[RESOLVED] Bancos IXQ and System Surveillance Pro 4.2

Started By jdhoward, Aug 16 2010 02:42 PM

You cannot start a new topic
You cannot reply to this topic
Go to first unread post

12 replies to this topic

#1 jdhoward

$ Supporting Member

27 posts
Joined: August 16, 2010
4 topics
Skin: IP.Board
Local time: 02:01 PM

Zodiac:Aquarius
Gender:Male
OS:Windows XP
Country:

Offline

Time Online: 3h 43s

Posted 16 August 2010 - 02:42 PM

My machine:
Dell Inspiron 530, 2.33 Gb Intel Core Duo processor, 2Gb Memory
XP3 fully updated was running just fine.
I was browsing a couple of forums similar to this when I read a subject about a slow computer. The contributor suggested to determine what processes were running to go to PC Pitstop and download PC Matic for a free scan. I ran the program and there were no revelations EXCEPT it stated that I was infected with Bancos IXQ and System Surveillance Pro 4.2 Which they would repair for me for $30.00 or so.
I figured this was just a scam.
I have Avast, Comodo Firewall. Paid version of MBAM and SAS running full time.
I ran scans with all of these, MBAM came up clean, as did Avast, SAS found a tracking cookie. I also ran Online F-Secure 4.2 which found a tracking cookie

Yesterday someone used my credit card!

I decided going through your malware removal checklist could do no harm.
When I got to GMER I downloaded and ran the scan. It appeared the scan was completed ion about 30 minutes but my computer froze. I left it for about an hour then powered down. I restarted in safe mode and tried again but GMER refused to open finally I got an error message that a device was not connected ( didn’t say which.)
I finally got GMER to run in safe mode.
So do I have a problem? Besides not leaving a good computer alone.

The logs:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4435

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

8/16/2010 8:34:30 AM
mbam-log-2010-08-16 (08-34-30).txt

Scan type: Quick scan
Objects scanned: 129367
Time elapsed: 4 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

OTL Extras logfile created on: 8/11/2010 4:29:33 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Owner\Desktop\Downloaded
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 70.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): C:\pagefile.sys 4092 6200 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 413.23 Gb Free Space | 88.72% Space Free | Partition Type: NTFS
Drive D: | 232.88 Gb Total Space | 130.91 Gb Free Space | 56.21% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 4.23 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JDXP
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- File not found
"C:\Documents and Settings\Owner\Local Settings\Temp\hp_webrelease\setup\HPZnet01.exe" = C:\Documents and Settings\Owner\Local Settings\Temp\hp_webrelease\setup\HPZnet01.exe:*:Enabled:hpznet01.exe -- File not found
"C:\Documents and Settings\Owner\Local Settings\Temp\hp_webrelease_\setup\HPZnet01.exe" = C:\Documents and Settings\Owner\Local Settings\Temp\hp_webrelease_\setup\HPZnet01.exe:*:Enabled:hpznet01.exe -- File not found
"C:\Documents and Settings\Owner\Local Settings\Temp\hp_webrelease__\setup\HPZnet01.exe" = C:\Documents and Settings\Owner\Local Settings\Temp\hp_webrelease__\setup\HPZnet01.exe:*:Enabled:hpznet01.exe -- File not found

