Solved Need help with XP-Antivirus infection

BillB · 2010/05/10

[Resolved] Need help with XP-Antivirus infection

I'm trying to help a friend with their sick PC. When they dropped it off to me, they said they were getting pop-ups saying their PC was infected with spyware, click here to resolve the problem. They weren't sure what to do at that point so they shut it down. Upon restart, they said they were not able to logon again, either in normal or safe mode to their account or the admin account.

When I first powered it up, it went straight to the Windows desktop. I downloaded the latest version of Malwarebytes and installed it, then ran a complete scan. It cleaned up over 123 items including the XP Antivirus infection and said a reboot was needed to finish removing the items found. When I rebooted the machine, I was presented with the welcome screen and clicked on the user account icon. The screen blinked once and there was a message saying 'loading your personal settings', then I was back to the welcome screen. This happens in both safe mode and normal mode, just as my friend said.

I'm basically stuck here, I can't get to the desktop to do anymore scans so I can't post any logs. Any suggestions how I can get past this as I know this machine is probably not clean at this point?

broni · 2010/05/10

Let's see, if we can look at your computer booting from an external source.

You will need USB flash drive to move information from bad computer to a working computer.

You need to download two programs.

First

ISO Burner this will allow you to burn REATOGO-X-PE ISO to a cd and make it bootable. Just install the programm, from there on it's fairly automatic (Instructions)

Second

Download OTLPE.iso and burn to a CD using ISO Burner. NOTE: This file is 270.3 MB in size so it may take some time to download.

When downloaded double click and this will then open ISOBurner to burn the file to CD

Reboot your system (Non working computer) using the boot CD you just created.

Note. If you do not know how to set your computer to boot from CD follow the steps HERE

Your system should now display a REATOGO-X-PE desktop.

Double-click on the OTLPE icon.

When asked Do you wish to load the remote registry, select Yes

When asked Do you wish to load remote user profile(s) for scanning, select Yes

Ensure the box Automatically Load All Remaining Users is checked and press OK

OTL should now start. Change the following settings

Change Drivers to All

Change Registry to All

Under Custom Scan box paste this in:

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
userinit.exe
explorer.exe
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav

Press Run Scan to start the scan.

When finished, the file will be saved in drive C:\OTL.txt

Copy this file to your USB drive.

Please post the contents of the C:\OTL.txt file in your reply.

BillB · 2010/05/11

Broni,

Here's the log you requested.

OTL logfile created on: 5/11/2010 5:45:55 PM - Run
OTLPE by OldTimer - Version 3.1.38.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 825.00 Mb Available Physical Memory | 81.00% Memory free
906.00 Mb Paging File | 853.00 Mb Available in Paging File | 94.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.78 Gb Total Space | 21.04 Gb Free Space | 29.73% Space Free | Partition Type: NTFS
Drive D: | 7.47 Gb Total Space | 6.58 Gb Free Space | 88.09% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 276.80 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 90 Days
Output = Standard
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - [2009/12/25 08:38:25 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/10/20 16:20:35 | 000,030,192 | ---- | M] (Google) [On_Demand] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-093009-130223)
SRV - [2009/08/12 19:37:44 | 000,337,160 | ---- | M] (Trend Micro Inc.) [Auto] -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)
SRV - [2009/08/12 19:37:42 | 000,648,456 | ---- | M] (Trend Micro Inc.) [On_Demand] -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- (tmproxy)
SRV - [2009/08/12 19:37:42 | 000,488,768 | ---- | M] (Trend Micro Inc.) [On_Demand] -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe -- (TmPfw)
SRV - [2009/08/12 19:37:06 | 000,703,008 | ---- | M] (Trend Micro Inc.) [Auto] -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe -- (SfCtlCom)
SRV - [2008/10/30 13:13:28 | 002,749,224 | ---- | M] (Wacom Technology, Corp.) [Auto] -- C:\WINDOWS\system32\Wacom_Tablet.exe -- (TabletServiceWacom)
SRV - [2008/09/16 13:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto] -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0)
SRV - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2007/07/24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)

