ---- | C] () -- C:\WINDOWS\System32\ftpctrs.ini
[2011/05/25 22:39:08 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2011/05/25 22:39:08 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2011/05/25 22:39:08 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2011/03/15 14:04:09 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2011/02/25 16:11:53 | 000,068,952 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/11/04 07:58:48 | 000,000,440 | ---- | C] () -- C:\Program Files\110420107584871.bat
[2010/08/25 00:52:06 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/08/23 11:21:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2010/07/18 15:29:31 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe
[2010/07/18 15:29:31 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe
[2010/07/11 19:13:47 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2009/09/29 20:46:56 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2009/09/29 20:46:56 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2009/07/16 00:41:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\HMHud.INI
[2009/04/23 16:29:16 | 000,224,342 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2009/01/24 21:14:15 | 000,000,684 | ---- | C] () -- C:\WINDOWS\Sin_Setup.INI
[2008/12/30 15:56:27 | 000,000,173 | ---- | C] () -- C:\WINDOWS\disneysy.ini
[2008/11/19 20:25:45 | 002,195,456 | ---- | C] () -- C:\WINDOWS\System32\gpiproxy.dll
[2008/11/15 20:40:18 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2008/11/15 20:40:18 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2008/11/15 20:40:18 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2008/11/15 20:40:18 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2008/11/15 20:40:18 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2008/11/15 20:40:18 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2008/11/14 12:35:27 | 000,000,025 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2008/11/05 02:12:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2008/10/29 17:44:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PhotoNow.INI
[2008/07/21 23:09:39 | 000,000,107 | ---- | C] () -- C:\WINDOWS\IfoEdit.INI
[2008/07/21 19:42:32 | 000,042,320 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2008/02/12 02:05:35 | 000,000,216 | ---- | C] () -- C:\WINDOWS\System32\sctsf.dat
[2008/01/05 21:16:59 | 000,000,022 | ---- | C] () -- C:\WINDOWS\iexplore.ini
[2008/01/01 12:00:50 | 000,001,074 | ---- | C] () -- C:\WINDOWS\S3D.ini
[2007/12/26 23:17:09 | 000,009,728 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2007/12/26 12:11:51 | 000,003,903 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/12/07 22:46:41 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Ganther\Local Settings\Application Data\PUTTY.RND
[2007/11/28 03:12:50 | 000,013,840 | ---- | C] () -- C:\WINDOWS\System32\wnaspi32.dll
[2007/10/21 23:36:18 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\Ganther\Local Settings\Application Data\fusioncache.dat
[2007/08/24 08:48:53 | 000,000,146 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2007/07/22 04:35:16 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2007/07/22 04:35:16 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2007/07/22 04:35:16 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2007/07/22 04:35:16 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2007/07/22 04:35:16 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2007/07/22 03:14:26 | 000,000,639 | ---- | C] () -- C:\WINDOWS\M3JPEG.INI
[2007/06/13 20:25:02 | 000,000,027 | ---- | C] () -- C:\WINDOWS\9DSetup.ini
[2007/05/13 20:58:44 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\resourceGeneric.dll
[2007/04/25 21:34:20 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2007/04/18 16:26:58 | 000,000,068 | ---- | C] () -- C:\WINDOWS\System32\fs_di002_2.dll
[2007/04/15 12:31:30 | 000,000,849 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/04/15 02:46:20 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/03/21 12:55:34 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2007/03/21 12:55:30 | 000,001,316 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2007/03/18 07:50:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2007/03/15 19:36:46 | 000,141,312 | ---- | C] () -- C:\Documents and Settings\Ganther\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/03/11 12:56:34 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\SI.bin
[2007/03/09 02:17:24 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/03/09 01:06:33 | 000,002,048 | ---- | C] () -- C:\WINDOWS\bootstat.dat
[2007/03/09 01:01:01 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007/03/08 18:53:44 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/03/08 18:52:42 | 001,585,264 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/02/27 01:37:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\GraphEdt.INI
[2007/01/03 16:58:11 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005/10/14 04:56:50 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2004/08/04 12:00:08 | 000,032,768 | ---- | C] () -- C:\WINDOWS\MKUninst.exe
[2004/08/04 01:07:22 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/02 14:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/01/12 14:50:22 | 000,003,475 | ---- | C] () -- C:\WINDOWS\System32\WTKBInst.dll
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/08/23 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 07:00:00 | 000,481,674 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 07:00:00 | 000,081,474 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 07:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
========== LOP Check ==========
[2008/03/08 07:45:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\3 Blokes Studios
[2007/03/09 02:25:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2011/06/05 03:23:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\aK06509DhKnH06509
[2011/01/04 16:40:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Awem
[2011/10/02 21:30:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Big Fish Games
[2011/08/09 15:49:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2011/04/12 16:48:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CCP
[2009/06/22 13:50:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010/01/30 14:10:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EA Games
[2008/03/10 22:11:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Earthsim
[2009/11/04 17:51:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Enkord