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{01BDFB08-EE88-4E5E-94A6-AE9EDCFA40C5}" = Microsoft IntelliPoint 4.0
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{098122AB-C605-4853-B441-C0A4EB359B75}" = DirectXInstallService
"{0BF5FBE7-3907-4A1F-9E48-8B66E52850D6}" = TrayApp
"{0CDD5599-836A-4650-8BE7-F33D8D915A0D}" = dj6980
"{0F40754C-F1FD-43df-B73E-9DA38399CDD6}" = hpf_ProductContext
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{14A67CE0-4F30-4607-885B-43EE27BAC746}" = Readme
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1632FD86-1BA4-4FC4-8B25-A8C655D63F68}" = Sid Meier's Pirates!
"{17E3A651-12B9-4149-BAE8-E6FB9A5ADC4F}" = Microsoft Works Suite Add-in for Microsoft Word
"{1B683082-8791-4D00-8ADE-6C8986FCCC68}" = Roxio CinePlayer
"{1E1F1E70-14D8-4380-8652-BD1A895A7D65}" = Status
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}" = Destinations
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2A30052B-831C-41D3-8044-3C0388066350}" = Seagate Manager Installer
"{2F0200C6-9ACB-49F3-BC33-5BE9AA682D9F}" = MapSend Lite
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder
"{3B0F52AC-EF5C-4831-B221-06C782E41280}" = Quicken 2008
"{3D10E608-A4A3-40AD-B91C-6D963BBD91D5}" = LP6980_Help
"{4041C245-7099-4C96-9738-5EBC23827B3C}" = BufferChm
"{46CBBDF8-55B5-40DB-B459-7B848394309C}" = EPSON File Manager
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = EPSON Event Manager
"{4915A273-16A5-42E7-B258-65BD92862D2E}_is1" = Genie Backup Manager Pro 8.0
"{49FC50FC-F965-40D9-89B4-CBFF80941033}" = Windows Movie Maker 2.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4BE53DB2-C1F2-44D1-A9AB-1630BA7F2AF1}" = SolutionCenter
"{503869DA-B32E-4606-A54B-B5CC3FFC3F62}" = Virtual Weather Station
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Easy Media Creator
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5791B7D3-8B34-4218-9750-6A8E45D0AD32}" = pdfforge Toolbar v1.1.2
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{62C71C1B-E0FB-11D4-9DB7-00B0D02AE94A}" = Personal Ancestral File 5 Lessons
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel® PRO Network Connections 12.1.12.0
"{7ADE9F27-A175-447F-A4B4-B05FA82735E1}" = HP Deskjet 6900 series
"{83ED1E80-A1B7-4226-BCF1-AC4A88151A6B}" = Microsoft Streets & Trips 2006
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}" = ATI AVIVO Codecs
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Roxio CinePlayer Decoder Pack
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{911B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{91AFACB3-CA46-4C1E-AF2D-F72EE0B112E4}" = Personal Ancestral File Companion 5.4
"{95120000-003F-0409-0000-0000000FF1CE}" = Microsoft Office Excel Viewer
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{97AE00A8-1336-410F-B467-1C6623127BD6}" = DesignPro 5.0 Limited Edition
"{9ED71778-0E56-4760-9FC6-2C29D75100C5}" = Radioshack USB-to-Serial Cable Driver Installer
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB67580-257C-45FF-B8F4-C8C30682091A}_is1" = SIW version 2010.07.14
"{B64BC516-2406-43AE-A21A-1E387A2343B1}" = ContentManager
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{BF83EFE2-C9F0-40D4-841C-2066668C1D7A}" = Roxio Easy Media Creator 10 Suite
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software
"{C2D129C0-7508-11DF-9F1B-005056806466}" = Google Earth
"{C9E4932C-8417-4E4C-A0E3-EE534810AB4D}" = ClearType Tuning Control Panel Applet
"{CB1F3886-AE9F-46fb-8325-6B0718989285}" = dj_taplugin
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB995BB2-4D75-4D6A-A164-E986CCD6C682}" = Targus USB Adapter
"{CC6B1BB4-4E06-4A5B-A166-B371B551324B}" = COMODO Internet Security
"{CD4215A0-AAF4-11D5-8879-0800460222F0}" = Virtual Weather Station
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Professional
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE6DEE87-1C87-42ED-A108-7369BFE9076F}" = 32 bit Windows Card Reader Driver
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D7CAE58E-26DE-49B7-A75D-EAEDF76726BE}" = HP Photosmart Essential
"{D94A8E22-DF2B-4107-9E51-608A60A7671D}" = Personal Ancestral File 5
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{DE1AF137-C455-494A-A817-EFE44BCCFDEE}" = Works Upgrade
"{DEBB2986-15B0-4D28-95FA-5C966A396589}" = HPProductAssistant
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E0E1EFC2-FE99-11D3-99C7-0040F6982C20}" = PaperPort Printer Driver
"{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6}" = NVIDIA PhysX
"{EC2715CE-C182-483C-84CC-81D7D914CF14}" = WebReg
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ECFDD6BD-E0C0-41CC-A171-E6D6AF4C0E93}" = HP Software Update
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{EDABA4A8-8B7E-488A-A85C-17406C1C62CA}" = LP6980Trb
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F979ACC9-A874-457A-9BE1-7FD2085F126F}" = MapSend DirectRoute North America
"2006 Easton Shaft Selector" = 2006 Easton Shaft Selector
"3169437" = 3169437 Screen Saver
"3D World Map" = 3D World Map 2.1
"Adobe Acrobat 4.0" = Adobe Acrobat 4.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe PhotoDeluxe Home Edition 4.0" = Adobe PhotoDeluxe Home Edition 4.0
"All ATI Software" = ATI - Software Uninstall Utility
"avast5" = avast! Free Antivirus
"Avery Wizard 2.1 MSW10" = Avery® Wizard 2.1 for Microsoft® Word 2002
"Belarc Advisor" = Belarc Advisor 8.1
"CDML Personal Calculator" = CDML Personal Calculator
"CNXT_MODEM_PCI_HSF" = Conexant D850 PCI V.92 Modem
"EasyGPS_is1" = EasyGPS
"Encore LaunchPad_is1" = Encore LaunchPad 6.7.25.300
"EPSON Scanner" = EPSON Scan
"ERUNT_is1" = ERUNT 1.1j
"felinefright_3169436" = felinefright_3169436 Screen Saver
"fishMaus99" = fishMaus Screen Saver
"FLV Player" = FLV Player 2.0 (build 25)
"Foxit PDF Editor" = Foxit PDF Editor
"Foxit Reader" = Foxit Reader
"GenSmarts_is1" = GenSmarts
"Golden" = Golden Records Vinyl to CD Converter
"GSAK" = GSAK 6.6.4 Build 20 (Final)
"hiddentreasure_3262482" = hiddentreasure_3262482 Screen Saver
"Hoyle Backgammon_is1" = Hoyle Backgammon
"HP Imaging Device Functions" = HP Imaging Device Functions 6.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center and Imaging Support Tools 6.0
"ie8" = Windows Internet Explorer 8
"InstallShield_{1632FD86-1BA4-4FC4-8B25-A8C655D63F68}" = Sid Meier's Pirates!
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"InstallShield_{2A30052B-831C-41D3-8044-3C0388066350}" = Seagate Manager Installer
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{97AE00A8-1336-410F-B467-1C6623127BD6}" = DesignPro 5.0 Limited Edition
"Internet Download Manager" = Internet Download Manager
"IrfanView" = IrfanView (remove only)
"Karen's Cookie Viewer" = Karen's Cookie Viewer
"Kazoo Player" = Kazoo Player
"Kyodai Mahjongg_is1" = Kyodai Mahjongg
"lvdrivers_12.10" = Logitech Webcam Software Driver Package
"MailWasher Pro_is1" = MailWasher Pro
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mancala 2000" = Mancala 2000
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Money2006b" = Microsoft Money 2006
"MozBackup" = MozBackup 1.4.10
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Mozilla Thunderbird (3.1)" = Mozilla Thunderbird (3.1)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MVP Mancala Deluxe" = MVP Mancala Deluxe
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"PaperPort 7.0" = PaperPort 7.0
"Password Corral v4.0_is1" = Password Corral v4.0
"PhoneTray" = PhoneTray Free
"PPTView97" = Microsoft PowerPoint Viewer 97
"Revo Uninstaller" = Revo Uninstaller 1.89
"serenity_3262480" = serenity_3262480 Screen Saver
"Sid Meier's Antietam Demo" = Sid Meier's Antietam Demo
"SK_USBMillenniumKeyboard" = USB Millennium Keyboard
"Speccy" = Speccy
"SpywareBlaster_is1" = SpywareBlaster 4.3
"ST6UNST #1" = Karen's Clipboard Viewer
"StartWatch" = StartWatch (remove only)
"Task Plus 3.9.9.6" = Task Plus 3.9.9.6
"TaxACT 2009" = TaxACT 2009
"TaxACT 2009 New Mexico" = TaxACT 2009 New Mexico
"The Master Genealogist (for All Users)" = The Master Genealogist (for All Users)
"TMG Utility" = TMG Utility
"Tweak UI 2.10" = Tweak UI
"Unlocker" = Unlocker 1.8.9
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Works2006Setup" = Microsoft Works Suite 2006 Setup Launcher
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Detector Plug-in
"WinDirStat" = WinDirStat 1.1.2

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/30/2010 5:23:32 PM | Computer Name = JDXP | Source = Application Error | ID = 1000
Description = Faulting application hpqtra08.exe, version 60.0.155.0, faulting module
hpqtra08.exe, version 60.0.155.0, fault address 0x0000f005.

Error - 7/30/2010 5:23:36 PM | Computer Name = JDXP | Source = Application Error | ID = 1001
Description = Fault bucket 255833388.