========== Driver Services (All) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | Disabled] -- -- (Simbad)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | On_Demand] -- -- (bvrp_pci)
DRV - File not found [Kernel | Disabled] -- -- (Atdisk)
DRV - File not found [Kernel | Disabled] -- -- (Abiosdsk)
DRV - [2010/02/24 09:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\mrxsmb.sys -- (MRxSmb)
DRV - [2009/12/31 12:50:03 | 000,353,792 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\srv.sys -- (Srv)
DRV - [2009/12/25 08:30:48 | 000,043,528 | ---- | M] (Sonic Solutions) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20)
DRV - [2009/12/04 16:39:06 | 000,230,928 | ---- | M] (Trend Micro Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\tmxpflt.sys -- (tmxpflt)
DRV - [2009/12/04 16:38:18 | 000,036,368 | ---- | M] (Trend Micro Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\tmpreflt.sys -- (tmpreflt)
DRV - [2009/12/04 16:05:06 | 001,322,680 | ---- | M] (Trend Micro Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\vsapint.sys -- (vsapint)
DRV - [2009/10/20 12:20:16 | 000,265,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\http.sys -- (HTTP)
DRV - [2009/08/12 19:38:42 | 000,335,376 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\TM_CFW.sys -- (tmcfw)
DRV - [2009/08/12 19:38:42 | 000,066,320 | ---- | M] (Trend Micro Inc.) [Kernel | System] -- C:\WINDOWS\system32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2009/08/12 19:38:42 | 000,052,752 | ---- | M] (Trend Micro Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\tmactmon.sys -- (tmactmon)
DRV - [2009/08/12 19:38:42 | 000,050,192 | ---- | M] (Trend Micro Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV - [2009/06/24 07:18:41 | 000,092,928 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ksecdd.sys -- (KSecDD)
DRV - [2009/05/07 03:04:50 | 000,157,712 | ---- | M] (Trend Micro Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2009/03/05 23:59:00 | 000,036,864 | ---- | M] (Apple, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2009/01/15 12:19:36 | 000,023,848 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2008/10/06 13:53:24 | 000,015,656 | ---- | M] (Wacom Technology) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV - [2008/08/14 06:04:36 | 000,138,496 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\afd.sys -- (AFD)
DRV - [2008/07/11 13:16:50 | 000,013,352 | ---- | M] (Wacom Technology) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2008/06/20 07:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\tcpip.sys -- (Tcpip)
DRV - [2008/04/13 20:13:22 | 000,139,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rdpwd.sys -- (RDPWD)
DRV - [2008/04/13 20:13:21 | 000,021,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tdtcp.sys -- (TDTCP)
DRV - [2008/04/13 20:13:20 | 000,040,840 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\termdd.sys -- (TermDD)
DRV - [2008/04/13 20:13:20 | 000,012,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tdpipe.sys -- (TDPIPE)
DRV - [2008/04/13 15:39:48 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\mouclass.sys -- (Mouclass)
DRV - [2008/04/13 15:28:39 | 000,175,744 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\rdbss.sys -- (Rdbss)
DRV - [2008/04/13 15:21:00 | 000,162,816 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\netbt.sys -- (NetBT)
DRV - [2008/04/13 15:20:42 | 000,091,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ndiswan.sys -- (NdisWan)
DRV - [2008/04/13 15:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ndis.sys -- (NDIS)
DRV - [2008/04/13 15:19:48 | 000,048,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\raspptp.sys -- (PptpMiniport) WAN Miniport (PPTP)
DRV - [2008/04/13 15:19:43 | 000,051,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rasl2tp.sys -- (Rasl2tp) WAN Miniport (L2TP)
DRV - [2008/04/13 15:19:42 | 000,075,264 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\ipsec.sys -- (IPSec)
DRV - [2008/04/13 15:18:00 | 000,052,480 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\i8042prt.sys -- (i8042prt)
DRV - [2008/04/13 15:17:18 | 000,083,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wdmaud.sys -- (wdmaud)
DRV - [2008/04/13 15:17:05 | 000,105,344 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- C:\WINDOWS\system32\drivers\mup.sys -- (Mup)
DRV - [2008/04/13 15:15:55 | 000,060,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sysaudio.sys -- (sysaudio)
DRV - [2008/04/13 15:15:53 | 000,574,976 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\system32\drivers\ntfs.sys -- (Ntfs)
DRV - [2008/04/13 15:15:45 | 000,064,512 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\serial.sys -- (Serial)
DRV - [2008/04/13 15:14:29 | 000,143,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\system32\drivers\fastfat.sys -- (Fastfat)
DRV - [2008/04/13 15:14:21 | 000,063,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\system32\drivers\cdfs.sys -- (Cdfs)
DRV - [2008/04/13 15:00:19 | 000,030,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\modem.sys -- (Modem)
DRV - [2008/04/13 14:57:32 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\raspppoe.sys -- (RasPppoe)
DRV - [2008/04/13 14:57:29 | 000,040,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ndproxy.sys -- (NDProxy)
DRV - [2008/04/13 14:57:27 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\asyncmac.sys -- (AsyncMac)
DRV - [2008/04/13 14:57:27 | 000,010,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ndistapi.sys -- (NdisTapi)
DRV - [2008/04/13 14:57:21 | 000,034,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wanarp.sys -- (Wanarp)
DRV - [2008/04/13 14:57:15 | 000,152,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ipnat.sys -- (IpNat)
DRV - [2008/04/13 14:57:07 | 000,020,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ipinip.sys -- (IpInIp)
DRV - [2008/04/13 14:56:38 | 000,069,120 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\psched.sys -- (PSched)
DRV - [2008/04/13 14:56:32 | 000,035,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\msgpc.sys -- (Gpc)
DRV - [2008/04/13 14:56:02 | 000,034,688 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\netbios.sys -- (NetBIOS)
DRV - [2008/04/13 14:55:58 | 000,014,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ndisuio.sys -- (Ndisuio)
DRV - [2008/04/13 14:54:28 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\irenum.sys -- (IRENUM)
DRV - [2008/04/13 14:53:34 | 000,036,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ip6fw.sys -- (Ip6Fw)
DRV - [2008/04/13 14:51:25 | 000,059,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\atmarpc.sys -- (Atmarpc)
DRV - [2008/04/13 14:47:37 | 000,025,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbprint.sys -- (usbprint)
DRV - [2008/04/13 14:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbstor.sys -- (USBSTOR)
DRV - [2008/04/13 14:45:37 | 000,059,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbhub.sys -- (usbhub)
DRV - [2008/04/13 14:45:35 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbehci.sys -- (usbehci)
DRV - [2008/04/13 14:45:35 | 000,020,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbuhci.sys -- (usbuhci)
DRV - [2008/04/13 14:45:27 | 000,010,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hidusb.sys -- (HidUsb)
DRV - [2008/04/13 14:45:13 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\drmkaud.sys -- (drmkaud)
DRV - [2008/04/13 14:45:09 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\kmixer.sys -- (kmixer)
DRV - [2008/04/13 14:45:09 | 000,056,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\swmidi.sys -- (swmidi)
DRV - [2008/04/13 14:45:07 | 000,006,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\splitter.sys -- (splitter)
DRV - [2008/04/13 14:45:01 | 000,052,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\dmusic.sys -- (DMusic)
DRV - [2008/04/13 14:44:46 | 000,153,344 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled] -- C:\WINDOWS\system32\drivers\dmio.sys -- (dmio)
DRV - [2008/04/13 14:44:40 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\vga.sys -- (VgaSave)
DRV - [2008/04/13 14:41:22 | 000,018,560 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\i2omp.sys -- (i2omp)
DRV - [2008/04/13 14:41:22 | 000,008,576 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\i2omgmt.sys -- (i2omgmt)
DRV - [2008/04/13 14:41:01 | 000,052,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\volsnap.sys -- (VolSnap)
DRV - [2008/04/13 14:40:58 | 000,042,112 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\imapi.sys -- (Imapi)
DRV - [2008/04/13 14:40:49 | 000,019,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\partmgr.sys -- (PartMgr)
DRV - [2008/04/13 14:40:48 | 000,011,392 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\sfloppy.sys -- (Sfloppy)
DRV - [2008/04/13 14:40:47 | 000,036,352 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\system32\drivers\disk.sys -- (Disk)
DRV - [2008/04/13 14:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\cdrom.sys -- (Cdrom)
DRV - [2008/04/13 14:40:31 | 000,005,376 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\viaide.sys -- (ViaIde)
DRV - [2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\atapi.sys -- (atapi)
DRV - [2008/04/13 14:40:29 | 000,005,504 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\intelide.sys -- (IntelIde)
DRV - [2008/04/13 14:40:27 | 000,057,600 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\redbook.sys -- (redbook)
DRV - [2008/04/13 14:40:25 | 000,027,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\fdc.sys -- (Fdc)
DRV - [2008/04/13 14:40:25 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\flpydisk.sys -- (Flpydisk)
DRV - [2008/04/13 14:40:12 | 000,015,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\serenum.sys -- (serenum)
DRV - [2008/04/13 14:40:10 | 000,080,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\parport.sys -- (Parport)
DRV - [2008/04/13 14:39:53 | 000,004,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\swenum.sys -- (swenum)
DRV - [2008/04/13 14:39:52 | 000,007,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mskssrv.sys -- (MSKSSRV)
DRV - [2008/04/13 14:39:51 | 000,004,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mspqm.sys -- (MSPQM)
DRV - [2008/04/13 14:39:50 | 000,005,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mspclock.sys -- (MSPCLOCK)
DRV - [2008/04/13 14:39:48 | 000,014,592 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid)
DRV - [2008/04/13 14:39:47 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\kbdclass.sys -- (Kbdclass)
DRV - [2008/04/13 14:39:46 | 000,384,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\update.sys -- (Update)
DRV - [2008/04/13 14:39:46 | 000,042,368 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\mountmgr.sys -- (MountMgr)
DRV - [2008/04/13 14:36:52 | 000,073,472 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- C:\WINDOWS\system32\drivers\sr.sys -- (sr)
DRV - [2008/04/13 14:36:46 | 000,015,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mssmbios.sys -- (mssmbios)
DRV - [2008/04/13 14:36:44 | 000,068,224 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\pci.sys -- (PCI)
DRV - [2008/04/13 14:36:43 | 000,120,192 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\drivers\pcmcia.sys -- (Pcmcia)
DRV - [2008/04/13 14:36:41 | 000,037,248 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\isapnp.sys -- (isapnp)
DRV - [2008/04/13 14:36:40 | 000,042,240 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\viaagp.sys -- (viaagp)
DRV - [2008/04/13 14:36:39 | 000,044,928 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\agpCPQ.sys -- (agpCPQ)
DRV - [2008/04/13 14:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 14:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 14:36:38 | 000,042,752 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\alim1541.sys -- (alim1541)
DRV - [2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\agp440.sys -- (agp440)
DRV - [2008/04/13 14:36:35 | 000,187,776 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\acpi.sys -- (ACPI)
DRV - [2008/04/13 14:33:28 | 000,044,544 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\fips.sys -- (Fips)
DRV - [2008/04/13 14:32:59 | 000,129,792 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- C:\WINDOWS\system32\drivers\fltmgr.sys -- (FltMgr)
DRV - [2008/04/13 14:32:51 | 000,196,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rdpdr.sys -- (rdpdr)
DRV - [2008/04/13 14:32:44 | 000,180,608 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\mrxdav.sys -- (MRxDAV)
DRV - [2008/04/13 14:32:39 | 000,030,848 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\npfs.sys -- (Npfs)
DRV - [2008/04/13 14:32:39 | 000,019,072 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\msfs.sys -- (Msfs)
DRV - [2008/04/13 14:32:36 | 000,066,048 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\system32\drivers\udfs.sys -- (Udfs)
DRV - [2008/04/13 14:31:32 | 000,036,352 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\intelppm.sys -- (intelppm)
DRV - [2008/04/13 12:39:23 | 000,142,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\aec.sys -- (aec)
DRV - [2007/11/13 06:25:53 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/03/11 17:37:20 | 000,018,003 | ---- | M] (Motive, Inc.) [Kernel | On_Demand] -- C:\Program Files\Common Files\Motive\MRENDIS5.sys -- (MRENDIS5)
DRV - [2007/03/11 17:37:19 | 000,019,345 | ---- | M] (Motive, Inc.) [Kernel | On_Demand] -- C:\Program Files\Common Files\Motive\MREMPR5.sys -- (MREMPR5)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2007/02/16 14:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2007/02/15 19:11:28 | 000,011,440 | ---- | M] (Wacom Technology) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\WacomVKHid.sys -- (WacomVKHid)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/09/28 21:00:34 | 000,082,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\WudfRd.sys -- (WudfRd)
DRV - [2006/09/28 20:55:50 | 000,077,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\WudfPf.sys -- (WudfPf)
DRV - [2006/06/13 05:20:00 | 000,094,460 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\dla\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/06/13 05:20:00 | 000,088,476 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\dla\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/06/13 05:20:00 | 000,086,844 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\dla\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/06/13 05:20:00 | 000,025,724 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\dla\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/06/13 05:20:00 | 000,014,716 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\dla\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/06/13 05:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\dla\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/06/13 05:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\dla\DLADResN.SYS -- (DLADResN)
DRV - [2006/06/12 03:30:00 | 000,089,264 | ---- | M] (Sonic Solutions) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\DRVMCDB.SYS -- (drvmcdb)
DRV - [2006/03/17 08:35:24 | 000,005,660 | ---- | M] (Sonic Solutions) [File_System | System] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/03/17 08:34:46 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2006/03/17 05:20:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (drvnddm)
DRV - [2006/01/11 11:48:28 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2005/09/20 11:00:54 | 001,302,332 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm)
DRV - [2005/03/22 19:08:40 | 000,260,224 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm)
DRV - [2004/09/17 16:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2004/08/04 07:00:00 | 000,032,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ipfltdrv.sys -- (IpFilterDriver)
DRV - [2004/08/04 07:00:00 | 000,032,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nwlnkfwd.sys -- (NwlnkFwd)
DRV - [2004/08/04 07:00:00 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\cdaudio.sys -- (Cdaudio)
DRV - [2004/08/04 07:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/08/04 07:00:00 | 000,016,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\raspti.sys -- (Raspti)
DRV - [2004/08/04 07:00:00 | 000,012,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nwlnkflt.sys -- (NwlnkFlt)
DRV - [2004/08/04 07:00:00 | 000,011,648 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\drivers\acpiec.sys -- (ACPIEC)
DRV - [2004/08/04 07:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\rasacd.sys -- (RasAcd)
DRV - [2004/08/04 07:00:00 | 000,007,936 | ---- | M] (Microsoft Corporation) [Recognizer | System] -- C:\WINDOWS\system32\drivers\fs_rec.sys -- (Fs_Rec)
DRV - [2004/08/04 07:00:00 | 000,006,784 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\drivers\parvdm.sys -- (ParVdm)
DRV - [2004/08/04 07:00:00 | 000,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) [Kernel | Disabled] -- C:\WINDOWS\system32\drivers\dmload.sys -- (dmload)
DRV - [2004/08/04 07:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\rdpcdd.sys -- (RDPCDD)
DRV - [2004/08/04 07:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\mnmdd.sys -- (mnmdd)
DRV - [2004/08/04 07:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\beep.sys -- (Beep)
DRV - [2004/08/04 07:00:00 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\null.sys -- (Null)
DRV - [2004/08/04 07:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) [Adapter | On_Demand] -- C:\WINDOWS\system32\winsock.dll -- (Winsock)
DRV - [2004/08/04 00:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/06/16 05:52:40 | 000,061,157 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53)
DRV - [2004/03/08 13:55:50 | 000,013,567 | ---- | M] (B.H.A Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2004/03/06 06:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52)
DRV - [2004/03/06 06:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51)
DRV - [2004/03/06 06:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt)
DRV - [2004/02/10 22:49:14 | 000,154,112 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B) Intel(R)
DRV - [2001/08/17 16:07:44 | 000,025,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\hpn.sys -- (hpn)
DRV - [2001/08/17 16:07:44 | 000,020,192 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\dpti2o.sys -- (dpti2o)
DRV - [2001/08/17 16:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 16:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 16:07:42 | 000,005,504 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\perc2hib.sys -- (perc2hib)
DRV - [2001/08/17 16:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 16:07:40 | 000,027,296 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\perc2.sys -- (perc2)
DRV - [2001/08/17 16:07:38 | 000,056,960 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\aic78xx.sys -- (aic78xx)
DRV - [2001/08/17 16:07:36 | 000,055,168 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\aic78u2.sys -- (aic78u2)
DRV - [2001/08/17 16:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 16:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 16:07:32 | 000,101,888 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\adpu160m.sys -- (adpu160m)
DRV - [2001/08/17 15:59:44 | 000,003,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\audstub.sys -- (audstub)
DRV - [2001/08/17 15:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 15:52:50 | 000,125,056 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ftdisk.sys -- (Ftdisk)
DRV - [2001/08/17 15:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 15:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 15:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 15:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 15:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 15:52:16 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ql1240.sys -- (ql1240)
DRV - [2001/08/17 15:52:16 | 000,033,152 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ql10wnt.sys -- (Ql10wnt)
DRV - [2001/08/17 15:52:16 | 000,014,720 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\dac960nt.sys -- (dac960nt)
DRV - [2001/08/17 15:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 15:52:08 | 000,016,000 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ini910u.sys -- (ini910u)
DRV - [2001/08/17 15:52:08 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\drivers\cbidf2k.sys -- (cbidf2k)
DRV - [2001/08/17 15:52:08 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\cbidf2k.sys -- (cbidf)
DRV - [2001/08/17 15:52:06 | 000,014,976 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\cpqarray.sys -- (Cpqarray)
DRV - [2001/08/17 15:52:06 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys -- (cd20xrnt)
DRV - [2001/08/17 15:52:04 | 000,022,400 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\asc3350p.sys -- (asc3350p)
DRV - [2001/08/17 15:52:04 | 000,012,032 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\amsint.sys -- (amsint)
DRV - [2001/08/17 15:52:02 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\aha154x.sys -- (Aha154x)
DRV - [2001/08/17 15:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 15:52:00 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS -- (abp480n5)
DRV - [2001/08/17 15:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 15:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 15:51:56 | 000,004,992 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\toside.sys -- (TosIde)
DRV - [2001/08/17 15:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 15:51:52 | 000,003,328 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\pciide.sys -- (PCIIde)
DRV - [2001/08/17 14:48:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mouhid.sys -- (mouhid)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en
IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\Software\Microsoft\Internet Explorer\Search,Start Page = http://www.google.com/ig/dell?hl=en

IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/dell?hl=en
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com/hws/sb/dell/en/side.html
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/dell?hl=en
IE - HKU\Administrator_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Shearon_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en
IE - HKU\Shearon_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\Shearon_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\Shearon_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\Shearon_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\Shearon_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://netservices.verizon.net/portal/link/main/vzcentral
IE - HKU\Shearon_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\Shearon_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKU\Shearon_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Shearon_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;*.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2010/04/17 08:57:24 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2009/11/11 22:10:29 | 000,000,155 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 91.212.127.227 osawarepro2009.microsoft.com
O1 - Hosts: 91.212.127.227 osawarepro2009.com
O1 - Hosts: 91.212.127.227 www.osawarepro2009.com
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5104.1546\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll (Google)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\Shearon_ON_C\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\Shearon_ON_C\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKU\Shearon_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\Shearon_ON_C\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\dla\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [DVDLauncher] C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe (HP)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.EXE (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MimBoot] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mimboot.exe (Musicmatch, Inc.)
O4 - HKLM..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe (Musicmatch, Inc.)
O4 - HKLM..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe File not found
O4 - HKLM..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe (OLYMPUS IMAGING CORP.)
O4 - HKLM..\Run: [QuickTime Task] C:\PROGRAM FILES\QUICKTIME\QTTASK.EXE (Apple Inc.)
O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UfSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe File not found
O4 - HKU\Administrator_ON_C..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\Administrator_ON_C..\Run: [OE_OEM] C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe File not found
O4 - HKU\Shearon_ON_C..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe (Creative Technology Ltd)
O4 - HKU\Shearon_ON_C..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\Shearon_ON_C..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\Shearon_ON_C..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKU\Shearon_ON_C..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe (Electronic Arts)
O4 - HKU\Shearon_ON_C..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKU\Shearon_ON_C..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (Trend Micro Inc.)
O4 - HKU\Shearon_ON_C..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe (OLYMPUS IMAGING CORP.)
O4 - HKU\Shearon_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\Shearon_ON_C..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe File not found
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Shearon\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (Sony Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Shearon_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Shearon_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.3.5.cab (DLM Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://by103fd.bay103.hotmail.msn.com/resources/MsnPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1155654076671 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://javadl-esd.sun.com/update/1.6.0/jinstall-6-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