[2007/04/26 01:04:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
[2010/09/30 12:42:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Farm Fishes
[2011/03/23 13:38:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy_Rome
[2009/01/25 20:16:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreshGames
[2007/08/03 00:46:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Friday's games
[2009/11/03 11:20:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fugazo
[2007/07/07 00:01:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FunGames
[2011/09/24 13:59:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameHouse
[2010/09/24 22:14:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gamers Digital
[2011/02/27 15:09:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GamesBar
[2009/03/06 22:07:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN
[2011/02/10 21:25:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Genimo
[2011/01/28 14:22:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HipSoft
[2008/11/15 20:40:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InterVideo
[2008/05/18 01:13:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin Games
[2009/10/29 16:26:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
[2011/03/24 08:14:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Merscom
[2007/07/24 23:17:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Minnetonka Audio Software
[2010/10/09 06:46:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2008/12/30 10:51:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NevoSoft Games
[2011/03/19 11:59:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nevosoft-Breeze
[2010/06/22 22:11:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nexon
[2010/06/22 22:11:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS
[2010/09/08 19:05:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oberon Media
[2009/05/13 21:55:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OpenDNS Updater
[2010/02/23 23:12:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PacketTrap
[2008/03/31 19:39:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2009/07/13 00:27:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PokerAcademyPro2
[2011/07/28 08:29:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Rumbic Studio
[2011/03/27 12:59:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2008/03/10 21:58:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2008/07/21 22:44:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2011/10/02 23:48:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/10/11 23:14:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\The Game Equation
[2011/04/17 23:21:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\The Revills Games
[2011/03/15 23:59:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TikGames
[2008/11/15 20:35:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2007/04/16 12:40:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zabersoft
[2009/04/06 12:18:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2011/08/13 15:06:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/05/03 23:33:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ganther\Application Data\alot
[2010/07/29 23:26:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ganther\Application Data\Angkor
[2008/01/01 00:33:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ganther\Application Data\Cities3D
[2011/07/23 00:53:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ganther\Application Data\DAEMON Tools Lite
[2011/04/27 21:51:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ganther\Application Data\Deckadance16
[2008/03/10 22:11:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ganther\Application Data\Earthsim
[2011/07/23 00:52:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ganther\Application Data\FileZilla
[2011/02/06 23:37:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ganther\Application Data\FriendsGamesNetwork
[2010/09/24 22:14:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ganther\Application Data\Gamers Digital
[2009/06/22 14:03:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ganther\Application Data\GARMIN
[2011/02/10 21:22:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ganther\Application Data\Genimo
[2007/05/17 00:53:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ganther\Application Data\GlobalSCAPE
[2011/09/26 23:58:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ganther\Application Data\H1uuvDD2onFpm5s
[2008/11/18 19:49:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ganther\Application Data\InterVideo
[2010/07/15 22:32:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ganther\Application Data\IObit
[2010/06/01 22:50:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ganther\Application Data\Juniper Networks
[2011/09/27 18:26:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ganther\Application Data\kS2ibD3pn5Q6W8R
[2010/02/23 23:32:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ganther\Application Data\Notepad++
[2010/09/25 05:01:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ganther\Application Data\Oberon Media
[2007/04/21 15:22:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ganther\Application Data\Opera
[2007/03/11 13:04:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ganther\Application Data\PF
[2011/02/06 22:33:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ganther\Application Data\Phantasmat_bf_se1
[2009/01/27 23:09:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ganther\Application Data\PhotoLine
[2007/07/23 22:50:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ganther\Application Data\PlayFirst
[2009/07/13 00:25:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ganther\Application Data\PokerAcademyPro2
[2009/09/18 00:44:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ganther\Application Data\postgresql
[2010/07/23 16:40:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ganther\Application Data\SecondLife
[2011/04/27 01:09:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ganther\Application Data\SynthMaker
[2011/09/27 18:26:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ganther\Application Data\thTXwjUCeItPyAi
[2008/02/10 02:09:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ganther\Application Data\timelog2
[2011/09/26 23:58:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ganther\Application Data\uCCCellIBrzN
[2008/11/15 20:44:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ganther\Application Data\Ulead Systems