Error - 8/3/2010 12:33:21 PM | Computer Name = JDXP | Source = MsiInstaller | ID = 11706
Description = Product: HPProductAssistant -- Error 1706.No valid source could be
found for product HPProductAssistant. The Windows Installer cannot continue.

Error - 8/3/2010 12:33:41 PM | Computer Name = JDXP | Source = MsiInstaller | ID = 11706
Description = Product: HPProductAssistant -- Error 1706.No valid source could be
found for product HPProductAssistant. The Windows Installer cannot continue.

Error - 8/3/2010 12:33:44 PM | Computer Name = JDXP | Source = MsiInstaller | ID = 11706
Description = Product: HPProductAssistant -- Error 1706.No valid source could be
found for product HPProductAssistant. The Windows Installer cannot continue.

Error - 8/4/2010 8:23:12 AM | Computer Name = JDXP | Source = Application Hang | ID = 1002
Description = Hanging application i_view32.exe, version 4.2.3.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 8/4/2010 8:23:20 AM | Computer Name = JDXP | Source = Application Hang | ID = 1001
Description = Fault bucket 1076564383.

Error - 8/4/2010 8:23:23 AM | Computer Name = JDXP | Source = Application Hang | ID = 1002
Description = Hanging application i_view32.exe, version 4.2.3.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 8/11/2010 10:29:15 AM | Computer Name = JDXP | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 8/11/2010 10:29:15 AM | Computer Name = JDXP | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

[ System Events ]
Error - 8/11/2010 5:26:03 PM | Computer Name = JDXP | Source = Service Control Manager | ID = 7000
Description = The SessionLauncher service failed to start due to the following error:
%%3

Error - 8/11/2010 5:49:31 PM | Computer Name = JDXP | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 8/11/2010 5:49:42 PM | Computer Name = JDXP | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 8/11/2010 5:50:15 PM | Computer Name = JDXP | Source = Service Control Manager | ID = 7001
Description = The DHCP Client service depends on the NetBios over Tcpip service
which failed to start because of the following error: %%31

Error - 8/11/2010 5:50:15 PM | Computer Name = JDXP | Source = Service Control Manager | ID = 7001
Description = The DNS Client service depends on the TCP/IP Protocol Driver service
which failed to start because of the following error: %%31

Error - 8/11/2010 5:50:15 PM | Computer Name = JDXP | Source = Service Control Manager | ID = 7001
Description = The TCP/IP NetBIOS Helper service depends on the AFD service which
failed to start because of the following error: %%31

Error - 8/11/2010 5:50:15 PM | Computer Name = JDXP | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 8/11/2010 5:50:15 PM | Computer Name = JDXP | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Aavmker4 AFD aswSP aswTdi BANTExt cmdGuard cmdHlp Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd
Rdbss
SASDIFSV
SASKUTIL
Tcpip
WS2IFSL

Error - 8/11/2010 5:54:34 PM | Computer Name = JDXP | Source = Service Control Manager | ID = 7000
Description = The SessionLauncher service failed to start due to the following error:
%%3

Error - 8/11/2010 6:23:32 PM | Computer Name = JDXP | Source = Service Control Manager | ID = 7000
Description = The SessionLauncher service failed to start due to the following error:
%%3

< End of report >
OTL logfile created on: 8/15/2010 7:58:45 PM - Run 2
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\Owner\Desktop\Downloaded
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 70.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): C:\pagefile.sys 4092 6200 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 411.70 Gb Free Space | 88.39% Space Free | Partition Type: NTFS
Drive D: | 232.88 Gb Total Space | 117.94 Gb Free Space | 50.65% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 4.23 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JDXP
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/08/15 19:56:59 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\Downloaded\OTL_2.exe
PRC - [2010/06/28 14:57:18 | 002,837,864 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/06/28 14:57:15 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/06/01 19:00:52 | 001,778,480 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2010/05/25 07:28:58 | 000,263,600 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IEMonitor.exe
PRC - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2010/04/01 11:58:04 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/01/08 00:51:02 | 000,380,928 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe
PRC - [2009/10/07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
PRC - [2009/09/25 23:32:20 | 000,202,024 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\MaxSync.exe
PRC - [2009/09/25 23:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/03/14 12:05:02 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2001/08/23 12:37:40 | 000,167,936 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Hardware\Mouse\point32.exe

========== Modules (SafeList) ==========

MOD - [2010/08/15 19:56:59 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\Downloaded\OTL_2.exe
MOD - [2010/06/01 19:00:52 | 000,278,288 | ---- | M] (COMODO) -- C:\WINDOWS\system32\guard32.dll
MOD - [2009/03/26 07:35:40 | 000,034,224 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\idmmkb.dll
MOD - [2008/04/14 05:40:22 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2001/05/09 13:00:28 | 000,045,056 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Hardware\Mouse\Msh_zwf.dll
MOD - [2001/05/09 13:00:28 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Hardware\Mouse\point32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\DOCUME~1\Owner\LOCALS~1\Temp\DX9\SessionLauncher.exe -- (SessionLauncher)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/06/28 14:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/06/28 14:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/06/28 14:57:15 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/06/01 19:00:52 | 001,778,480 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/01/08 00:51:02 | 000,380,928 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2009/10/07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2009/09/25 23:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2008/06/23 09:08:34 | 000,362,992 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe -- (Roxio Upnp Server 10)
SRV - [2008/06/23 09:08:28 | 000,313,840 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe -- (Roxio UPnP Renderer 10)
SRV - [2008/06/23 09:06:18 | 000,309,744 | ---- | M] (Sonic Solutions) [Disabled | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe -- (RoxLiveShare10)
SRV - [2008/06/23 09:06:10 | 000,166,384 | ---- | M] (Sonic Solutions) [Disabled | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe -- (RoxWatch10)
SRV - [2008/06/23 09:05:38 | 001,120,752 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2005/03/14 12:05:02 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