BillB · 2010/05/11

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - ( ) - (Registry value not found)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl ") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 15:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2004/08/10 14:52:56 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 90 Days ==========

[2010/05/10 14:55:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Macromedia
[2010/05/10 14:55:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Identities
[2010/05/10 14:55:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Google
[2010/05/10 14:55:24 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Application Data\Microsoft
[2010/05/10 14:55:24 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Application Data
[2010/05/10 14:55:24 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Favorites
[2010/05/10 14:55:24 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\Cookies
[2010/05/10 14:55:24 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Local Settings
[2010/05/10 14:55:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Wildtangent
[2010/05/10 14:55:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Sun
[2010/05/10 14:55:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Musicmatch
[2010/05/10 14:55:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft
[2010/05/10 14:55:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
[2010/05/10 14:55:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop
[2010/05/10 14:55:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\ApplicationHistory
[2010/05/10 14:55:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142030}
[2010/05/10 14:55:23 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\SendTo
[2010/05/10 14:55:23 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2010/05/10 14:55:23 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu
[2010/05/10 14:55:23 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Pictures
[2010/05/10 14:55:23 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Music
[2010/05/10 14:55:23 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents
[2010/05/10 14:55:23 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Templates
[2010/05/10 14:55:23 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\PrintHood
[2010/05/10 14:55:23 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\NetHood
[2010/05/10 12:01:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shearon\Application Data\Malwarebytes
[2010/05/10 12:00:53 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/05/10 12:00:51 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/05/10 12:00:47 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/05/10 11:59:56 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Shearon\Desktop\mbam-setup-1.46.exe
[2010/05/02 14:00:19 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\NetworkService\PrivacIE
[2010/04/27 16:43:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Google
[2010/04/19 17:56:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2010/04/19 12:15:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/04/19 12:15:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/04/17 17:46:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\My Documents
[2010/04/16 16:02:40 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\NetworkService\IETldCache
[2010/04/16 16:02:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/04/16 16:01:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/04/16 16:01:56 | 000,000,000 | R--D | C] -- C:\Documents and Settings\NetworkService\Favorites
[2010/04/16 16:01:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/04/11 21:14:40 | 000,000,000 | ---D | C] -- C:\spoolerlogs
[2010/03/24 13:25:12 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2010/03/24 13:25:12 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2010/03/24 13:25:12 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2010/03/24 13:25:11 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2010/03/24 13:25:11 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2010/03/24 13:25:11 | 000,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2010/03/24 13:25:11 | 000,000,000 | ---D | C] -- C:\481f3344196146eafc
[2010/03/24 10:16:07 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2010/03/24 10:15:31 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2010/02/12 00:33:11 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\6to4svc.dll
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/05/11 16:36:13 | 000,233,472 | ---- | M] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
[2010/05/11 16:36:13 | 000,233,472 | ---- | M] () -- C:\Documents and Settings\LocalService\ntuser.dat
[2010/05/11 16:36:11 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/11 16:36:06 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/11 16:36:01 | 004,718,592 | ---- | M] () -- C:\Documents and Settings\Shearon\ntuser.dat
[2010/05/11 16:36:01 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Shearon\ntuser.ini
[2010/05/11 16:25:25 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/05/11 16:24:51 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/11 16:24:37 | 1071,697,920 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/10 22:48:05 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/10 16:09:10 | 000,786,432 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010/05/10 16:09:10 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/05/10 14:33:56 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\26962.exe
[2010/05/10 14:13:56 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\29358.exe
[2010/05/10 13:53:56 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\11478.exe
[2010/05/10 13:33:55 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\15724.exe
[2010/05/10 13:13:55 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\19169.exe
[2010/05/10 12:53:55 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\26500.exe
[2010/05/10 12:33:55 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\6334.exe
[2010/05/10 12:13:55 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\18467.exe
[2010/05/10 11:56:54 | 008,206,880 | ---- | M] () -- C:\Documents and Settings\Shearon\Desktop\SUPERAntiSpyware.exe
[2010/05/10 11:56:24 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Shearon\Desktop\mbam-setup-1.46.exe
[2010/05/10 11:52:50 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/10 11:52:30 | 000,015,550 | -HS- | M] () -- C:\Documents and Settings\Shearon\Local Settings\Application Data\b08620CF7A25y
[2010/05/02 16:00:47 | 004,322,212 | -H-- | M] () -- C:\Documents and Settings\Shearon\Local Settings\Application Data\IconCache.db
[2010/05/02 15:19:17 | 000,015,530 | -HS- | M] () -- C:\Documents and Settings\Shearon\Local Settings\Application Data\3962242619
[2010/05/02 15:14:46 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\16541.exe
[2010/05/02 14:54:46 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\22929.exe
[2010/05/02 14:34:46 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\2082.exe
[2010/05/02 14:14:46 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\16118.exe
[2010/05/02 13:54:45 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\21538.exe
[2010/05/02 13:34:45 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\5537.exe
[2010/05/02 13:14:45 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\11323.exe
[2010/05/02 12:54:45 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\24626.exe
[2010/05/02 12:34:45 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\32439.exe
[2010/05/02 12:14:45 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\16944.exe
[2010/05/02 11:54:44 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\26308.exe
[2010/05/02 11:34:44 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\13931.exe
[2010/05/02 11:14:44 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\7376.exe
[2010/05/02 10:54:44 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\4966.exe
[2010/05/02 10:34:44 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\11840.exe
[2010/05/02 10:14:43 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\18756.exe
[2010/05/02 09:54:43 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\19954.exe
[2010/05/02 09:34:43 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\24084.exe
[2010/05/02 09:14:43 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\12623.exe
[2010/05/02 08:54:43 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\19629.exe
[2010/05/02 08:34:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\3548.exe
[2010/05/02 08:14:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\24393.exe
[2010/05/02 07:54:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\31101.exe
[2010/05/02 07:34:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\15006.exe
[2010/05/02 07:14:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\15350.exe
[2010/05/02 06:54:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\24370.exe
[2010/05/02 06:34:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\6729.exe
[2010/05/02 06:14:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\15890.exe
[2010/05/02 05:54:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\23805.exe
[2010/05/02 05:34:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\27446.exe
[2010/05/02 05:14:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\22648.exe
[2010/05/02 04:54:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\19264.exe
[2010/05/02 04:34:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\8942.exe
[2010/05/02 04:14:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\9040.exe
[2010/05/02 03:54:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\30106.exe
[2010/05/02 03:34:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\288.exe
[2010/05/02 03:14:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\1842.exe
[2010/05/02 02:54:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\22190.exe
[2010/05/02 02:34:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\3035.exe
[2010/05/02 02:14:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\12316.exe
[2010/05/02 01:54:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\778.exe
[2010/05/02 01:34:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\27529.exe
[2010/05/02 01:14:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\9741.exe
[2010/05/02 00:54:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\8723.exe
[2010/05/02 00:34:39 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\12859.exe
[2010/05/02 00:14:39 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\20037.exe
[2010/05/01 23:54:39 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\32757.exe
[2010/05/01 23:34:39 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\32662.exe
[2010/05/01 23:14:39 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\27644.exe
[2010/05/01 22:54:39 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\25547.exe
[2010/05/01 22:34:39 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\6868.exe
[2010/05/01 22:14:39 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\28253.exe
[2010/05/01 21:54:39 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\7711.exe
[2010/05/01 21:34:39 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\15141.exe
[2010/05/01 21:14:38 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\4664.exe
[2010/05/01 20:54:38 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\17673.exe
[2010/05/01 20:34:38 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\30333.exe
[2010/05/01 20:14:38 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\31322.exe
[2010/05/01 19:54:38 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\23811.exe
[2010/05/01 19:34:38 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\28703.exe
[2010/05/01 19:14:38 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\9894.exe
[2010/05/01 18:54:38 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\17035.exe
[2010/05/01 18:34:38 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\26299.exe
[2010/05/01 18:14:38 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\25667.exe
[2010/05/01 17:54:37 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\19912.exe
[2010/05/01 17:34:37 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\1869.exe
[2010/05/01 17:14:37 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\11538.exe
[2010/05/01 16:54:37 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\14771.exe
[2010/05/01 16:34:37 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\21726.exe
[2010/05/01 16:21:41 | 000,043,190 | ---- | M] () -- C:\Documents and Settings\Shearon\Application Data\wklnhst.dat
[2010/05/01 16:14:37 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\5447.exe
[2010/05/01 15:54:37 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\19895.exe
[2010/05/01 15:34:37 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\19718.exe
[2010/05/01 15:14:37 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\18716.exe
[2010/05/01 14:54:36 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\17421.exe
[2010/05/01 14:34:36 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\12382.exe
[2010/05/01 14:14:36 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\292.exe
[2010/05/01 13:54:35 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\153.exe
[2010/05/01 13:34:34 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\3902.exe
[2010/05/01 13:14:34 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\14604.exe
[2010/05/01 12:54:33 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\32391.exe
[2010/05/01 12:34:32 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\5436.exe
[2010/05/01 12:14:32 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\4827.exe
[2010/05/01 11:54:28 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\11942.exe
[2010/05/01 11:34:27 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\2995.exe
[2010/05/01 11:14:27 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\491.exe
[2010/05/01 10:54:27 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\9961.exe
[2010/05/01 10:34:26 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\16827.exe
[2010/05/01 10:14:26 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\23281.exe
[2010/05/01 09:54:26 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\28145.exe
[2010/05/01 09:34:23 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\5705.exe
[2010/05/01 09:14:22 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\24464.exe
[2010/04/30 17:31:55 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/27 18:00:58 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/27 17:00:31 | 000,632,744 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/04/27 17:00:31 | 000,537,782 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/04/27 17:00:31 | 000,103,700 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/04/26 18:20:31 | 000,000,992 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/04/25 20:34:56 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Shearon\Desktop\Orthodontist excuse.doc
[2010/04/18 21:00:43 | 000,001,056 | -HS- | M] () -- C:\Documents and Settings\Shearon\Local Settings\Application Data\1LKwMuQ
[2010/04/16 15:59:11 | 000,016,316 | -HS- | M] () -- C:\Documents and Settings\Shearon\Local Settings\Application Data\i202
[2010/04/16 15:54:55 | 000,016,234 | -HS- | M] () -- C:\Documents and Settings\Shearon\Local Settings\Application Data\4268715663
[2010/04/10 09:56:33 | 000,064,448 | ---- | M] () -- C:\Documents and Settings\Shearon\Application Data\GDIPFONTCACHEV1.DAT
[2010/04/02 08:20:28 | 000,027,648 | ---- | M] () -- C:\Documents and Settings\Shearon\Desktop\ohheystupidspanishpresentation.doc
[2010/03/28 20:38:10 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\Shearon\My Documents\BLARGH ENGLISH HOMEWORK.doc
[2010/03/24 13:41:23 | 000,064,448 | ---- | M] () -- C:\Documents and Settings\Shearon\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/03/24 13:40:34 | 000,248,696 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/03/24 08:09:42 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\Shearon\Desktop\spanishpresentation.doc
[2010/03/14 17:50:27 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\Shearon\My Documents\Rhetorical Ehrenreich.doc
[2010/03/10 02:15:52 | 000,420,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\vbscript.dll
[2010/03/10 02:15:52 | 000,420,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vbscript.dll
[2010/02/28 19:52:34 | 000,000,528 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/02/25 22:59:43 | 000,033,792 | ---- | M] () -- C:\Documents and Settings\Shearon\Desktop\Home Made Bagel Recipe.doc
[2010/02/25 18:00:31 | 000,034,816 | ---- | M] () -- C:\Documents and Settings\Shearon\Desktop\Field experience project2.doc
[2010/02/25 17:39:46 | 000,039,936 | ---- | M] () -- C:\Documents and Settings\Shearon\Desktop\Field Experience project.doc
[2010/02/25 16:40:28 | 000,045,568 | ---- | M] () -- C:\Documents and Settings\Shearon\Desktop\Annual salary expenses.doc
[2010/02/25 11:54:36 | 011,070,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2010/02/25 02:24:37 | 001,209,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll
[2010/02/25 02:24:37 | 000,916,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll
[2010/02/25 02:24:37 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mstime.dll
[2010/02/25 02:24:37 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstime.dll
[2010/02/25 02:24:37 | 000,206,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\occache.dll