[2011/09/30 22:14:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ganther\Application Data\uTorrent
[2010/09/12 15:15:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joan\Application Data\alot
[2011/09/26 13:03:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joan\Application Data\EqjYCekIBzNx1v2
[2008/03/08 07:43:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joan\Application Data\iWinArcade
[2011/09/26 08:03:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joan\Application Data\khYXwkUVrOtPuS
[2008/03/31 18:38:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joan\Application Data\Meridian93
[2011/09/25 19:20:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joan\Application Data\n2onF4pmHsJd
[2008/03/31 19:39:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joan\Application Data\PlayFirst
[2010/10/01 04:21:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joan\Application Data\PriceGong
[2011/09/26 13:03:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joan\Application Data\RH6sWK7fE9T
[2010/04/26 10:08:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joan\Application Data\Sony Online Entertainment
[2009/11/15 21:15:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joan\Application Data\SpinTop
[2011/09/26 08:03:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joan\Application Data\T7dEK8gRZ
[2008/05/13 18:25:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joan\Application Data\timelog2
[2010/04/11 10:06:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joan\Application Data\Vivox
[2011/09/25 19:14:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joan\Application Data\WEELL9gTZqjY
[2011/09/27 17:31:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joan\Application Data\WG5sQJ7dE8RqYwU
[2011/09/25 19:14:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joan\Application Data\XkkkIVVrzONxAuv
[2011/09/27 17:31:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joan\Application Data\ykIBrzONyAuSoFp
[2011/09/25 19:20:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joan\Application Data\z8gTZqhYCkVlNx0
[2011/03/17 08:44:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandi\Application Data\Alawar
[2011/04/17 22:06:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandi\Application Data\Awem
[2011/03/23 14:35:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandi\Application Data\Be a King
[2011/04/06 19:17:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandi\Application Data\CannyGames
[2011/10/02 22:48:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandi\Application Data\Dekovir
[2011/03/12 22:26:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandi\Application Data\DivoGames
[2011/02/28 01:47:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandi\Application Data\ERS Game Studios
[2011/03/15 21:38:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandi\Application Data\FirstColony
[2011/02/25 17:21:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandi\Application Data\GetRightToGo
[2011/02/25 17:22:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandi\Application Data\iPhone Tool Kits
[2011/03/13 22:07:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandi\Application Data\Islands
[2011/03/16 15:57:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandi\Application Data\Jewel Match 3
[2011/04/03 22:25:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandi\Application Data\MagicIndie
[2011/03/24 08:14:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandi\Application Data\Merscom
[2011/03/19 11:59:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandi\Application Data\Nevosoft-Breeze
[2011/03/15 23:59:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandi\Application Data\TikGames
[2011/03/11 13:08:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandi\Application Data\WendigoStudios
[2011/03/16 00:39:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandi\Application Data\Wildfire
[2011/03/15 15:08:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandi\Application Data\World-Loom
[2011/10/10 10:03:12 | 000,000,466 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Scan (Daily).job
[2011/10/10 10:02:28 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 219 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6C75AF4C
@Alternate Data Stream - 214 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9033BDFB
@Alternate Data Stream - 214 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:063969F8
@Alternate Data Stream - 212 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C86B29EB
@Alternate Data Stream - 209 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FF7D915E
@Alternate Data Stream - 209 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5AE33054
@Alternate Data Stream - 204 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8DD36B71
@Alternate Data Stream - 198 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:708BB0FA
@Alternate Data Stream - 195 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6D192E3A
@Alternate Data Stream - 193 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:66AA0486
@Alternate Data Stream - 192 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:957E9765
@Alternate Data Stream - 191 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F52A6209
@Alternate Data Stream - 190 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4A77A28B
@Alternate Data Stream - 152 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2A8A3140
@Alternate Data Stream - 151 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:82C50600
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FFD58FFB
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:46A2F27B
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2CFBE2D1
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:14D29229
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ABBECF62
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4BB4F863
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:160ADF0B
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CF1334B0
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C9B27A06
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A4E7D25F
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:67310058
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:512336B9
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3B68494D
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0BBF232A
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EB4FEEF5