========== Driver Services (SafeList) ==========

DRV - [2010/06/28 14:37:52 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/06/28 14:37:30 | 000,165,456 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/06/28 14:33:13 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/06/28 14:32:45 | 000,100,176 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/06/28 14:32:33 | 000,017,744 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/06/28 14:32:16 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/06/04 11:55:58 | 000,229,312 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2010/06/01 19:00:24 | 000,087,824 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\inspect.sys -- (Inspect)
DRV - [2010/06/01 19:00:22 | 000,025,240 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2010/05/25 15:28:57 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/04/06 18:13:04 | 005,912,096 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2010/02/17 11:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/01/11 22:03:33 | 010,276,768 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2009/11/18 07:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009/11/18 07:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009/10/22 15:11:14 | 000,057,800 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2009/10/22 15:09:34 | 000,072,520 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2009/10/07 02:49:50 | 000,023,832 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2009/10/07 02:49:38 | 006,756,632 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam 500(UVC)
DRV - [2009/10/07 02:47:55 | 000,266,008 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2009/10/07 01:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2008/06/23 10:11:24 | 000,057,328 | ---- | M] (Sonic Solutions) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\RxFilter.sys -- (RxFilter)
DRV - [2008/05/08 19:36:17 | 000,752,768 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atinavrr.sys -- (ATIAVPCI)
DRV - [2008/04/14 00:16:24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
DRV - [2008/04/14 00:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 22:06:06 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/02/27 13:49:00 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt)
DRV - [2007/09/05 04:03:00 | 000,049,664 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2007/06/20 12:08:20 | 000,987,904 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007/06/20 12:07:42 | 000,268,032 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2007/06/20 12:07:38 | 000,731,136 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2007/04/13 20:33:34 | 000,254,872 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel®
DRV - [2007/02/09 12:34:16 | 000,051,768 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2007/02/08 20:05:30 | 000,028,120 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/02/08 20:05:30 | 000,012,856 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/11/02 00:50:52 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2006/10/26 16:22:02 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/10/26 16:21:34 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/10/26 16:21:34 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/10/26 16:21:32 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/10/26 16:21:30 | 000,026,296 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/10/26 16:21:28 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/10/26 16:21:26 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/10/26 16:21:24 | 000,104,536 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/07/21 11:21:26 | 000,099,176 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2003/04/19 02:32:04 | 000,004,736 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tandpl.sys -- (tandpl)
DRV - [2003/03/02 19:44:26 | 000,007,552 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\enodpl.sys -- (enodpl)
DRV - [2001/08/23 01:33:12 | 000,010,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ipfilter.sys -- (IPFilter)
DRV - [2001/08/17 12:17:44 | 000,042,432 | ---- | M] (Digi International, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\digirlpt.sys -- (DIGIRPS)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.order.12: ""
FF - prefs.js..browser.search.order.13: "Webster"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledItems: DeviceDetection@logitech.com:1.0.176.0
FF - prefs.js..extensions.enabledItems: flvmoviesdownloader@rzll:1.40
FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2d}:1.2.4
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100503
FF - prefs.js..extensions.enabledItems: {B17C1C5A-04B1-11DB-9804-B622A1EF5492}:1.2
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.48.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: mozilla_cc@internetdownloadmanager.com:6.9.7
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1
FF - prefs.js..extensions.enabledItems: {6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}:0.9.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/16 05:53:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/27 06:26:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/07/17 17:02:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2010/05/07 06:29:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2010/05/07 06:29:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/08/15 10:27:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yjucofau.default\extensions
[2010/05/09 06:50:56 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yjucofau.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/05/07 06:28:39 | 000,000,000 | ---D | M] (PopupMaster) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yjucofau.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2d}
[2010/07/07 09:59:23 | 000,000,000 | ---D | M] (Google Analytics Opt-out Browser Add-on) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yjucofau.default\extensions\{6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}
[2010/07/28 16:13:11 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yjucofau.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/05/07 06:28:39 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yjucofau.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(2)
[2010/05/18 06:52:57 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yjucofau.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/05/07 06:28:39 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yjucofau.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}(2)
[2010/05/07 06:28:39 | 000,000,000 | ---D | M] (Password Exporter) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yjucofau.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}
[2010/07/27 10:53:37 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yjucofau.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/07/11 05:46:20 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yjucofau.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/07/30 06:04:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yjucofau.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2010/05/07 06:28:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yjucofau.default\extensions\DeviceDetection@logitech.com
[2010/05/09 06:50:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yjucofau.default\extensions\flvmoviesdownloader@rzll
[2009/05/11 14:25:32 | 000,002,207 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yjucofau.default\searchplugins\askcom.xml
[2009/05/11 14:20:32 | 000,000,705 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yjucofau.default\searchplugins\webster.xml
[2010/08/15 10:27:18 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/11 12:01:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/11 21:06:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/05/07 13:39:51 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2010/01/13 16:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll

O1 HOSTS File: ([2004/08/04 06:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Tonec Inc.)
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll File not found
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [PhoneTray] C:\Program Files\Traysoft\PhoneTray\PhoneTray.exe ()
O4 - HKLM..\Run: [POINTER] File not found
O4 - HKLM..\Run: [TaskPlus] C:\Program Files\TaskPlus\taskplus0.exe (Contact Plus Corporation)
O4 - HKCU..\Run: [StartWatch] C:\Program Files\SoftWx\StartWatch\StartWatch.exe (SoftWx Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled [2010/06/03 06:50:19 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Shortcut to toggler.exe.lnk = C:\Program Files\Toggler\togglr10\toggler.exe (Aestas Software)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\MailWasherPro.lnk = C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe (Firetrust Ltd)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Printkey.exe (Fred's Software Company)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Virtual Weather Station.lnk = C:\vws\vws.exe (Ambient, LLC)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\WallMaster.lnk = C:\Program Files\WallMaster\wallmast.exe (Tropical Wares)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 01 00 00 00 [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 01 00 00 00 [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 01 00 00 00 [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 01 00 00 00 [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyDocs = 01 00 00 00 [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 01 00 00 00 [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\System32\idmmbc.dll (Tonec Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1273193430734 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1274974253500 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {A27C56D2-3F58-4ABB-AA31-1168EDA6636F} http://utilities.pcp...ols/pcmatic.cab (PCMaticVer Class)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 74.50.130.108 74.50.130.109
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/05/06 18:20:55 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/01/15 16:08:02 | 000,000,062 | ---- | M] () - D:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17746534284132352)