[2010/02/25 02:24:36 | 005,944,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2010/02/25 02:24:35 | 001,985,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2010/02/25 02:24:35 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcpl.cpl
[2010/02/25 02:24:35 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcpl.cpl
[2010/02/25 02:24:35 | 000,594,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeeds.dll
[2010/02/25 02:24:35 | 000,594,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2010/02/25 02:24:35 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iepeers.dll
[2010/02/25 02:24:35 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll
[2010/02/25 02:24:35 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedsbs.dll
[2010/02/25 02:24:35 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2010/02/25 02:24:35 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jsproxy.dll
[2010/02/25 02:24:35 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll
[2010/02/25 02:24:34 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll
[2010/02/25 02:24:34 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedkcs32.dll
[2010/02/24 18:31:42 | 000,030,720 | ---- | M] () -- C:\Documents and Settings\Shearon\Desktop\BTW VS WEBD.doc
[2010/02/24 09:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2010/02/24 05:54:25 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe
[2010/02/24 05:54:25 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ie4uinit.exe
[2010/02/20 13:16:14 | 000,026,112 | ---- | M] () -- C:\Documents and Settings\Shearon\Desktop\Simple Bagels recipe.doc
[2010/02/18 22:15:04 | 000,029,184 | ---- | M] () -- C:\Documents and Settings\Shearon\Desktop\THE GREAT GATSBY 2.doc
[2010/02/18 19:43:40 | 000,014,819 | ---- | M] () -- C:\Documents and Settings\Shearon\Desktop\THE GREAT GATSBY.docx
[2010/02/17 23:58:40 | 000,022,016 | ---- | M] () -- C:\Documents and Settings\Shearon\Desktop\THE GREAT GATSBY.doc
[2010/02/17 09:10:28 | 002,189,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ntoskrnl.exe
[2010/02/17 09:10:28 | 002,189,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2010/02/16 10:08:49 | 002,146,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2010/02/16 09:25:04 | 002,066,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ntkrnlpa.exe
[2010/02/16 09:25:04 | 002,066,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2010/02/16 09:25:04 | 002,024,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2010/02/14 14:47:01 | 000,013,278 | -HS- | M] () -- C:\Documents and Settings\Shearon\Local Settings\Application Data\R4AlO7HdsW5
[2010/02/12 00:33:11 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\6to4svc.dll
[2010/02/11 08:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tcpip6.sys
[2010/02/11 08:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcpip6.sys
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/10 19:58:01 | 1071,697,920 | -HS- | C] () -- C:\hiberfil.sys
[2010/05/10 14:55:23 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\Administrator\ntuser.dat.LOG
[2010/05/10 14:55:23 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/05/10 14:55:22 | 000,786,432 | -H-- | C] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010/05/10 12:00:10 | 008,206,880 | ---- | C] () -- C:\Documents and Settings\Shearon\Desktop\SUPERAntiSpyware.exe
[2010/05/02 15:14:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\16541.exe
[2010/05/02 14:54:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\22929.exe
[2010/05/02 14:34:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\2082.exe
[2010/05/02 14:14:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\16118.exe
[2010/05/02 13:54:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\21538.exe
[2010/05/02 13:34:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\5537.exe
[2010/05/02 13:14:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\11323.exe
[2010/05/02 12:54:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\24626.exe
[2010/05/02 12:34:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\32439.exe
[2010/05/02 12:14:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\16944.exe
[2010/05/02 11:54:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\26308.exe
[2010/05/02 11:34:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\13931.exe
[2010/05/02 11:14:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\7376.exe
[2010/05/02 10:54:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\4966.exe
[2010/05/02 10:34:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\11840.exe
[2010/05/02 10:14:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\18756.exe
[2010/05/02 09:54:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\19954.exe
[2010/05/02 09:34:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\24084.exe
[2010/05/02 09:14:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\12623.exe
[2010/05/02 08:54:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\19629.exe
[2010/05/02 08:34:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\3548.exe
[2010/05/02 08:14:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\24393.exe
[2010/05/02 07:54:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\31101.exe
[2010/05/02 07:34:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\15006.exe
[2010/05/02 07:14:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\15350.exe
[2010/05/02 06:54:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\24370.exe
[2010/05/02 06:34:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\6729.exe
[2010/05/02 06:14:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\15890.exe
[2010/05/02 05:54:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\23805.exe
[2010/05/02 05:34:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\27446.exe
[2010/05/02 05:14:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\22648.exe
[2010/05/02 04:54:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\19264.exe
[2010/05/02 04:34:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\8942.exe
[2010/05/02 04:14:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\9040.exe
[2010/05/02 03:54:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\30106.exe
[2010/05/02 03:34:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\288.exe
[2010/05/02 03:14:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\1842.exe
[2010/05/02 02:54:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\22190.exe
[2010/05/02 02:34:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\3035.exe
[2010/05/02 02:14:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\12316.exe
[2010/05/02 01:54:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\778.exe
[2010/05/02 01:34:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\27529.exe
[2010/05/02 01:14:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\9741.exe
[2010/05/02 00:54:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\8723.exe
[2010/05/02 00:34:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\12859.exe
[2010/05/02 00:14:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\20037.exe
[2010/05/01 23:54:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\32757.exe
[2010/05/01 23:34:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\32662.exe
[2010/05/01 23:14:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\27644.exe
[2010/05/01 22:54:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\25547.exe
[2010/05/01 22:34:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\6868.exe
[2010/05/01 22:14:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\28253.exe
[2010/05/01 21:54:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\7711.exe
[2010/05/01 21:34:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\15141.exe
[2010/05/01 21:14:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\4664.exe
[2010/05/01 20:54:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\17673.exe
[2010/05/01 20:34:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\30333.exe
[2010/05/01 20:14:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\31322.exe
[2010/05/01 19:54:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\23811.exe
[2010/05/01 19:34:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\28703.exe
[2010/05/01 19:14:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\9894.exe
[2010/05/01 18:54:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\17035.exe
[2010/05/01 18:34:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\26299.exe
[2010/05/01 18:14:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\25667.exe
[2010/05/01 17:54:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\19912.exe
[2010/05/01 17:34:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\1869.exe
[2010/05/01 17:14:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\11538.exe
[2010/05/01 16:54:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\14771.exe
[2010/05/01 16:34:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\21726.exe
[2010/05/01 16:14:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\5447.exe
[2010/05/01 15:54:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\19895.exe
[2010/05/01 15:34:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\19718.exe
[2010/05/01 15:14:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\18716.exe
[2010/05/01 14:54:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\17421.exe
[2010/05/01 14:34:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\12382.exe
[2010/05/01 14:14:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\292.exe
[2010/05/01 13:54:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\153.exe
[2010/05/01 13:34:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\3902.exe
[2010/05/01 13:14:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\14604.exe
[2010/05/01 12:54:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\32391.exe
[2010/05/01 12:34:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\5436.exe
[2010/05/01 12:14:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\4827.exe
[2010/05/01 11:54:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\11942.exe
[2010/05/01 11:34:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\2995.exe
[2010/05/01 11:14:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\491.exe
[2010/05/01 10:54:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\9961.exe
[2010/05/01 10:34:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\16827.exe
[2010/05/01 10:14:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\23281.exe
[2010/05/01 09:54:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\28145.exe
[2010/05/01 09:34:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\5705.exe
[2010/04/27 10:35:00 | 000,015,530 | -HS- | C] () -- C:\Documents and Settings\Shearon\Local Settings\Application Data\3962242619
[2010/04/26 19:58:33 | 000,015,550 | -HS- | C] () -- C:\Documents and Settings\Shearon\Local Settings\Application Data\b08620CF7A25y
[2010/04/19 12:04:25 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/19 12:04:25 | 000,000,992 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/04/18 21:00:01 | 000,001,056 | -HS- | C] () -- C:\Documents and Settings\Shearon\Local Settings\Application Data\1LKwMuQ
[2010/04/18 18:31:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\24464.exe
[2010/04/18 18:10:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\26962.exe
[2010/04/18 17:50:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\29358.exe
[2010/04/18 17:29:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\11478.exe
[2010/04/18 17:09:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\15724.exe
[2010/04/18 16:48:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\19169.exe
[2010/04/18 16:28:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\26500.exe
[2010/04/18 16:07:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\6334.exe
[2010/04/18 15:47:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\18467.exe
[2010/04/16 15:54:54 | 000,016,234 | -HS- | C] () -- C:\Documents and Settings\Shearon\Local Settings\Application Data\4268715663
[2010/04/14 19:28:28 | 000,016,316 | -HS- | C] () -- C:\Documents and Settings\Shearon\Local Settings\Application Data\i202
[2010/04/13 01:14:14 | 004,718,592 | ---- | C] () -- C:\Documents and Settings\Shearon\ntuser.dat
[2010/04/02 08:22:25 | 000,027,648 | ---- | C] () -- C:\Documents and Settings\Shearon\Desktop\ohheystupidspanishpresentation.doc
[2010/03/28 19:46:23 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\Shearon\My Documents\BLARGH ENGLISH HOMEWORK.doc
[2010/03/24 08:07:54 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\Shearon\Desktop\spanishpresentation.doc
[2010/03/14 17:50:27 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\Shearon\My Documents\Rhetorical Ehrenreich.doc
[2010/02/25 22:59:43 | 000,033,792 | ---- | C] () -- C:\Documents and Settings\Shearon\Desktop\Home Made Bagel Recipe.doc
[2010/02/25 18:32:29 | 000,045,568 | ---- | C] () -- C:\Documents and Settings\Shearon\Desktop\Annual salary expenses.doc
[2010/02/25 18:00:31 | 000,034,816 | ---- | C] () -- C:\Documents and Settings\Shearon\Desktop\Field experience project2.doc
[2010/02/25 17:39:45 | 000,039,936 | ---- | C] () -- C:\Documents and Settings\Shearon\Desktop\Field Experience project.doc
[2010/02/24 18:34:12 | 000,030,720 | ---- | C] () -- C:\Documents and Settings\Shearon\Desktop\BTW VS WEBD.doc
[2010/02/20 13:16:09 | 000,026,112 | ---- | C] () -- C:\Documents and Settings\Shearon\Desktop\Simple Bagels recipe.doc
[2010/02/18 22:19:51 | 000,029,184 | ---- | C] () -- C:\Documents and Settings\Shearon\Desktop\THE GREAT GATSBY 2.doc
[2010/02/18 19:45:46 | 000,014,819 | ---- | C] () -- C:\Documents and Settings\Shearon\Desktop\THE GREAT GATSBY.docx
[2010/02/17 23:58:39 | 000,022,016 | ---- | C] () -- C:\Documents and Settings\Shearon\Desktop\THE GREAT GATSBY.doc
[2010/02/10 18:18:37 | 000,013,278 | -HS- | C] () -- C:\Documents and Settings\Shearon\Local Settings\Application Data\R4AlO7HdsW5
[2010/02/09 22:35:51 | 000,014,924 | -HS- | C] () -- C:\Documents and Settings\Shearon\Local Settings\Application Data\g52C
[2010/02/04 02:24:42 | 000,233,472 | ---- | C] () -- C:\Documents and Settings\LocalService\ntuser.dat
[2010/01/30 22:30:20 | 000,000,069 | ---- | C] () -- C:\Documents and Settings\Shearon\jagex_runescape_preferences2.dat
[2009/11/12 16:08:37 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Shearon\Local Settings\Application Data\housecall.guid.cache
[2008/10/19 20:23:48 | 000,016,472 | ---- | C] () -- C:\Documents and Settings\Shearon\Application Data\orytogul._dl
[2008/10/19 20:23:48 | 000,013,402 | ---- | C] () -- C:\Program Files\Common Files\icer.exe
[2008/10/19 20:23:47 | 000,019,347 | ---- | C] () -- C:\Program Files\Common Files\xuzynij.dll
[2008/10/19 20:23:47 | 000,019,300 | ---- | C] () -- C:\Program Files\Common Files\lekeki._dl
[2008/10/19 20:23:47 | 000,012,203 | ---- | C] () -- C:\Documents and Settings\Shearon\Local Settings\Application Data\viqulos.pif
[2008/10/19 20:23:47 | 000,010,565 | ---- | C] () -- C:\Documents and Settings\Shearon\Application Data\iburaled.sys
[2008/10/19 20:23:47 | 000,010,176 | ---- | C] () -- C:\Documents and Settings\Shearon\Local Settings\Application Data\aqoqeli._dl
[2008/08/13 15:26:34 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2008/07/01 13:28:32 | 000,000,039 | ---- | C] () -- C:\Documents and Settings\Shearon\jagex_runescape_preferences.dat
[2007/10/19 11:34:41 | 000,033,280 | ---- | C] () -- C:\Documents and Settings\Shearon\AndreaMStewartResume[1].doc
[2006/12/31 06:30:02 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\Shearon\Local Settings\Application Data\fusioncache.dat
[2006/05/25 19:56:17 | 000,006,048 | ---- | C] () -- C:\WINDOWS\System32\MCC16.dll
[2006/05/01 20:55:16 | 000,040,448 | ---- | C] () -- C:\Documents and Settings\Shearon\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/03/11 10:52:12 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/01/22 14:41:01 | 000,003,350 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/01/22 14:41:01 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\FEC64B8B21.sys
[2006/01/15 13:47:29 | 000,000,478 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2006/01/14 14:31:26 | 000,043,190 | ---- | C] () -- C:\Documents and Settings\Shearon\Application Data\wklnhst.dat
[2006/01/14 14:25:44 | 000,106,496 | -H-- | C] () -- C:\Documents and Settings\Shearon\ntuser.dat.LOG
[2006/01/14 14:25:44 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Shearon\ntuser.ini
[2006/01/11 12:03:52 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/01/11 11:57:21 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/01/11 11:49:00 | 000,000,906 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/01/11 11:21:54 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2006/01/11 11:21:50 | 000,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/05/04 20:59:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 21:08:13 | 000,233,472 | ---- | C] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
[2004/08/10 15:12:05 | 000,000,788 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 15:08:14 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\LocalService\ntuser.dat.LOG
[2004/08/10 15:08:14 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\LocalService\ntuser.ini
[2004/08/10 15:08:13 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\NetworkService\ntuser.dat.LOG
[2004/08/10 15:08:13 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\NetworkService\ntuser.ini
[2004/08/10 15:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/04 00:59:56 | 000,036,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\disk.sys