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4149A170
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:35629AE6
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:11156FC0
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BD34FFC5
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:99AC3203
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2B856118
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F4921BC9
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7DC5D762
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:447AD91E
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D01ACC06
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:353B2FF9
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CE7F52A
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:436BE28C
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C0913157
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1BC74CBD
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EA01899E
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AC9D1415
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:945FE29C
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:73461BFA
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:49CABE45
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:29C0641D
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CF538410
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CFFB598
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1709732A
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8CEFE51A
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:385BC52C
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0C13C008
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C46995DA
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9F50A55A
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4A2862FF
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B42826C8
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D882BE37
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CFF654D3
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A9ABA3FF
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5E24C78B
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4977A107
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F2B69A18
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0616FC84
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BDA516A4
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F709A4DE
@Alternate Data Stream - 113 bytes -> C:\Documents and Setting |
|
| Back to top |
|
|
ganther
Newbie
Joined: 08 Oct 2011
Last Visit: 11 Oct 2011
Posts: 7
|
| Posted: Mon Oct 10, 2011 7:29 am Post subject: |
|
|
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F709A4DE
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C8182692
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6BF0805F
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A3B92B64
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:64F3F315
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A4FA68AD
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E962FBDB
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:548AE60C
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B0A96209
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7FEA1229
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:58A2C544
< End of report > |
|
| Back to top |
|
|
ganther
Newbie
Joined: 08 Oct 2011
Last Visit: 11 Oct 2011
Posts: 7
|
| Posted: Mon Oct 10, 2011 7:49 am Post subject: |
|
|
OTL Extras logfile created on: 10/10/2011 10:14:05 AM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\Ganther\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 0.96 Gb Available Physical Memory | 47.83% Memory free
3.11 Gb Paging File | 2.08 Gb Available in Paging File | 66.84% Paging File free
Paging file location(s): C:\pagefile.sys 1024 2048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 186.30 Gb Total Space | 33.48 Gb Free Space | 17.97% Space Free | Partition Type: NTFS
Drive J: | 4.17 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Computer Name: BOB | User Name: Ganther | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
[HKEY_USERS\S-1-5-21-823518204-179605362-682003330-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
jsfile [edit] -- "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"56705:TCP" = 56705:TCP:*:Enabled:Pando Media Booster
"56705:UDP" = 56705:UDP:*:Enabled:Pando Media Booster
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"56705:TCP" = 56705:TCP:*:Enabled:Pando Media Booster
"56705:UDP" = 56705:UDP:*:Enabled:Pando Media Booster
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Nexon\Combat Arms\CombatArms.exe" = C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe -- (Nexon)
"C:\Nexon\Combat Arms\Engine.exe" = C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe -- (Nexon)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\uTorrent\utorrent.exe" = C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\SmartFTP Client\SmartFTP.exe" = C:\Program Files\SmartFTP Client\SmartFTP.exe:*:Enabled:SmartFTP Client 2.5 -- (SmartSoft Ltd.)
"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe" = C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager -- (Nexon)
"C:\Nexon\Combat Arms\NMService.exe" = C:\Nexon\Combat Arms\NMService.exe:*:Enabled:Nexon Messenger Core -- (Nexon Corp.)
"C:\Nexon\Combat Arms\Engine.exe" = C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe -- (Nexon)
"C:\Nexon\Combat Arms\CombatArms.exe" = C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe -- (Nexon)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{04F67CE9-C706-7C07-B882-4790D01C5A76}" = Catalyst Control Center Graphics Previews Common
"{0837A661-FEC3-48B3-876C-91E7D32048A9}" = Macromedia Dreamweaver 8
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{2274624C-5B38-41AD-AD27-CEC0924EB628}" = Adobe Setup
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{25569723-DC5A-4467-A639-79535BF01B71}" = Adobe Help Center 2.1
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3515DF4C-3529-407E-A1E1-E2C0EDB36FF0}" = KwiClick
"{385DD1DD-65AA-408D-8E70-74601C2DB7E6}" = Ad-Aware
"{4781569D-5404-1F26-4B2B-6DF444441031}" = Nero 7 Ultra Edition
"{485ACF57-F364-440A-8496-E1E81C8FA1AA}" = Adobe Premiere Pro CS3 Third Party Content
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0
"{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}" = Adobe Premiere Pro CS3 Functional Content
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}" = InterVideo DeviceService