========== Files/Folders - Created Within 90 Days ==========

[2010/08/14 06:50:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Application Updater
[2010/08/13 18:16:22 | 000,000,000 | ---D | C] -- C:\Program Files\Lavalys
[2010/08/13 16:10:21 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Streets and Trips Essentials
[2010/08/13 16:10:09 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Location Finder
[2010/08/13 16:07:52 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft ActiveSync
[2010/08/13 16:07:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\ShellNew
[2010/08/13 16:07:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Designer
[2010/08/13 16:03:47 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works Suite 2006
[2010/08/11 21:06:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/08/11 09:06:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\F-Secure
[2010/08/10 18:44:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2010/08/10 18:44:20 | 000,000,000 | ---D | C] -- C:\Program Files\PCPitstop
[2010/08/09 14:59:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\1982
[2010/08/09 14:58:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Grand Canyon 2010
[2010/08/09 07:02:50 | 000,000,000 | ---D | C] -- C:\Program Files\Belarc
[2010/08/09 06:52:08 | 000,000,000 | ---D | C] -- C:\Program Files\SIW
[2010/08/08 19:32:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\EOB
[2010/08/06 11:36:23 | 000,000,000 | ---D | C] -- C:\Program Files\Seagate
[2010/08/06 11:36:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2010/08/06 11:35:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Downloaded Installations
[2010/08/06 11:35:46 | 000,000,000 | -HSD | C] -- C:\WINDOWS\ftpcache
[2010/08/05 18:33:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Wal-Mart
[2010/08/05 15:30:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Printer Info Cache
[2010/07/27 18:39:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\FxsTmp
[2010/07/17 06:22:33 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy
[2010/07/09 19:30:37 | 000,000,000 | ---D | C] -- C:\My GPS
[2010/07/08 08:54:04 | 000,000,000 | ---D | C] -- C:\Program Files\Content Manager
[2010/07/07 06:30:08 | 000,674,280 | ---- | C] (ScreenTime Media) -- C:\WINDOWS\System32\3169437.scr
[2010/07/07 06:25:33 | 000,674,280 | ---- | C] (ScreenTime Media) -- C:\WINDOWS\System32\hiddentreasure_3262482.scr
[2010/07/05 11:25:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avery
[2010/07/05 11:25:31 | 000,000,000 | ---D | C] -- C:\Program Files\Avery Dennison
[2010/07/05 08:42:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\dwhelper
[2010/07/05 08:39:48 | 000,000,000 | ---D | C] -- C:\Program Files\ConvertHelper
[2010/07/04 14:25:31 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/07/04 14:22:38 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/07/04 14:22:38 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/07/04 14:22:38 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/07/01 14:30:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Maps
[2010/06/29 18:25:29 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2010/06/29 01:50:39 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
[2010/06/28 06:28:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Search Settings
[2010/06/28 06:28:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\pdfforge
[2010/06/28 06:26:39 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater
[2010/06/28 06:26:38 | 000,000,000 | ---D | C] -- C:\Program Files\zpdfforge Toolbar
[2010/06/28 06:25:22 | 000,000,000 | ---D | C] -- C:\Program Files\PDFCreator
[2010/06/17 06:23:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\assembly
[2010/06/16 06:33:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Softland
[2010/06/16 06:05:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\COMODO
[2010/06/16 06:03:25 | 000,000,000 | ---D | C] -- C:\Program Files\FireTrust
[2010/06/15 15:41:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Comodo Downloader
[2010/06/12 18:26:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\WMTools Downloaded Files
[2010/06/12 18:23:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\RegisteredPackages
[2010/06/12 11:49:11 | 000,000,000 | ---D | C] -- C:\Program Files\Magellan
[2010/06/12 06:46:30 | 000,000,000 | ---D | C] -- C:\Program Files\movie maker
[2010/06/10 06:28:10 | 000,000,000 | ---D | C] -- C:\Program Files\WinDirStat
[2010/06/07 19:01:22 | 000,000,000 | ---D | C] -- C:\Program Files\Encore
[2010/06/03 14:42:11 | 000,674,280 | ---- | C] (ScreenTime Media) -- C:\WINDOWS\System32\serenity_3262480.scr
[2010/06/03 14:41:25 | 000,674,280 | ---- | C] (ScreenTime Media) -- C:\WINDOWS\System32\felinefright_3169436.scr
[2010/06/03 14:41:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Screentime
[2010/06/03 14:41:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Screentime
[2010/06/03 06:50:19 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled
[2010/06/03 06:41:23 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard
[2010/06/02 16:52:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\HpUpdate
[2010/06/02 16:52:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\Hewlett-Packard
[2010/06/02 16:24:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\My Albums
[2010/06/02 16:24:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\IsolatedStorage
[2010/05/28 18:20:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\HP
[2010/05/28 15:42:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Wal-Mart Digital Photo Manager
[2010/05/28 15:08:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Help
[2010/05/28 15:08:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Help
[2010/05/28 14:57:47 | 000,000,000 | ---D | C] -- C:\WESTWOOD
[2010/05/27 10:56:25 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2010/05/27 06:25:41 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/05/27 06:25:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2010/05/27 06:24:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010/05/27 06:24:36 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/05/27 06:24:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2010/05/26 19:15:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Talkback
[2010/05/26 08:05:55 | 000,029,184 | ---- | C] (Silitek Corp.) -- C:\WINDOWS\System32\Sktempdm.exe
[2010/05/26 08:05:49 | 000,060,416 | ---- | C] (Silitek Corp.) -- C:\WINDOWS\System32\SKMEDIA.DLL
[2010/05/26 08:05:49 | 000,029,184 | ---- | C] (Silitek Corp.) -- C:\WINDOWS\System32\SK2000DM.EXE
[2010/05/26 08:05:48 | 000,138,240 | ---- | C] (Silitek Corporation) -- C:\WINDOWS\System32\MMKEYBD.EXE
[2010/05/26 08:05:48 | 000,123,904 | ---- | C] (Silitek Corporation) -- C:\WINDOWS\System32\SKUNINST.EXE
[2010/05/26 08:05:48 | 000,112,640 | ---- | C] (Silitek Corp.) -- C:\WINDOWS\System32\SKUTIL.DLL
[2010/05/26 08:05:48 | 000,066,048 | ---- | C] (Silitek Corporation) -- C:\WINDOWS\System32\SK9910DM.EXE
[2010/05/26 08:05:48 | 000,053,760 | ---- | C] (Silitek Corp.) -- C:\WINDOWS\System32\SKSETUP.DLL
[2010/05/26 08:05:48 | 000,037,888 | ---- | C] (Silitek Corp.) -- C:\WINDOWS\System32\SKOSD.DLL
[2010/05/26 08:05:48 | 000,013,508 | ---- | C] (Silitek Corp.) -- C:\WINDOWS\System32\drivers\Sk9910uf.sys
[2010/05/26 06:14:07 | 000,000,000 | ---D | C] -- C:\Program Files\XLABELS
[2010/05/26 06:13:48 | 000,000,000 | ---D | C] -- C:\Trailer
[2010/05/25 17:35:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Roxio