========== LOP Check ==========

[2007/06/10 13:37:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shearon\Application Data\Ambient Design
[2006/07/10 12:19:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shearon\Application Data\Leadertech
[2006/07/04 10:05:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shearon\Application Data\OLYMPUS
[2006/12/19 20:25:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shearon\Application Data\Template
[2007/02/19 17:02:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shearon\Application Data\Viewpoint

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

BillB · 2010/05/11

< MD5 for: AGP440.SYS >
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/05/28 09:38:05 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/05/28 09:38:05 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 01:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\i386\AGP440.SYS
[2004/08/04 01:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/05/28 09:38:05 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/05/28 09:38:05 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 00:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\i386\atapi.sys
[2004/08/04 00:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/04 00:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 07:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\i386\eventlog.dll
[2004/08/04 07:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 07:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004/08/04 07:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

< MD5 for: NETLOGON.DLL >
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\i386\netlogon.dll
[2004/08/04 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 07:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\i386\scecli.dll
[2004/08/04 07:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: USERINIT.EXE >
[2004/08/04 07:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\i386\userinit.exe
[2004/08/04 07:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/06/20 13:46:57 | 000,147,968 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dnsapi.dll
[2010/02/25 11:54:36 | 011,070,976 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ieframe.dll
[2010/02/25 02:24:35 | 001,985,536 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iertutil.dll
[2008/04/13 20:12:00 | 000,274,944 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\mstask.dll
[2008/04/13 20:12:02 | 000,067,072 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ntdsapi.dll
[2008/06/17 15:02:19 | 008,461,312 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\shell32.dll
[7 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2004/08/10 14:56:48 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/08/10 14:56:46 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/08/10 14:56:46 | 000,872,448 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

========== Files - Unicode (All) ==========
[2008/03/29 22:12:52 | 000,024,064 | ---- | M] ()(C:\Documents and Settings\Shearon\My Documents\?.doc) -- C:\Documents and Settings\Shearon\My Documents\ಥ.doc
[2008/03/29 22:12:52 | 000,024,064 | ---- | C] ()(C:\Documents and Settings\Shearon\My Documents\?.doc) -- C:\Documents and Settings\Shearon\My Documents\ಥ.doc
< End of report >

broni · 2010/05/11

Do this on the computer you are posting from:
Copy the text in the codebox below:

Code:

:OTL
O1 - Hosts: 91.212.127.227 osawarepro2009.microsoft.com
O1 - Hosts: 91.212.127.227 osawarepro2009.com
O1 - Hosts: 91.212.127.227 www.osawarepro2009.com
O4 - HKU\Shearon_ON_C..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\Shearon_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab  (Reg Error: Key error.)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\msdaipp - No CLSID value found
O20 - HKLM Winlogon: UserInit - ( ) - (Registry value not found)
[2010/05/10 14:33:56 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\26962.exe
[2010/05/10 14:13:56 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\29358.exe
[2010/05/10 13:53:56 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\11478.exe
[2010/05/10 13:33:55 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\15724.exe
[2010/05/10 13:13:55 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\19169.exe
[2010/05/10 12:53:55 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\26500.exe
[2010/05/10 12:33:55 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\6334.exe
[2010/05/10 12:13:55 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\18467.exe
[2010/05/10 11:52:30 | 000,015,550 | -HS- | M] () -- C:\Documents and Settings\Shearon\Local Settings\Application Data\b08620CF7A25y
[2010/05/02 15:19:17 | 000,015,530 | -HS- | M] () -- C:\Documents and Settings\Shearon\Local Settings\Application Data\3962242619
[2010/05/02 15:14:46 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\16541.exe
[2010/05/02 14:54:46 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\22929.exe
[2010/05/02 14:34:46 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\2082.exe
[2010/05/02 14:14:46 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\16118.exe
[2010/05/02 13:54:45 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\21538.exe
[2010/05/02 13:34:45 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\5537.exe
[2010/05/02 13:14:45 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\11323.exe
[2010/05/02 12:54:45 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\24626.exe
[2010/05/02 12:34:45 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\32439.exe
[2010/05/02 12:14:45 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\16944.exe
[2010/05/02 11:54:44 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\26308.exe
[2010/05/02 11:34:44 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\13931.exe
[2010/05/02 11:14:44 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\7376.exe
[2010/05/02 10:54:44 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\4966.exe
[2010/05/02 10:34:44 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\11840.exe
[2010/05/02 10:14:43 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\18756.exe
[2010/05/02 09:54:43 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\19954.exe
[2010/05/02 09:34:43 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\24084.exe
[2010/05/02 09:14:43 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\12623.exe
[2010/05/02 08:54:43 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\19629.exe
[2010/05/02 08:34:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\3548.exe
[2010/05/02 08:14:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\24393.exe
[2010/05/02 07:54:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\31101.exe
[2010/05/02 07:34:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\15006.exe
[2010/05/02 07:14:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\15350.exe
[2010/05/02 06:54:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\24370.exe
[2010/05/02 06:34:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\6729.exe
[2010/05/02 06:14:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\15890.exe
[2010/05/02 05:54:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\23805.exe
[2010/05/02 05:34:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\27446.exe
[2010/05/02 05:14:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\22648.exe
[2010/05/02 04:54:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\19264.exe
[2010/05/02 04:34:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\8942.exe
[2010/05/02 04:14:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\9040.exe
[2010/05/02 03:54:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\30106.exe
[2010/05/02 03:34:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\288.exe
[2010/05/02 03:14:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\1842.exe
[2010/05/02 02:54:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\22190.exe
[2010/05/02 02:34:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\3035.exe
[2010/05/02 02:14:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\12316.exe
[2010/05/02 01:54:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\778.exe
[2010/05/02 01:34:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\27529.exe
[2010/05/02 01:14:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\9741.exe
[2010/05/02 00:54:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\8723.exe
[2010/05/02 00:34:39 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\12859.exe
[2010/05/02 00:14:39 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\20037.exe
[2010/05/01 23:54:39 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\32757.exe
[2010/05/01 23:34:39 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\32662.exe
[2010/05/01 23:14:39 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\27644.exe
[2010/05/01 22:54:39 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\25547.exe
[2010/05/01 22:34:39 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\6868.exe
[2010/05/01 22:14:39 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\28253.exe
[2010/05/01 21:54:39 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\7711.exe
[2010/05/01 21:34:39 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\15141.exe
[2010/05/01 21:14:38 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\4664.exe
[2010/05/01 20:54:38 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\17673.exe
[2010/05/01 20:34:38 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\30333.exe
[2010/05/01 20:14:38 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\31322.exe
[2010/05/01 19:54:38 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\23811.exe
[2010/05/01 19:34:38 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\28703.exe
[2010/05/01 19:14:38 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\9894.exe
[2010/05/01 18:54:38 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\17035.exe
[2010/05/01 18:34:38 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\26299.exe
[2010/05/01 18:14:38 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\25667.exe
[2010/05/01 17:54:37 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\19912.exe
[2010/05/01 17:34:37 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\1869.exe
[2010/05/01 17:14:37 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\11538.exe
[2010/05/01 16:54:37 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\14771.exe
[2010/05/01 16:34:37 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\21726.exe
[2010/05/01 16:14:37 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\5447.exe
[2010/05/01 15:54:37 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\19895.exe
[2010/05/01 15:34:37 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\19718.exe
[2010/05/01 15:14:37 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\18716.exe
[2010/05/01 14:54:36 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\17421.exe
[2010/05/01 14:34:36 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\12382.exe
[2010/05/01 14:14:36 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\292.exe
[2010/05/01 13:54:35 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\153.exe
[2010/05/01 13:34:34 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\3902.exe
[2010/05/01 13:14:34 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\14604.exe
[2010/05/01 12:54:33 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\32391.exe
[2010/05/01 12:34:32 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\5436.exe
[2010/05/01 12:14:32 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\4827.exe
[2010/05/01 11:54:28 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\11942.exe
[2010/05/01 11:34:27 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\2995.exe
[2010/05/01 11:14:27 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\491.exe
[2010/05/01 10:54:27 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\9961.exe
[2010/05/01 10:34:26 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\16827.exe
[2010/05/01 10:14:26 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\23281.exe
[2010/05/01 09:54:26 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\28145.exe
[2010/05/01 09:34:23 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\5705.exe
[2010/05/01 09:14:22 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\24464.exe
[2010/04/18 21:00:43 | 000,001,056 | -HS- | M] () -- C:\Documents and Settings\Shearon\Local Settings\Application Data\1LKwMuQ
[2010/04/16 15:59:11 | 000,016,316 | -HS- | M] () -- C:\Documents and Settings\Shearon\Local Settings\Application Data\i202
[2010/04/16 15:54:55 | 000,016,234 | -HS- | M] () -- C:\Documents and Settings\Shearon\Local Settings\Application Data\4268715663
[2010/02/14 14:47:01 | 000,013,278 | -HS- | M] () -- C:\Documents and Settings\Shearon\Local Settings\Application Data\R4AlO7HdsW5
[2008/10/19 20:23:48 | 000,016,472 | ---- | C] () -- C:\Documents and Settings\Shearon\Application Data\orytogul._dl
[2008/10/19 20:23:48 | 000,013,402 | ---- | C] () -- C:\Program Files\Common Files\icer.exe
[2008/10/19 20:23:47 | 000,019,347 | ---- | C] () -- C:\Program Files\Common Files\xuzynij.dll
[2008/10/19 20:23:47 | 000,019,300 | ---- | C] () -- C:\Program Files\Common Files\lekeki._dl
[2008/10/19 20:23:47 | 000,012,203 | ---- | C] () -- C:\Documents and Settings\Shearon\Local Settings\Application Data\viqulos.pif
[2008/10/19 20:23:47 | 000,010,565 | ---- | C] () -- C:\Documents and Settings\Shearon\Application Data\iburaled.sys
[2008/10/19 20:23:47 | 000,010,176 | ---- | C] () -- C:\Documents and Settings\Shearon\Local Settings\Application Data\aqoqeli._dl
[2006/01/22 14:41:01 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\FEC64B8B21.sys


:Services

:Reg
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
 "Userinit "= "C:\WINDOWS\system32\userinit.exe, "

:Files

:Commands
[purity]
[emptytemp]

Open Notepad and paste it.
Save the document as Fix.txt on to a USB flash drive

On the infected computer the following...