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}" = Adobe Premiere Pro CS3
"{5E3CB60D-627B-3B5C-2173-3EAB3397C9A1}" = Catalyst Control Center InstallProxy
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{66FF4C48-0083-4E60-8556-B883AB200091}" = Heroes of Might & Magic V: Hammers of Fate
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{77D2A9D3-5800-43E3-B274-87841BC87DB2}" = Adobe ExtendScript Toolkit 2
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{8279BD5B-F4B7-3B75-95F5-F1D2BB219C7F}" = ccc-utility
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110265407}" = Bejeweled 2 Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111405753}" = Super Collapse 3
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115065740}" = Bubbletown
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8AE03988-8C8C-40EE-BDC7-76781BEF1B1D}" = Adobe Setup
"{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}" = iLivid
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{94824ADD-8F26-43D2-84DB-22E11F377E5E}" = Microsoft English TTS Engine
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{96172E04-BB14-45F6-A77B-8EE7A421B903}" = SAPI Wrapper
"{97D0C0A1-7E64-4B05-A2EE-61D2CE23F154}" = TTS Wrapper
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD 4
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{A1EFAC47-885A-4E74-AAA4-8B56B71B706A}" = Garmin City Navigator North America NT 2010.40
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5249CFE-2231-4770-A36D-1BD1285EB2BF}" = MySEQ Open
"{A7B609FB-83D8-4FC3-8477-1BC65ECFE85B}" = Adobe Photoshop Elements 5.0
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}" = Wizard101
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2ED6DAA-31AA-49E4-BFA1-AF3388D90F7D}" = EverQuest II
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5408C28-8D1F-4D65-AA49-02FBD56136FF}" = WolfQuest
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BB81360F-041C-4CF7-B15E-71380D154244}" = Adobe Setup
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C169D3BB-9A27-43F5-9979-09A0D65FE95C}" = SmartFTP Client
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C5A56577-49B4-331E-55DC-7143AFFAD108}" = ATI Catalyst Install Manager
"{C73CA646-73B3-4AEF-A136-C37505745174}" = iTunes
"{C73F2967-062E-48F2-A462-D335B8950183}" = Safari
"{C82185E8-C27B-4EF4-2008-4444BC2C2B6D}" = Microsoft Streets & Trips 2008
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCC4E428-411E-4605-B515-317D50ABD477}" = Ulead DVD MovieFactory 6
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DDA34038-89BD-4804-B0B8-DC48D5DFB463}" = Catalyst Control Center - Branding
"{DDB68A90-340C-42B9-B42B-D2CBED1B91DC}" = Heroes of Might and Magic V Collector Edition
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F12B55DE-186C-42CA-E9B4-9FA7B786D023}" = ccc-core-static
"{F4731524-D4E9-2CCD-4471-5ABE373C3691}" = CCC Help English
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FFC1ADE3-944B-4231-894E-3903C37271D2}" = Adobe Setup
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_32fdd767b4383606e8168e834af5d90" = Adobe Premiere Pro CS3
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Adobe_c3c7fe8b09d497ab2b3fd91c9353390" = Adobe Flash CS3 Professional
"Adobe_cbb2ea61da9c780bd7e47a5230a9ed7" = Adobe Stock Photos CS3
"ASIO4ALL" = ASIO4ALL
"avast!" = avast! Antivirus
"Bejeweled Deluxe 1.862" = Bejeweled Deluxe 1.862
"BFG-Big Kahuna Reef" = Big Kahuna Reef
"BFG-Big Kahuna Words" = Big Kahuna Words
"BFGC" = Big Fish Games: Game Manager
"BFG-Deep Blue Sea 2" = Deep Blue Sea 2
"BFG-Farm Frenzy - Gone Fishing" = Farm Frenzy: Gone Fishing
"BFG-Hidden Object Crosswords" = Hidden Object Crosswords
"BFG-Zumas Revenge - Adventure" = Zuma's Revenge - Adventure
"BulletProof FTP Server_is1" = BulletProof FTP Server (remove only)
"Catan Online Welt" = Catan Online World
"CCleaner" = CCleaner
"CloneCD" = CloneCD
"Combat Arms" = Combat Arms
"Deckadance" = Deckadance
"Defraggler" = Defraggler
"DirectWave" = DirectWave
"DivX Setup.divx.com" = DivX Setup
"dng4ps2" = dng4ps2
"DVD Decrypter" = DVD Decrypter (Remove Only)
"ERUNT_is1" = ERUNT 1.1j
"EVE" = EVE Online (remove only)
"FL Studio 9" = FL Studio 9
"GamesBar" = GamesBar 2.0.1.59
"HijackThis" = HijackThis 1.99.1
"IL Autogun" = IL Autogun
"IL Download Manager" = IL Download Manager
"IL DrumSynth Live" = IL DrumSynth Live
"IL Gross Beat" = IL Gross Beat
"IL Harmless" = IL Harmless
"IL Juice Pack" = IL Juice Pack
"IL Ogun" = IL Ogun
"IL Slicex" = IL Slicex
"IL Vocodex" = IL Vocodex
"InstallShield_{CCC4E428-411E-4605-B515-317D50ABD477}" = Ulead DVD MovieFactory 6
"InterActual Player" = InterActual Player
"IrfanView" = IrfanView (remove only)
"iWinArcade" = iWin Games (remove only)
"KLiteCodecPack_is1" = K-Lite Codec Pack 7.7.0 (Basic)
"LUNA Plus" = LUNA Plus v1.0
"Magic ISO Maker v5.4 (build 0251)" = Magic ISO Maker v5.4 (build 0251)
"MagicDisc 2.7.105" = MagicDisc 2.7.105
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.23)" = Mozilla Firefox (3.6.23)
"Notepad++" = Notepad++
"OpenDNS Updater" = OpenDNS Updater 1.3.0.187
"PartyPoker" = PartyPoker
"PokerAcademyPro2" = Poker Academy Pro 2
"PokerStars" = PokerStars
"PowerISO" = PowerISO
"Project Entropia" = Entropia Universe
"PS3 Media Server" = PS3 Media Server
"Punch! Home Design - Platinum" = Punch! Home Design - Platinum
"RealPlayer 6.0" = RealPlayer
"Scorched3D" = Scorched3D 43.1b
"Sin" = Sin
"Stellar Phoenix FAT & NTFS_is1" = Stellar Phoenix FAT & NTFS Version 2.0
"Super DVD Creator_is1" = Super DVD Creator 9.8 Full Version
"The Wizard's Pen™" = The Wizard's Pen™
"uniquemagicmp3taggerappid_is1" = Magic MP3 Tagger 2.2.4e
"uTorrent" = µTorrent
"Versato" = Media Key Uninstaller
"Virtual Villagers 4: The Tree of Life" = Virtual Villagers 4: The Tree of Life (remove only)
"Website Ripper Copier" = Website Ripper Copier
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"winscp3_is1" = WinSCP 4.3.2
"Wizard Land" = Wizard Land (remove only)
"Xfire" = Xfire (remove only)
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-823518204-179605362-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FileZilla Client" = FileZilla Client 3.2.1
========== Last 10 Event Log Errors ==========
[ Antivirus Events ]
Error - 10/10/2011 11:00:48 AM | Computer Name = BOB | Source = avast! | ID = 33554522
Description = Storage query "INSERT INTO LocalResults (SessionId, Flags, Error,
Obtained, PathNameId, Virus) VALUES (338, 134217728, 42016, 1318258847, 1960445,
'');" failed. Error description: "database disk image is malformed [11]".