========== Files - Modified Within 90 Days ==========

[2010/08/15 19:56:43 | 005,767,168 | ---- | M] () -- C:\Documents and Settings\Owner\ntuser.dat
[2010/08/15 19:54:58 | 000,268,856 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010/08/15 19:54:53 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/15 19:54:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/15 19:54:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2010/08/15 19:54:37 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2010/08/15 12:51:24 | 000,051,726 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\2.gif
[2010/08/15 12:51:00 | 000,022,237 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\1.gif
[2010/08/15 08:09:45 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\GBM - Weekly-Full.job
[2010/08/15 06:35:16 | 000,700,416 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\JDH.paf
[2010/08/15 06:34:42 | 000,015,596 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\NEWEXPORT.lst
[2010/08/15 06:25:12 | 000,000,862 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/08/15 06:25:12 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/08/15 06:25:12 | 000,000,261 | ---- | M] () -- C:\WINDOWS\SYSTEM.INI
[2010/08/15 05:38:24 | 000,004,972 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat
[2010/08/14 08:37:24 | 017,767,750 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\14.reg
[2010/08/13 19:07:49 | 005,089,178 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2010/08/13 16:24:45 | 000,259,048 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/13 16:16:40 | 000,061,272 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/08/13 16:08:10 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2010/08/13 16:07:52 | 000,001,730 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
[2010/08/13 06:13:31 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/08/13 06:11:36 | 000,504,030 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/13 06:11:36 | 000,442,796 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/13 06:11:36 | 000,071,936 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/11 19:03:18 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\My machine.doc
[2010/08/10 18:53:06 | 000,262,144 | ---- | M] () -- C:\Documents and Settings\All Users\ntuser.dat
[2010/08/10 05:54:42 | 000,013,694 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/09 07:02:53 | 000,001,766 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Belarc Advisor.lnk
[2010/08/04 18:28:43 | 000,132,599 | ---- | M] () -- C:\WINDOWS\System32\AdobeFnt.lst
[2010/08/04 06:21:05 | 000,012,800 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/28 10:39:01 | 000,001,071 | ---- | M] () -- C:\WINDOWS\AWMODEM.INF
[2010/07/27 18:39:18 | 000,000,535 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2010/07/17 17:02:59 | 000,001,686 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2010/07/14 09:20:29 | 000,004,608 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\South Pass.est
[2010/07/10 11:19:36 | 000,000,178 | ---- | M] () -- C:\WINDOWS\QUICKEN.INI
[2010/07/07 18:40:53 | 000,053,248 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Return Address Labels.doc
[2010/07/07 06:30:08 | 000,674,280 | ---- | M] (ScreenTime Media) -- C:\WINDOWS\System32\3169437.scr
[2010/07/07 06:29:42 | 000,674,280 | ---- | M] (ScreenTime Media) -- C:\WINDOWS\System32\felinefright_3169436.scr
[2010/07/07 06:25:33 | 000,674,280 | ---- | M] (ScreenTime Media) -- C:\WINDOWS\System32\hiddentreasure_3262482.scr
[2010/06/29 01:50:41 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/06/28 14:57:33 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
[2010/06/28 14:57:12 | 000,165,032 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/06/28 14:37:52 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/06/28 14:37:30 | 000,165,456 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/06/28 14:33:13 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/06/28 14:32:45 | 000,100,176 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/06/28 14:32:42 | 000,094,544 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/06/28 14:32:33 | 000,017,744 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/06/28 14:32:16 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/06/22 06:01:29 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Brandi Howard.doc
[2010/06/17 09:24:15 | 000,000,211 | ---- | M] () -- C:\zBoot.bak
[2010/06/12 06:45:27 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2010/06/10 16:05:17 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\BIPORT
[2010/06/03 14:42:11 | 000,674,280 | ---- | M] (ScreenTime Media) -- C:\WINDOWS\System32\serenity_3262480.scr
[2010/06/03 06:42:03 | 000,105,199 | ---- | M] () -- C:\WINDOWS\HPFins09.dat
[2010/06/03 06:39:40 | 000,000,171 | ---- | M] () -- C:\WINDOWS\System32\AddPort.ini
[2010/06/03 06:39:36 | 000,000,769 | ---- | M] () -- C:\WINDOWS\hpntwksetup.ini
[2010/06/02 16:24:02 | 000,000,128 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2010/05/28 18:20:35 | 000,019,497 | ---- | M] () -- C:\WINDOWS\hpqins13.dat
[2010/05/27 06:00:23 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/05/25 17:35:00 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\rx_image32.Cache