Run OTLPE

Insert USB stick and find the file Fix.txt. Drag the file Fix.txt and drop it under the Custom Scans/Fixes box at the bottom.
- (The content of Fix.txt should appear in the box)
Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Post the log produced (you'll need to transfer it with USB stick)
Attempt to reboot normally into windows.

BillB · 2010/05/11

Normal reboot into windows was successful, it is now sitting at the desktop. Here is the fix log.

========== OTL ==========
91.212.127.227 osawarepro2009.microsoft.com removed from HOSTS file successfully
91.212.127.227 osawarepro2009.com removed from HOSTS file successfully
Registry value HKEY_USERS\Shearon_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\updateMgr deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSetActiveDesktop deleted successfully.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr deleted successfully.
Registry value HKEY_USERS\Shearon_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
File oft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab not found.
Starting removal of ActiveX control Microsoft XML Parser for Java
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
Registry key HKEY_USERS\Administrator_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
Registry key HKEY_USERS\LocalService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
Registry key HKEY_USERS\NetworkService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
Registry key HKEY_USERS\Shearon_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
Registry key HKEY_USERS\systemprofile_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ipp\ deleted successfully.
File Protocol\Handler\ipp - No CLSID value found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\ deleted successfully.
File Protocol\Handler\msdaipp - No CLSID value found not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit deleted successfully.
C:\WINDOWS\system32\26962.exe moved successfully.
C:\WINDOWS\system32\29358.exe moved successfully.
C:\WINDOWS\system32\11478.exe moved successfully.
C:\WINDOWS\system32\15724.exe moved successfully.
C:\WINDOWS\system32\19169.exe moved successfully.
C:\WINDOWS\system32\26500.exe moved successfully.
C:\WINDOWS\system32\6334.exe moved successfully.
C:\WINDOWS\system32\18467.exe moved successfully.
C:\Documents and Settings\Shearon\Local Settings\Application Data\b08620CF7A25y moved successfully.
C:\Documents and Settings\Shearon\Local Settings\Application Data\3962242619 moved successfully.
C:\WINDOWS\system32\16541.exe moved successfully.
C:\WINDOWS\system32\22929.exe moved successfully.
C:\WINDOWS\system32\2082.exe moved successfully.
C:\WINDOWS\system32\16118.exe moved successfully.
C:\WINDOWS\system32\21538.exe moved successfully.
C:\WINDOWS\system32\5537.exe moved successfully.
C:\WINDOWS\system32\11323.exe moved successfully.
C:\WINDOWS\system32\24626.exe moved successfully.
C:\WINDOWS\system32\32439.exe moved successfully.
C:\WINDOWS\system32\16944.exe moved successfully.
C:\WINDOWS\system32\26308.exe moved successfully.
C:\WINDOWS\system32\13931.exe moved successfully.
C:\WINDOWS\system32\7376.exe moved successfully.
C:\WINDOWS\system32\4966.exe moved successfully.
C:\WINDOWS\system32\11840.exe moved successfully.
C:\WINDOWS\system32\18756.exe moved successfully.
C:\WINDOWS\system32\19954.exe moved successfully.
C:\WINDOWS\system32\24084.exe moved successfully.
C:\WINDOWS\system32\12623.exe moved successfully.
C:\WINDOWS\system32\19629.exe moved successfully.
C:\WINDOWS\system32\3548.exe moved successfully.
C:\WINDOWS\system32\24393.exe moved successfully.
C:\WINDOWS\system32\31101.exe moved successfully.
C:\WINDOWS\system32\15006.exe moved successfully.
C:\WINDOWS\system32\15350.exe moved successfully.
C:\WINDOWS\system32\24370.exe moved successfully.
C:\WINDOWS\system32\6729.exe moved successfully.
C:\WINDOWS\system32\15890.exe moved successfully.
C:\WINDOWS\system32\23805.exe moved successfully.
C:\WINDOWS\system32\27446.exe moved successfully.
C:\WINDOWS\system32\22648.exe moved successfully.
C:\WINDOWS\system32\19264.exe moved successfully.
C:\WINDOWS\system32\8942.exe moved successfully.
C:\WINDOWS\system32\9040.exe moved successfully.
C:\WINDOWS\system32\30106.exe moved successfully.
C:\WINDOWS\system32\288.exe moved successfully.
C:\WINDOWS\system32\1842.exe moved successfully.
C:\WINDOWS\system32\22190.exe moved successfully.
C:\WINDOWS\system32\3035.exe moved successfully.
C:\WINDOWS\system32\12316.exe moved successfully.
C:\WINDOWS\system32\778.exe moved successfully.
C:\WINDOWS\system32\27529.exe moved successfully.
C:\WINDOWS\system32\9741.exe moved successfully.
C:\WINDOWS\system32\8723.exe moved successfully.
C:\WINDOWS\system32\12859.exe moved successfully.
C:\WINDOWS\system32\20037.exe moved successfully.
C:\WINDOWS\system32\32757.exe moved successfully.
C:\WINDOWS\system32\32662.exe moved successfully.
C:\WINDOWS\system32\27644.exe moved successfully.
C:\WINDOWS\system32\25547.exe moved successfully.
C:\WINDOWS\system32\6868.exe moved successfully.
C:\WINDOWS\system32\28253.exe moved successfully.
C:\WINDOWS\system32\7711.exe moved successfully.
C:\WINDOWS\system32\15141.exe moved successfully.
C:\WINDOWS\system32\4664.exe moved successfully.
C:\WINDOWS\system32\17673.exe moved successfully.
C:\WINDOWS\system32\30333.exe moved successfully.
C:\WINDOWS\system32\31322.exe moved successfully.
C:\WINDOWS\system32\23811.exe moved successfully.
C:\WINDOWS\system32\28703.exe moved successfully.
C:\WINDOWS\system32\9894.exe moved successfully.
C:\WINDOWS\system32\17035.exe moved successfully.
C:\WINDOWS\system32\26299.exe moved successfully.
C:\WINDOWS\system32\25667.exe moved successfully.
C:\WINDOWS\system32\19912.exe moved successfully.
C:\WINDOWS\system32\1869.exe moved successfully.
C:\WINDOWS\system32\11538.exe moved successfully.
C:\WINDOWS\system32\14771.exe moved successfully.
C:\WINDOWS\system32\21726.exe moved successfully.
C:\WINDOWS\system32\5447.exe moved successfully.
C:\WINDOWS\system32\19895.exe moved successfully.
C:\WINDOWS\system32\19718.exe moved successfully.
C:\WINDOWS\system32\18716.exe moved successfully.
C:\WINDOWS\system32\17421.exe moved successfully.
C:\WINDOWS\system32\12382.exe moved successfully.
C:\WINDOWS\system32\292.exe moved successfully.
C:\WINDOWS\system32\153.exe moved successfully.
C:\WINDOWS\system32\3902.exe moved successfully.
C:\WINDOWS\system32\14604.exe moved successfully.
C:\WINDOWS\system32\32391.exe moved successfully.
C:\WINDOWS\system32\5436.exe moved successfully.
C:\WINDOWS\system32\4827.exe moved successfully.
C:\WINDOWS\system32\11942.exe moved successfully.
C:\WINDOWS\system32\2995.exe moved successfully.
C:\WINDOWS\system32\491.exe moved successfully.
C:\WINDOWS\system32\9961.exe moved successfully.
C:\WINDOWS\system32\16827.exe moved successfully.
C:\WINDOWS\system32\23281.exe moved successfully.
C:\WINDOWS\system32\28145.exe moved successfully.
C:\WINDOWS\system32\5705.exe moved successfully.
C:\WINDOWS\system32\24464.exe moved successfully.
C:\Documents and Settings\Shearon\Local Settings\Application Data\1LKwMuQ moved successfully.
C:\Documents and Settings\Shearon\Local Settings\Application Data\i202 moved successfully.
C:\Documents and Settings\Shearon\Local Settings\Application Data\4268715663 moved successfully.
C:\Documents and Settings\Shearon\Local Settings\Application Data\R4AlO7HdsW5 moved successfully.
C:\Documents and Settings\Shearon\Application Data\orytogul._dl moved successfully.
C:\Program Files\Common Files\icer.exe moved successfully.
C:\Program Files\Common Files\xuzynij.dll moved successfully.
C:\Program Files\Common Files\lekeki._dl moved successfully.
C:\Documents and Settings\Shearon\Local Settings\Application Data\viqulos.pif moved successfully.
C:\Documents and Settings\Shearon\Application Data\iburaled.sys moved successfully.
C:\Documents and Settings\Shearon\Local Settings\Application Data\aqoqeli._dl moved successfully.
C:\WINDOWS\system32\FEC64B8B21.sys moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\\ "Userinit "| "C:\WINDOWS\system32\userinit.exe," /E : value set successfully!
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 41 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 41 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 69226029 bytes
->Flash cache emptied: 18147 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 81090802 bytes
->Flash cache emptied: 29608 bytes

User: Owner

User: Shearon
->Temp folder emptied: 2326638212 bytes
->Temporary Internet Files folder emptied: 474080163 bytes
->Java cache emptied: 106475114 bytes
->Flash cache emptied: 2536358 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 3624465 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 131344919 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 23951432 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 39683 bytes

Total Files Cleaned = 3,070.00 mb

OTLPE by OldTimer - Version 3.1.38.0 log created on 05112010_191015

broni · 2010/05/11

Excellent news

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.

WARNING: Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

Download HijackThis:
http://free.antivirus.com/hijackthis/
by clicking on Installer under Version 2.0.4
Install, and run it.
Post HijackTHis log.
Do NOT attempt to fix anything!

NOTE. If you're using Vista, or 7, right click on HijackThis, and click Run as Administrator

BillB · 2010/05/11

Broni,

While running Combofix, it said it had discovered rootkit activity and requested a reboot to fix it. When the machine rebooted, Combofix started running again before the desktop loaded. Apparently Trend Micro Internet Security has already started running, Combofix appears to have stalled and there is a pop-up from Trend Micro about blocking regt.cf.exe. The last message in the Combofix box is deleting folder C:\temp\17o7. I cannot get rid of the Trend Micro message either. What should I do now?

BillB · 2010/05/11

Ok, here are the logs, not sure if Combofix worked properly or not, Trend Micro seemed to interfere with it a lot. It finally issued prompts for me to allow Combofix to complete.

ComboFix 10-05-10.05 - Shearon 05/11/2010 18:58:50.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.715 [GMT -4:00]
Running from: c:\documents and settings\Shearon\Desktop\ComboFix.exe
AV: Trend Micro Internet Security *On-access scanning disabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: Trend Micro Personal Firewall *disabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\thesearchaccelerator
c:\program files\thesearchaccelerator\INSTALL.LOG
c:\program files\thesearchaccelerator\TBlogin.users.ucmore.com.4.5.40.0
c:\temp\17o7
c:\temp\17o7\tmpTF.log
c:\windows\huxyb.scr
c:\windows\nvDrv.sy

Infected copy of c:\windows\system32\drivers\disk.sys was found and disinfected
Restored copy from - Kitty had a snack
.
((((((((((((((((((((((((( Files Created from 2010-04-11 to 2010-05-11 )))))))))))))))))))))))))))))))
.