Error - 10/10/2011 11:00:48 AM | Computer Name = BOB | Source = avast! | ID = 33554522
Description = Storage query "INSERT INTO LocalResults (SessionId, Flags, Error,
Obtained, PathNameId, Virus) VALUES (338, 134217728, 42016, 1318258848, 1960446,
'');" failed. Error description: "database disk image is malformed [11]".
Error - 10/10/2011 11:00:48 AM | Computer Name = BOB | Source = avast! | ID = 33554522
Description = Storage query "INSERT INTO LocalResults (SessionId, Flags, Error,
Obtained, PathNameId, Virus) VALUES (338, 134217728, 42016, 1318258848, 1960447,
'');" failed. Error description: "database disk image is malformed [11]".
Error - 10/10/2011 11:00:48 AM | Computer Name = BOB | Source = avast! | ID = 33554522
Description = Storage query "INSERT INTO LocalResults (SessionId, Flags, Error,
Obtained, PathNameId, Virus) VALUES (338, 134217728, 42016, 1318258848, 1960448,
'');" failed. Error description: "database disk image is malformed [11]".
Error - 10/10/2011 11:00:50 AM | Computer Name = BOB | Source = avast! | ID = 33554522
Description = Storage query "INSERT INTO LocalResults (SessionId, Flags, Error,
Obtained, PathNameId, Virus) VALUES (338, 134217728, 42016, 1318258850, 1901674,
'');" failed. Error description: "database disk image is malformed [11]".
Error - 10/10/2011 11:00:51 AM | Computer Name = BOB | Source = avast! | ID = 33554522
Description = Storage query "INSERT INTO LocalResults (SessionId, Flags, Error,
Obtained, PathNameId, Virus) VALUES (338, 134217728, 42016, 1318258851, 1901675,
'');" failed. Error description: "database disk image is malformed [11]".
Error - 10/10/2011 11:00:51 AM | Computer Name = BOB | Source = avast! | ID = 33554522
Description = Storage query "INSERT INTO LocalResults (SessionId, Flags, Error,
Obtained, PathNameId, Virus) VALUES (338, 134217728, 42016, 1318258851, 1901676,
'');" failed. Error description: "database disk image is malformed [11]".
Error - 10/10/2011 11:00:56 AM | Computer Name = BOB | Source = avast! | ID = 33554522
Description = Storage query "INSERT INTO LocalResults (SessionId, Flags, Error,
Obtained, PathNameId, Virus) VALUES (338, 134217728, 42016, 1318258856, 1901681,
'');" failed. Error description: "database disk image is malformed [11]".
Error - 10/10/2011 11:00:56 AM | Computer Name = BOB | Source = avast! | ID = 33554522
Description = Storage query "INSERT INTO LocalResults (SessionId, Flags, Error,
Obtained, PathNameId, Virus) VALUES (338, 134217728, 42016, 1318258856, 1901945,
'');" failed. Error description: "database disk image is malformed [11]".
Error - 10/10/2011 11:00:57 AM | Computer Name = BOB | Source = avast! | ID = 33554522
Description = Storage query "INSERT INTO LocalResults (SessionId, Flags, Error,
Obtained, PathNameId, Virus) VALUES (338, 134217728, 42016, 1318258856, 1929685,
'');" failed. Error description: "database disk image is malformed [11]".
[ Application Events ]
Error - 3/21/2011 11:34:42 PM | Computer Name = BOB | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.2.4079, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 3/21/2011 11:41:29 PM | Computer Name = BOB | Source = Application Hang | ID = 1002
Description = Hanging application bfgclient.exe, version 2.0.1.43, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 3/25/2011 11:32:00 PM | Computer Name = BOB | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.
Error - 3/25/2011 11:32:00 PM | Computer Name = BOB | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.