========== Files Created - No Company Name ==========

[2010/08/15 12:51:23 | 000,051,726 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\2.gif
[2010/08/15 12:51:00 | 000,022,237 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\1.gif
[2010/08/15 06:34:42 | 000,015,596 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\NEWEXPORT.lst
[2010/08/15 06:31:53 | 000,700,416 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\JDH.paf
[2010/08/14 08:37:24 | 017,767,750 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\14.reg
[2010/08/13 16:07:52 | 000,001,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
[2010/08/11 19:03:17 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\My machine.doc
[2010/08/10 18:53:06 | 000,262,144 | ---- | C] () -- C:\Documents and Settings\All Users\ntuser.dat
[2010/08/10 18:53:06 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\All Users\ntuser.dat.LOG
[2010/08/09 07:02:52 | 000,001,766 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Belarc Advisor.lnk
[2010/08/09 07:02:50 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2010/07/28 10:39:01 | 000,001,071 | ---- | C] () -- C:\WINDOWS\AWMODEM.INF
[2010/07/27 18:39:12 | 000,000,535 | ---- | C] () -- C:\WINDOWS\System32\mapisvc.inf
[2010/07/27 18:39:10 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2010/07/27 18:39:10 | 000,001,361 | ---- | C] () -- C:\WINDOWS\System32\fxscount.h
[2010/07/14 09:20:29 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\South Pass.est
[2010/07/07 18:40:53 | 000,053,248 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Return Address Labels.doc
[2010/07/04 14:25:35 | 000,000,211 | ---- | C] () -- C:\zBoot.bak
[2010/07/04 14:25:33 | 000,260,272 | ---- | C] () -- C:\zcmldr
[2010/07/04 14:22:38 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/07/04 14:22:38 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/07/04 14:22:38 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/07/04 14:22:38 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/07/04 14:22:38 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/06/28 06:25:23 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2010/06/22 06:01:28 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Brandi Howard.doc
[2010/06/12 11:49:39 | 000,007,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\enodpl.sys
[2010/06/12 11:49:39 | 000,004,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\tandpl.sys
[2010/06/03 06:39:23 | 000,000,769 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2010/06/03 06:37:44 | 000,105,199 | ---- | C] () -- C:\WINDOWS\HPFins09.dat
[2010/06/03 06:37:44 | 000,003,732 | ---- | C] () -- C:\WINDOWS\hpfmdl09.dat
[2010/06/02 16:24:02 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2010/06/01 10:21:44 | 005,767,168 | ---- | C] () -- C:\Documents and Settings\Owner\ntuser.dat
[2010/05/28 18:19:21 | 000,019,497 | ---- | C] () -- C:\WINDOWS\hpqins13.dat
[2010/05/28 15:00:57 | 000,001,966 | ---- | C] () -- C:\WINDOWS\System\DVA.386
[2010/05/26 19:15:13 | 000,001,686 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2010/05/26 08:05:49 | 000,000,258 | ---- | C] () -- C:\WINDOWS\System32\UPDATE.INI
[2010/05/26 06:01:09 | 000,000,005 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DragToDiscUserNameE.txt
[2010/05/25 17:43:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\BIPORT
[2010/05/25 17:35:00 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\rx_image32.Cache
[2010/05/11 15:03:24 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2010/05/08 10:39:55 | 000,000,577 | ---- | C] () -- C:\WINDOWS\System32\gmsblist.dll
[2010/05/08 09:34:30 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\ImgLibLead.dll
[2010/05/08 09:34:29 | 000,100,864 | ---- | C] () -- C:\WINDOWS\System32\Dc50ip32.dll
[2010/05/08 09:34:29 | 000,065,864 | ---- | C] () -- C:\WINDOWS\System32\Digita.sys
[2010/05/08 09:34:29 | 000,007,808 | ---- | C] () -- C:\WINDOWS\System32\dc240u.sys
[2010/05/08 09:34:25 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2010/05/08 09:13:00 | 000,004,972 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat
[2010/05/08 09:03:47 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/05/08 06:36:34 | 000,000,048 | ---- | C] () -- C:\WINDOWS\TaxACT09.ini
[2010/05/08 06:16:26 | 000,000,131 | ---- | C] () -- C:\WINDOWS\EurekaLog.ini
[2010/05/08 06:16:15 | 000,000,048 | ---- | C] () -- C:\WINDOWS\System32\gr6rlzay.dll
[2010/05/07 15:52:32 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[2010/05/07 15:38:13 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\lfkodak.dll
[2010/05/07 14:00:04 | 000,000,068 | ---- | C] () -- C:\WINDOWS\IDMan.INI
[2010/05/07 12:06:47 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2010/05/07 12:06:45 | 000,000,171 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2010/05/07 12:04:37 | 000,015,595 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2010/05/07 11:39:23 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\Jpeg32.dll
[2010/05/07 11:39:18 | 000,001,042 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2010/05/07 11:39:18 | 000,000,090 | ---- | C] () -- C:\WINDOWS\calera.ini
[2010/05/07 11:39:15 | 000,269,312 | ---- | C] () -- C:\WINDOWS\System32\FPXIG.DLL
[2010/05/07 11:39:15 | 000,068,096 | ---- | C] () -- C:\WINDOWS\System32\IGFPX32P.DLL
[2010/05/07 11:39:15 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\JPEGACC.DLL
[2010/05/07 11:39:09 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\WELSOF32.DLL
[2010/05/07 11:31:57 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
[2010/05/07 11:31:57 | 000,000,166 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/05/07 11:24:42 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2010/05/07 10:41:24 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2010/05/07 10:22:34 | 000,000,178 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2010/05/06 22:05:07 | 000,012,800 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/06 18:44:00 | 000,876,544 | ---- | C] () -- C:\WINDOWS\System32\TEACico2.dll
[2009/10/07 01:46:36 | 000,025,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2009/10/07 01:23:08 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2009/04/30 22:39:36 | 000,082,289 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2008/06/16 13:47:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/01/30 15:07:46 | 000,245,408 | ---- | C] () -- C:\WINDOWS\System32\unicows.dll
[2001/07/06 16:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1999/08/12 00:00:00 | 001,708,032 | ---- | C] () -- C:\WINDOWS\System32\MSO97V.DLL
[1999/08/12 00:00:00 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1999/08/12 00:00:00 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\MSORFS.DLL
[1999/08/12 00:00:00 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

========== LOP Check ==========

[2010/05/06 18:46:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/07/05 11:25:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avery
[2010/08/11 09:06:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\F-Secure
[2010/05/07 15:28:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Genie-Soft
[2010/05/08 10:23:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Karen's Power Tools
[2010/05/07 16:17:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\National Instruments
[2010/05/08 11:33:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2010/08/11 06:40:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2010/07/07 06:30:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Screentime
[2010/08/06 11:36:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2010/06/12 06:32:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2010/06/16 06:33:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Softland
[2010/08/15 19:57:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/05/07 11:08:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
[2010/08/14 06:50:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Application Updater
[2010/05/08 15:05:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Auslogics
[2010/08/15 19:58:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DMCache
[2010/05/11 18:44:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\EPSON
[2010/05/07 13:40:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Foxit
[2010/05/07 11:33:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Genie-soft
[2010/08/03 10:34:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\IDM
[2010/06/03 06:47:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Image Zone Express
[2010/05/07 05:10:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2010/08/15 19:57:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MailWasherPro
[2010/05/08 11:33:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\NCH Swift Sound
[2010/06/28 06:28:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\pdfforge
[2010/08/05 15:30:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Printer Info Cache
[2010/06/28 06:28:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Search Settings
[2010/06/16 06:33:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Softland
[2010/08/09 19:10:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Template
[2010/05/07 06:29:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Thunderbird
[2010/08/05 18:33:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Wal-Mart
[2010/08/05 15:27:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Wal-Mart Digital Photo Manager
[2010/08/15 08:09:45 | 000,000,356 | ---- | M] () -- C:\WINDOWS\Tasks\GBM - Weekly-Full.job

========== Purity Check ==========

========== Custom Scans ==========

< >

< %SYSTEMDRIVE%\*.exe >

< MD5 for: AGP440.SYS >
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386\atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008/04/14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: IASTOR.SYS >
[2007/03/21 13:58:56 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\dell\drivers\Storage manager\iastor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008/04/14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2008/04/14 05:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008/04/14 05:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: USERINIT.EXE >
[2008/04/14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2010/05/06 12:03:40 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2010/05/06 12:03:40 | 001,064,960 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2010/05/06 12:03:40 | 000,937,984 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

========== Alternate Data Streams ==========

@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:631CA307
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0D3D740E
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >
I keep getting a "message too long error"
So I will attach the rrst of the files

Thanks for looking

Attached Files

gmer.log 92.87K 17 downloads

#2 Broni Re: [RESOLVED] Bancos IXQ and System Surveillance Pro 4.2

Malware Annihilator

24,345 posts
Joined: October 04, 2004
1,748 topics
Age: 57
Skin: IPBoard wide
Local time: 01:01 PM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Online

Time Online: 40d 22h 16m 35s

Posted 16 August 2010 - 09:53 PM

Welcome aboard Posted Image

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

====================================================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt"

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

#3 jdhoward Re: [RESOLVED] Bancos IXQ and System Surveillance Pro 4.2

$ Supporting Member

27 posts
Joined: August 16, 2010
4 topics
Skin: IP.Board
Local time: 02:01 PM

Zodiac:Aquarius
Gender:Male
OS:Windows XP
Country:

Offline

Time Online: 3h 43s

Posted 16 August 2010 - 10:46 PM

Hi Broni,
I have watched you help folks on a few forums for quite a while, I am lucky you responded.
After Combofix restarted the machine all of my security programs restarted. The Combofix window said not to run any programs. So if I need to I can disable all in msconfig and rerun combofix.