2010-05-11 23:10 . 2010-05-11 23:10 -------- d-----w- C:\_OTL
2010-05-10 16:01 . 2010-05-10 16:01 -------- d-----w- c:\documents and settings\Shearon\Application Data\Malwarebytes
2010-05-10 16:00 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-10 16:00 . 2010-05-10 16:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-05-10 16:00 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-10 16:00 . 2010-05-10 16:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-02 18:00 . 2010-05-02 18:00 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2010-04-19 21:56 . 2010-04-19 21:56 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2010-04-19 16:04 . 2010-04-30 21:31 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-19 16:04 . 2010-04-26 22:20 992 ----a-w- c:\windows\system32\d3d8caps.dat
2010-04-17 12:59 . 2010-04-17 12:59 -------- d-----w- c:\windows\system32\wbem\Repository
2010-04-16 20:02 . 2010-04-16 20:02 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-04-16 20:01 . 2010-04-17 21:46 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-04-12 01:14 . 2010-04-12 01:14 -------- d-----w- C:\spoolerlogs

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-11 23:31 . 2009-12-25 10:37 -------- d-----w- c:\documents and settings\Shearon\Application Data\WTablet
2010-05-11 20:25 . 2008-07-18 14:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-05-01 20:21 . 2006-01-14 18:31 43190 ----a-w- c:\documents and settings\Shearon\Application Data\wklnhst.dat
2010-04-18 09:51 . 2006-01-11 15:59 -------- d-----w- c:\program files\Google
2010-03-28 19:08 . 2006-05-25 23:56 -------- d-----w- c:\program files\Verizon
2010-03-28 19:08 . 2006-01-21 18:47 -------- d-----w- c:\program files\Common Files\Motive
2010-03-24 17:41 . 2006-01-14 19:33 64448 ----a-w- c:\documents and settings\Shearon\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-10 06:15 . 2004-08-10 18:51 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:24 . 2004-08-10 18:51 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2006-01-11 15:20 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-17 13:10 . 2004-08-10 18:51 2189952 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2004-08-04 04:59 2066816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:33 . 2004-08-10 18:50 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2004-08-10 18:51 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2006-07-04 13:13 . 2006-01-22 18:41 3350 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Detector "= "c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-03 102400]
"OM_Monitor "= "c:\program files\OLYMPUS\OLYMPUS MASTER\MONITOR.EXE" [2006-05-16 57344]
"DellSupport "= "c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"DellSupportCenter "= "c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-19 68856]
"EA Core "= "c:\program files\Electronic Arts\EADM\Core.exe" [2009-09-03 3342336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP "= "c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-15 1404928]
"SunJavaUpdateSched "= "c:\program files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 132496]
"IntelMeM "= "c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"DVDLauncher "= "c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"RealTray "= "c:\program files\Real\RealPlayer\RealPlay.exe" [2006-01-11 26112]
"ISUSPM Startup "= "c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler "= "c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"DMXLauncher "= "c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 86016]
"MimBoot "= "c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe" [2005-09-09 8192]
"MMTray "= "c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2005-09-09 110592]
"Google Desktop Search "= "c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-10-20 30192]
"HPDJ Taskbar Utility "= "c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-09-01 176128]
"igfxtray "= "c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd "= "c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers "= "c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"OM_Monitor "= "c:\program files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2006-05-16 40960]
"dscactivate "= "c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"DellSupportCenter "= "c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"DLA "= "c:\windows\System32\DLA\DLACTRLW.EXE" [2006-06-13 127036]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"QuickTime Task "= "c:\program files\QUICKTIME\QTTASK.EXE" [2009-01-05 413696]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2009-03-13 342312]
"UfSeAgnt.exe "= "c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2009-08-12 1398024]

c:\documents and settings\Shearon\Start Menu\Programs\Startup\
Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2008-8-13 344064]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride "=dword:00000001
"FirewallOverride "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)
"DisableNotifications "= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=
"c:\\Program Files\\Skype\\Phone\\Skype.exe "=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe "=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe "=

R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [9/16/2008 1:03 PM 169312]
R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [12/25/2009 6:36 AM 2749224]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [6/4/2009 10:57 AM 50192]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [6/4/2009 10:47 AM 36368]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [6/4/2009 10:47 AM 335376]
R3 TmPfw;Trend Micro Personal Firewall;c:\progra~1\TRENDM~1\INTERN~2\TmPfw.exe [6/4/2009 10:57 AM 488768]
R3 tmproxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [6/4/2009 10:57 AM 648456]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/4/2010 6:33 PM 135664]
S3 GoogleDesktopManager-093009-130223;Google Desktop Manager 5.9.909.30391;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [1/11/2006 11:59 AM 30192]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [12/25/2009 6:36 AM 15656]
.
Contents of the 'Scheduled Tasks' folder

2010-05-11 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-27 21:20]

2010-05-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-04 22:33]

2010-05-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-04 22:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://netservices.verizon.net/portal/link/main/vzcentral
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
Trusted Zone: musicmatch.com\online
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Motive SmartBridge - c:\progra~1\VERIZO~1\SMARTB~1\MotiveSB.exe
HKLM-Run-Verizon_McciTrayApp - c:\program files\Verizon\McciTrayApp.exe
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-11 19:32
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2128)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTsvcCDA.EXE
c:\program files\Common Files\Motive\McciCMService.exe
c:\progra~1\MUSICM~1\MUSICM~3\MMDiag.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Trend Micro\Internet Security\SfCtlCom.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\MUSICMATCH\Musicmatch Jukebox\mim.exe
c:\windows\system32\WTablet\Wacom_TabletUser.exe
c:\program files\Trend Micro\BM\TMBMSRV.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Java\jre1.6.0_02\bin\jucheck.exe
c:\windows\system32\wscript.exe
c:\program files\Trend Micro\Internet Security\UfUpdUi.exe
c:\program files\Trend Micro\Internet Security\SfFnUp.exe
.
**************************************************************************
.
Completion time: 2010-05-11 19:41:18 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-11 23:41

Pre-Run: 26,269,560,832 bytes free
Post-Run: 26,133,307,392 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS= "Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - DFF1B29F073524ADF2D4107BA8B4B193

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:44:20 PM, on 5/11/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\PROGRAM FILES\OLYMPUS\OLYMPUS MASTER\MONITOR.EXE
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\Internet Security\UfUpdUi.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://netservices.verizon.net/portal/link/main/vzcentral
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5104.1546\swg.dll
O2 - BHO: GoogleAFE - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe "
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe "
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe "
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe "
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [QuickTime Task] "C:\PROGRAM FILES\QUICKTIME\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe "
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [OM_Monitor] C:\PROGRAM FILES\OLYMPUS\OLYMPUS MASTER\MONITOR.EXE
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe "
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.3.5.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by103fd.bay103.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1155654076671
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6-windows-i586.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.9.909.30391 (GoogleDesktopManager-093009-130223) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\WINDOWS\system32\Wacom_Tablet.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe

--
End of file - 12002 bytes

broni · 2010/05/11

It looks like Combofix worked just fine

1. Please open Notepad

Click Start , then Run

Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:
Code:
File::

Folder::

Driver::

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
 "AntiVirusOverride "=-
 "FirewallOverride "=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
 "DisableMonitoring "=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
 "DisableMonitoring "=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
 "EnableFirewall "=dword:00000001
 "DisableNotifications "=dword:00000000

RegLockDel::
3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt

BillB · 2010/05/11

I'm glad that it worked, the way it looked I wasn't sure. Here is the new log.

ComboFix 10-05-10.05 - Shearon 05/11/2010 21:24:49.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.627 [GMT -4:00]
Running from: c:\documents and settings\Shearon\Desktop\ComboFix.exe
Command switches used :: E:\CFScript.txt
AV: Trend Micro Internet Security *On-access scanning disabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: Trend Micro Personal Firewall *disabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}
.

((((((((((((((((((((((((( Files Created from 2010-04-12 to 2010-05-12 )))))))))))))))))))))))))))))))
.

2010-05-11 23:10 . 2010-05-11 23:10 -------- d-----w- C:\_OTL
2010-05-10 16:01 . 2010-05-10 16:01 -------- d-----w- c:\documents and settings\Shearon\Application Data\Malwarebytes
2010-05-10 16:00 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-10 16:00 . 2010-05-10 16:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-05-10 16:00 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-10 16:00 . 2010-05-10 16:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-02 18:00 . 2010-05-02 18:00 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2010-04-19 21:56 . 2010-04-19 21:56 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2010-04-19 16:04 . 2010-04-30 21:31 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-19 16:04 . 2010-04-26 22:20 992 ----a-w- c:\windows\system32\d3d8caps.dat
2010-04-17 12:59 . 2010-04-17 12:59 -------- d-----w- c:\windows\system32\wbem\Repository
2010-04-16 20:02 . 2010-04-16 20:02 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-04-16 20:01 . 2010-04-17 21:46 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-11 23:54 . 2009-12-25 10:37 -------- d-----w- c:\documents and settings\Shearon\Application Data\WTablet
2010-05-11 23:43 . 2010-05-11 23:43 388096 ----a-r- c:\documents and settings\Shearon\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-05-11 23:43 . 2006-01-11 15:54 -------- d-----w- c:\program files\Trend Micro
2010-05-11 20:25 . 2008-07-18 14:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-05-01 20:21 . 2006-01-14 18:31 43190 ----a-w- c:\documents and settings\Shearon\Application Data\wklnhst.dat
2010-04-18 09:51 . 2006-01-11 15:59 -------- d-----w- c:\program files\Google
2010-03-28 19:08 . 2006-05-25 23:56 -------- d-----w- c:\program files\Verizon
2010-03-28 19:08 . 2006-01-21 18:47 -------- d-----w- c:\program files\Common Files\Motive
2010-03-24 17:41 . 2006-01-14 19:33 64448 ----a-w- c:\documents and settings\Shearon\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-10 06:15 . 2004-08-10 18:51 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:24 . 2004-08-10 18:51 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2006-01-11 15:20 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-17 13:10 . 2004-08-10 18:51 2189952 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2004-08-04 04:59 2066816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:33 . 2004-08-10 18:50 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2004-08-10 18:51 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2006-07-04 13:13 . 2006-01-22 18:41 3350 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Detector "= "c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-03 102400]
"OM_Monitor "= "c:\program files\OLYMPUS\OLYMPUS MASTER\MONITOR.EXE" [2006-05-16 57344]
"DellSupport "= "c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"DellSupportCenter "= "c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-19 68856]
"EA Core "= "c:\program files\Electronic Arts\EADM\Core.exe" [2009-09-03 3342336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP "= "c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-15 1404928]
"SunJavaUpdateSched "= "c:\program files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 132496]
"IntelMeM "= "c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"DVDLauncher "= "c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"RealTray "= "c:\program files\Real\RealPlayer\RealPlay.exe" [2006-01-11 26112]
"ISUSPM Startup "= "c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler "= "c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"DMXLauncher "= "c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 86016]
"MimBoot "= "c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe" [2005-09-09 8192]
"MMTray "= "c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2005-09-09 110592]
"Google Desktop Search "= "c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-10-20 30192]
"HPDJ Taskbar Utility "= "c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-09-01 176128]
"igfxtray "= "c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd "= "c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers "= "c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"OM_Monitor "= "c:\program files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2006-05-16 40960]
"dscactivate "= "c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"DellSupportCenter "= "c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"DLA "= "c:\windows\System32\DLA\DLACTRLW.EXE" [2006-06-13 127036]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"QuickTime Task "= "c:\program files\QUICKTIME\QTTASK.EXE" [2009-01-05 413696]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2009-03-13 342312]
"UfSeAgnt.exe "= "c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2009-08-12 1398024]

c:\documents and settings\Shearon\Start Menu\Programs\Startup\
Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2008-8-13 344064]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=
"c:\\Program Files\\Skype\\Phone\\Skype.exe "=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe "=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe "=

R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [9/16/2008 1:03 PM 169312]
R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [12/25/2009 6:36 AM 2749224]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [6/4/2009 10:47 AM 36368]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [6/4/2009 10:47 AM 335376]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/4/2010 6:33 PM 135664]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [6/4/2009 10:57 AM 50192]
S3 GoogleDesktopManager-093009-130223;Google Desktop Manager 5.9.909.30391;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [1/11/2006 11:59 AM 30192]
S3 TmPfw;Trend Micro Personal Firewall;c:\progra~1\TRENDM~1\INTERN~2\TmPfw.exe [6/4/2009 10:57 AM 488768]
S3 tmproxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [6/4/2009 10:57 AM 648456]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [12/25/2009 6:36 AM 15656]
.
Contents of the 'Scheduled Tasks' folder

2010-05-11 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-27 21:20]

2010-05-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-04 22:33]

2010-05-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-04 22:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://netservices.verizon.net/portal/link/main/vzcentral
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
Trusted Zone: musicmatch.com\online
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-11 21:34
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3840)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-05-11 21:39:13
ComboFix-quarantined-files.txt 2010-05-12 01:39
ComboFix2.txt 2010-05-11 23:41

Pre-Run: 25,905,623,040 bytes free
Post-Run: 25,921,712,128 bytes free

- - End Of File - - E545861ABBABFA3BF0CE8F6E1A2B68C0

broni · 2010/05/11

Very good. It looks decent

Uninstall Combofix:
Go Start > Run [Vista users, go Start> "Start search"]
Type in:
Combofix /Uninstall
Note the space between the "Combofix" and the "/Uninstall "
Click OK (Vista users - press Enter).
Restart computer.