Error - 3/27/2011 1:51:11 PM | Computer Name = BOB | Source = Application Error | ID = 1000
Description = Faulting application componentlauncher.exe, version 3.0.0.49815, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x00010ef4.
Error - 3/27/2011 5:46:26 PM | Computer Name = BOB | Source = Application Hang | ID = 1002
Description = Hanging application plugin-container.exe, version 1.9.2.4095, hang
module hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 3/29/2011 12:47:19 AM | Computer Name = BOB | Source = Application Hang | ID = 1002
Description = Hanging application OUTLOOK.EXE, version 11.0.8217.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 3/29/2011 1:16:46 AM | Computer Name = BOB | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 1.9.2.4095, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x0000100b.
Error - 3/29/2011 1:27:35 AM | Computer Name = BOB | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 1.9.2.4095, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x0000100b.
Error - 3/30/2011 12:34:29 PM | Computer Name = BOB | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.2.4095, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
[ System Events ]
Error - 10/7/2011 1:32:20 AM | Computer Name = BOB | Source = Service Control Manager | ID = 7000
Description = The Acronis Scheduler2 Service service failed to start due to the
following error: %%3
Error - 10/7/2011 1:47:05 AM | Computer Name = BOB | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service SeaPort with
arguments "-Service" in order to run the server: {D6381B4A-D254-46EB-9018-A62E0F4BA6BA}
Error - 10/7/2011 3:14:57 PM | Computer Name = BOB | Source = Service Control Manager | ID = 7000
Description = The Acronis Scheduler2 Service service failed to start due to the
following error: %%3
Error - 10/7/2011 3:37:32 PM | Computer Name = BOB | Source = Service Control Manager | ID = 7034
Description = The COM+ Event System service terminated unexpectedly. It has done
this 3 time(s).
Error - 10/7/2011 3:37:32 PM | Computer Name = BOB | Source = Service Control Manager | ID = 7034
Description = The Help and Support service terminated unexpectedly. It has done
this 3 time(s).
Error - 10/7/2011 7:35:56 PM | Computer Name = BOB | Source = Service Control Manager | ID = 7000
Description = The Acronis Scheduler2 Service service failed to start due to the
following error: %%3
Error - 10/9/2011 12:15:13 PM | Computer Name = BOB | Source = Service Control Manager | ID = 7000
Description = The Acronis Scheduler2 Service service failed to start due to the
following error: %%3
Error - 10/9/2011 10:39:21 PM | Computer Name = BOB | Source = Service Control Manager | ID = 7000
Description = The Acronis Scheduler2 Service service failed to start due to the
following error: %%3
Error - 10/10/2011 11:00:59 AM | Computer Name = BOB | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM
Service service to connect.
Error - 10/10/2011 11:00:59 AM | Computer Name = BOB | Source = Service Control Manager | ID = 7000
Description = The IMAPI CD-Burning COM Service service failed to start due to the
following error: %%1053
< End of report > |
|
| Back to top |
|
|
ganther
Newbie
Joined: 08 Oct 2011
Last Visit: 11 Oct 2011
Posts: 7
|
| Posted: Mon Oct 10, 2011 7:51 am Post subject: |
|
|
| There you go I have posted the 3 logs from the instructions. |
|
| Back to top |
|
|
Gary R
Moderator
Joined: 03 May 2005
Last Visit: 22 May 2013
Posts: 9700
Location: Yorkshire
|
| Posted: Mon Oct 10, 2011 12:34 pm Post subject: |
|
|
- Download MGA Diagnostic Tool to your Desktop.
- Double click MGADiag.exe to launch the programme.
- Click Continue and let the scan run.
- When finished it will have created a log.
- Click Copy.
- Next open Notepad.
- Click Start > Run type Notepad click OK.
- This will open an empty Notepad file.
- Right click in the empty file and choose Paste to copy the log from MGA Diagnostics into it.
- Save the file to your Desktop.
- Close MGA Diagnostic Tool.
- Copy/Paste the log in your next reply please.
Next
Download CKScanner to your Desktop.
- Doubleclick CKScanner.exe to launch it.
- Click Search For Files.
- After a couple minutes a list will appear in the panel to the right.
- Click Save List To File.
- A message box will verify the file saved.
- Close CKScanner.
- Copy/paste the contents of ckfiles.txt in your next reply please (it will be on your Desktop).