=============================================================

Print these instructions out.

NOTE. If any of the programs listed below refuse to run, try renaming executive file to something else; for instance, rename hijackthis.exe to scanner.exe

***VERY IMPORTANT! Make sure, you update Malwarebytes before running the scans.***

STEP 1. Download Malwarebytes' Anti-Malware: http://www.malwarebytes.org/mbam.php to your desktop.
(Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Quick Scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

RESTART COMPUTER!

STEP 2.
Post fresh HijackThis log.
NOTE. If you're using Vista, right click on HijackThis, and click Run as Administrator
Do NOT attempt to "fix" anything!

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

BillB · 2010/05/11

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4091

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5/11/2010 10:48:16 PM
mbam-log-2010-05-11 (22-48-16).txt

Scan type: Quick scan
Objects scanned: 128457
Time elapsed: 11 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:50:15 PM, on 5/11/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\PROGRAM FILES\OLYMPUS\OLYMPUS MASTER\MONITOR.EXE
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\Motive\McciCMService.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://netservices.verizon.net/portal/link/main/vzcentral
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5104.1546\swg.dll
O2 - BHO: GoogleAFE - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe "
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe "
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe "
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe "
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [QuickTime Task] "C:\PROGRAM FILES\QUICKTIME\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe "
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [OM_Monitor] C:\PROGRAM FILES\OLYMPUS\OLYMPUS MASTER\MONITOR.EXE
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe "
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.3.5.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by103fd.bay103.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1155654076671
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6-windows-i586.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.9.909.30391 (GoogleDesktopManager-093009-130223) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\WINDOWS\system32\Wacom_Tablet.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe

--
End of file - 11910 bytes

broni · 2010/05/11

Good

1. Download Temp File Cleaner (TFC)
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

2. Go to Kaspersky website and perform an online antivirus scan.

1. Disable your active antivirus program.
2. Read through the requirements and privacy statement and click on Accept button.
3. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
4. When the downloads have finished, click on Settings.
5. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:

Spyware, Adware, Dialers, and other potentially dangerous programs
[*] Archives
[*] Mail databases

6. Click on My Computer under Scan.
7. Once the scan is complete, it will display the results. Click on View Scan Report.
8. You will see a list of infected items there. Click on Save Report As....
9. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

BillB · 2010/05/12

Here are the results of the Kaspersky scan.

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Wednesday, May 12, 2010
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Wednesday, May 12, 2010 11:29:13
Records in database: 4098979
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\

Scan statistics:
Objects scanned: 102282
Threats found: 6
Infected objects found: 10
Suspicious objects found: 0
Scan duration: 03:55:56

File name / Threat / Threats count
C:\Documents and Settings\Shearon\.housecall6.6\Quarantine\brastk.exe.bac_a03248 Infected: Trojan-Downloader.Win32.FraudLoad.vkmz 1
C:\Documents and Settings\Shearon\.housecall6.6\Quarantine\brastk.exe.bac_a04000 Infected: Trojan-Downloader.Win32.FraudLoad.vkmz 1
C:\Documents and Settings\Shearon\.housecall6.6\Quarantine\Install-Errorprotector-Free.exe.bac_a03248 Infected: not-a-virusownloader.Win32.WinFixer.ar 1
C:\Documents and Settings\Shearon\.housecall6.6\Quarantine\uf40.exe.bac_a03248 Infected: not-a-virus:AdWare.Win32.Agent.co 1
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\WebSys\offline.mmz Infected: not-a-virus:RiskTool.Win32.Deleter.f 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\5E.tmp Infected: Rootkit.Win32.TDSS.pio 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1495\A0119351.exe Infected: Trojan-Downloader.Win32.FraudLoad.xbjp 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1495\A0119366.exe Infected: Trojan-Downloader.Win32.FraudLoad.xbjp 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1495\A0120366.exe Infected: Trojan-Downloader.Win32.FraudLoad.xbjp 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1495\A0120370.exe Infected: Trojan-Downloader.Win32.FraudLoad.xbjp 1

Selected area has been scanned.

broni · 2010/05/12

Please download OTM

Save it to your desktop.

Please double-click OTM to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).

Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
Code:
:Processes

:Services

:Reg

:Files
C:\Documents and Settings\Shearon\.housecall6.6\Quarantine\brastk.exe.bac_a03248 
C:\Documents and Settings\Shearon\.housecall6.6\Quarantine\brastk.exe.bac_a04000 
C:\Documents and Settings\Shearon\.housecall6.6\Quarantine\Install-Errorprotector-Free.exe.bac_a03248 
C:\Documents and Settings\Shearon\.housecall6.6\Quarantine\uf40.exe.bac_a03248 
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\WebSys\offline.mmz 
C:\Program Files\Trend Micro\Internet Security\Quarantine\5E.tmp
      
:Commands
[purity]
[resethosts]
[emptytemp]
[Reboot]
Return to OTM, right click in the Paste Instructions for Items to be Movedwindow (under the yellow bar) and choose Paste.

Click the red Moveit! button.

Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.

Close OTM and reboot your PC.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

BillB · 2010/05/12

Here's the OTM log.

All processes killed
========== PROCESSES ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\Documents and Settings\Shearon\.housecall6.6\Quarantine\brastk.exe.bac_a03248 moved successfully.
C:\Documents and Settings\Shearon\.housecall6.6\Quarantine\brastk.exe.bac_a04000 moved successfully.
C:\Documents and Settings\Shearon\.housecall6.6\Quarantine\Install-Errorprotector-Free.exe.bac_a03248 moved successfully.
C:\Documents and Settings\Shearon\.housecall6.6\Quarantine\uf40.exe.bac_a03248 moved successfully.
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\WebSys\offline.mmz moved successfully.
C:\Program Files\Trend Micro\Internet Security\Quarantine\5E.tmp moved successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Owner

User: Shearon
->Temp folder emptied: 133549085 bytes
->Temporary Internet Files folder emptied: 3293586 bytes
->Java cache emptied: 130222 bytes
->Flash cache emptied: 705 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 571 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 131.00 mb

OTM by OldTimer - Version 3.1.12.0 log created on 05122010_223306

Files moved on Reboot...
File C:\Documents and Settings\Shearon\Local Settings\Temp\~DF3D6.tmp not found!
File C:\Documents and Settings\Shearon\Local Settings\Temp\~DF3E9.tmp not found!
File C:\Documents and Settings\Shearon\Local Settings\Temp\~DF515.tmp not found!
File C:\Documents and Settings\Shearon\Local Settings\Temp\~DF528.tmp not found!
File C:\Documents and Settings\Shearon\Local Settings\Temp\~DF674.tmp not found!
File C:\Documents and Settings\Shearon\Local Settings\Temp\~DF687.tmp not found!
C:\Documents and Settings\Shearon\Local Settings\Temporary Internet Files\Content.IE5\69DIUW3T\92900-active-need-help-xp-antivirus-infection-2[1].html moved successfully.

Registry entries deleted on Reboot...

broni · 2010/05/12

Please download OTC to your desktop. It'll remove most tools and logs we used so far. If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

Double-click OTC.exe to run it. (Vista and 7 users, please right click on OTC and select "Run as an Administrator ")

Click on the CleanUp! button and follow the prompts.

You will be asked to reboot the machine to finish the Cleanup process, choose Yes. If it doesn't ask you to reboot, restart computer manually.

After the reboot all the tools we used should be gone.

The tool will delete itself once it finishes.

================================================================

Verify your Java version here: http://www.java.com/en/download/installed.jsp
Update, if necessary.
Uninstall all previous Java versions, through Add\Remove (Programs & Features in Vista).

==================================================================

When done...

Your computer is clean

1. Turn off System Restore:

- Windows XP:
1. Click Start.
2. Right-click the My Computer icon, and then click Properties.
3. Click the System Restore tab.
4. Check "Turn off System Restore ".
5. Click Apply.
6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
7. Click OK.
- Windows Vista and 7:
1. Click Start.
2. Right-click the Computer icon, and then click Properties.
3. Click on System Protection under the Tasks column on the left side
4. Click on Continue on the "User Account Control" window that pops up
5. Under the System Protection tab, find Available Disks
6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C: ")
7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this.
8. Click OK

2. Restart computer.

3. Turn System Restore on.

4. Make sure, Windows Updates are current.

[SIZE= "4"]5. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately![/SIZE]

6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

7. Run defrag at your convenience.

8. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

9. Please, let me know, how is your computer doing.

BillB · 2010/05/13

Broni,

I performed the cleanup, turned off/on system restore, installed WOT, updated Java, and ran a defrag. The computer is doing much better now. All the pop-ups are gone, no nasty XP antivirus warnings and boot up is much faster. Looks like it is ready for prime time again.

I'm really glad you were able to get around the fact that I couldn't get to the desktop, I figured a boot disc of some kind would be needed but wasn't sure what to use.

Thanks very much for the help with this, I'm sure they're going to appreciate the fact that a system restore wasn't necessary to get it working again.

Log in or Sign up

Solved Need help with XP-Antivirus infection

BillB Well-Known Member Thread Starter

broni Moderator Malware Analyst

BillB Well-Known Member Thread Starter

BillB Well-Known Member Thread Starter

BillB Well-Known Member Thread Starter

broni Moderator Malware Analyst

BillB Well-Known Member Thread Starter

broni Moderator Malware Analyst

BillB Well-Known Member Thread Starter

BillB Well-Known Member Thread Starter

broni Moderator Malware Analyst

BillB Well-Known Member Thread Starter

broni Moderator Malware Analyst

BillB Well-Known Member Thread Starter

broni Moderator Malware Analyst

BillB Well-Known Member Thread Starter

broni Moderator Malware Analyst

BillB Well-Known Member Thread Starter

broni Moderator Malware Analyst

BillB Well-Known Member Thread Starter

Share This Page

Log in or Sign up

Solved Need help with XP-Antivirus infection

BillB Well-Known Member Thread Starter

broni Moderator Malware Analyst

BillB Well-Known Member Thread Starter

BillB Well-Known Member Thread Starter

BillB Well-Known Member Thread Starter

broni Moderator Malware Analyst

BillB Well-Known Member Thread Starter

broni Moderator Malware Analyst

BillB Well-Known Member Thread Starter

BillB Well-Known Member Thread Starter

broni Moderator Malware Analyst

BillB Well-Known Member Thread Starter

broni Moderator Malware Analyst

BillB Well-Known Member Thread Starter

broni Moderator Malware Analyst

BillB Well-Known Member Thread Starter

broni Moderator Malware Analyst

BillB Well-Known Member Thread Starter

broni Moderator Malware Analyst

BillB Well-Known Member Thread Starter

Share This Page

Useful Searches