_________________
Gary R Administrator at Malware Removal University
If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations |
|
| Back to top |
|
|
ganther
Newbie
Joined: 08 Oct 2011
Last Visit: 11 Oct 2011
Posts: 7
|
| Posted: Mon Oct 10, 2011 9:02 pm Post subject: |
|
|
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Genuine
Validation Code: 0
Cached Validation Code: N/A
Windows Product Key: *****-*****-G827J-TRJK6-663CD
Windows Product Key Hash: vpBqNZjufASy7SuywRccKSJ0CQM=
Windows Product ID: 55274-644-9931015-23043
Windows Product ID Type: 1
Windows License Type: Volume
Windows OS version: 5.1.2600.2.00010100.3.0.pro
ID: {78296206-D311-473A-9508-B7E57485EEA4}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: Registered, 1.9.42.0
Signed By: N/A, hr = 0x80096010
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-230-1
Resolution Status: N/A
Vista WgaER Data-->
ThreatID(s): N/A
Version: N/A
Windows XP Notifications Data-->
Cached Result: 8
File Exists: Yes
Version: 1.8.31.9
WgaTray.exe Signed By: N/A, hr = 0x80096010
WgaLogon.dll Signed By: N/A, hr = 0x80096010
OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002
OGA Data-->
Office Status: 114 Blocked VLK 2
Microsoft Office Professional Edition 2003 - 114 Blocked VLK 2
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-230-1
Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32)
Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed
File Scan Data-->
Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{78296206-D311-473A-9508-B7E57485EEA4}</UGUID><Version>1.9.0027.0</Version><OS>5.1.2600.2.00010100.3.0.pro</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-663CD</PKey><PID>55274-644-9931015-23043</PID><PIDType>1</PIDType><SID>S-1-5-21-823518204-179605362-682003330</SID><SYSTEM><Manufacturer>To Be Filled By O.E.M.</Manufacturer><Model>To Be Filled By O.E.M.</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>1019.005</Version><SMBIOSVersion major="2" minor="3"/><Date>20041014000000.000000+000</Date></BIOS><HWID>55A13D8701848E73</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification><File Name="WgaTray.exe" Version="1.8.31.9"/><File Name="WgaLogon.dll" Version="1.8.31.9"/></GANotification></MachineData><Software><Office><Result>114</Result><Products><Product GUID="{90110409-6000-11D3-8CFE-0150048383C9}"><LegitResult>114</LegitResult><Name>Microsoft Office Professional Edition 2003</Name><Ver>11</Ver><Val>59D1605114E3500</Val><Hash>vfZmaSmFPIYrLWTcZSZErUQg+Fo=</Hash><Pid>73931-640-0000106-57514</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="11" Result="114"/><App Id="16" Version="11" Result="114"/><App Id="18" Version="11" Result="114"/><App Id="19" Version="11" Result="114"/><App Id="1A" Version="11" Result="114"/><App Id="1B" Version="11" Result="114"/><App Id="44" Version="11" Result="114"/></Applications></Office></Software></GenuineResults>
Licensing Data-->
N/A
Windows Activation Technologies-->
N/A
HWID Data-->
N/A
OEM Activation 1.0 Data-->
BIOS string matches: yes
Marker string from BIOS: 1C021:GENUINE C&C INC
Marker string from OEMBIOS.DAT: N/A, hr = 0x80004005
OEM Activation 2.0 Data-->
N/A |
|
| Back to top |
|
|
ganther
Newbie
Joined: 08 Oct 2011
Last Visit: 11 Oct 2011
Posts: 7
|
| Posted: Mon Oct 10, 2011 9:20 pm Post subject: |
|
|
CKScanner - Additional Security Risks - These are not necessarily bad
c:\documents and settings\joan\application data\sony online entertainment\installed games\free realms\resources\bs_cracked_claw_cavernsareas.xml
c:\documents and settings\joan\application data\sony online entertainment\installed games\free realms\resources\sky\sky_cracked_claw_caverns.xml
c:\program files\msn games\bejeweled 2 deluxe\sounds\firecrackle.ogg
c:\program files\partygaming\partycasino\language\en_us\images\flashlobby\lobby\safecrackerkeno.swf
c:\program files\partygaming\partycasino\language\en_us\images\flashlobby\lobby\safecrackerkeno_popup.swf
c:\program files\popcap games\bejeweled deluxe\sounds\firecrackle.ogg
scanner sequence 3.ZZ.11.CTAPWR
----- EOF ----- |
|
| Back to top |
|
|
Gary R
Moderator
Joined: 03 May 2005
Last Visit: 22 May 2013
Posts: 9700
Location: Yorkshire
|
| Posted: Mon Oct 10, 2011 9:53 pm Post subject: |
|
|
You are using an illegal version of Windows.
I see you have also edited your CKScanner log in an attempt to conceal the number of cracked programs you have on your computer.
This forum does not support the use of illegal programs.
Your infection is self-inflicted, and probably picked up when you downloaded and installed your cracked programs.
My recommendation to you is that you reformat your hard drive, and re-install Windows, then cease downloading and installing illegal programs. As you have found out, they never come "free".
This topic is now closed
_________________
Gary R Administrator at Malware Removal University
If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations |
|
| Back to top |
|
|
|
|
You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
smartBlue Style © 2002 Smartor
Powered by phpBB © 2001, 2002 phpBB Group
|