ComboFix 10-08-16.01 - Owner 08/16/2010 16:25:34.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1200 [GMT -6:00]
Running from: c:\documents and settings\Owner\Desktop\Downloaded\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\3169437.scr
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_PROCEXP141

((((((((((((((((((((((((( Files Created from 2010-07-16 to 2010-08-16 )))))))))))))))))))))))))))))))
.

2010-08-15 18:40 . 2010-08-15 18:40 -------- d-----w- c:\windows\system32\wbem\Repository
2010-08-15 14:09 . 2010-08-15 14:01 1109 ----a-w- c:\documents and settings\Owner\Application Data\Genie-soft\GBMPro8\Jobs\Weekly\00000011\maindata.sys
2010-08-14 12:50 . 2010-08-14 12:50 -------- d-----w- c:\documents and settings\Owner\Application Data\Application Updater
2010-08-14 00:16 . 2010-08-14 00:16 -------- d-----w- c:\program files\Lavalys
2010-08-13 22:10 . 2010-08-13 22:12 -------- d-----w- c:\program files\Microsoft Streets and Trips Essentials
2010-08-13 22:10 . 2010-08-13 22:19 -------- d-----w- c:\program files\Microsoft Location Finder
2010-08-13 22:07 . 2010-08-13 22:07 -------- d-----w- c:\program files\Microsoft ActiveSync
2010-08-13 22:07 . 2010-08-13 22:07 -------- d-----w- c:\windows\ShellNew
2010-08-13 22:03 . 2010-08-13 22:03 -------- d-----w- c:\program files\Microsoft Works Suite 2006
2010-08-12 20:35 . 2008-04-14 11:41 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2010-08-12 20:35 . 2008-04-14 11:41 21504 ----a-w- c:\windows\system32\hidserv.dll
2010-08-12 03:06 . 2010-08-12 03:06 -------- d-----w- c:\program files\Common Files\Java
2010-08-12 03:06 . 2010-08-12 03:06 503808 ------w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-556065a3-n\msvcp71.dll
2010-08-12 03:06 . 2010-08-12 03:06 499712 ------w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-556065a3-n\jmc.dll
2010-08-12 03:06 . 2010-08-12 03:06 348160 ------w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-556065a3-n\msvcr71.dll
2010-08-12 03:06 . 2010-08-12 03:06 61440 ------w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-568916e7-n\decora-sse.dll
2010-08-12 03:06 . 2010-08-12 03:06 12800 ------w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-568916e7-n\decora-d3d.dll
2010-08-11 21:18 . 2009-08-07 01:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-08-11 15:06 . 2010-08-11 15:06 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure
2010-08-11 00:44 . 2010-08-11 12:40 -------- d-----w- c:\documents and settings\All Users\Application Data\PCPitstop
2010-08-11 00:44 . 2010-08-11 12:41 -------- d-----w- c:\program files\PCPitstop
2010-08-09 13:02 . 2010-08-09 13:02 -------- d-----w- c:\program files\Belarc
2010-08-09 13:02 . 2008-02-27 19:49 3840 ----a-w- c:\windows\system32\drivers\BANTExt.sys
2010-08-09 12:52 . 2010-08-09 12:52 -------- d-----w- c:\program files\SIW
2010-08-08 14:06 . 2010-08-08 14:01 1109 ------w- c:\documents and settings\Owner\Application Data\Genie-soft\GBMPro8\Jobs\Weekly\00000010\maindata.sys
2010-08-06 17:36 . 2010-08-06 17:36 -------- d-----w- c:\program files\Seagate
2010-08-06 17:36 . 2010-08-06 17:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Seagate
2010-08-06 17:35 . 2010-08-06 17:49 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Downloaded Installations
2010-08-06 17:35 . 2010-08-06 17:35 -------- d-sh--w- c:\windows\ftpcache
2010-08-06 00:33 . 2010-08-06 00:33 -------- d-----w- c:\documents and settings\Owner\Application Data\Wal-Mart
2010-08-05 21:30 . 2010-08-05 21:30 -------- d-----w- c:\documents and settings\Owner\Application Data\Printer Info Cache
2010-08-01 14:03 . 2010-08-01 14:01 1109 ------w- c:\documents and settings\Owner\Application Data\Genie-soft\GBMPro8\Jobs\Weekly\00000009\maindata.sys
2010-07-28 00:39 . 2010-08-13 21:59 -------- d-----w- c:\windows\system32\FxsTmp
2010-07-28 00:39 . 2004-08-04 12:00 31744 -c--a-w- c:\windows\system32\dllcache\fxsroute.dll
2010-07-28 00:39 . 2004-08-04 12:00 31744 ----a-w- c:\windows\system32\fxsroute.dll
2010-07-28 00:39 . 2004-08-04 12:00 11264 -c--a-w- c:\windows\system32\dllcache\fxssend.exe
2010-07-28 00:39 . 2004-08-04 12:00 11264 ----a-w- c:\windows\system32\fxssend.exe
2010-07-28 00:39 . 2004-08-04 12:00 132608 -c--a-w- c:\windows\system32\dllcache\fxsclntr.dll
2010-07-28 00:39 . 2004-08-04 12:00 132608 ----a-w- c:\windows\system32\fxsclntR.dll
2010-07-28 00:39 . 2004-08-04 12:00 111104 -c--a-w- c:\windows\system32\dllcache\fxscfgwz.dll
2010-07-28 00:39 . 2004-08-04 12:00 111104 ----a-w- c:\windows\system32\fxscfgwz.dll
2010-07-18 14:04 . 2010-07-18 14:01 1109 ------w- c:\documents and settings\Owner\Application Data\Genie-soft\GBMPro8\Jobs\Weekly\00000008\maindata.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-16 22:34 . 2010-05-07 16:33 -------- d-----w- c:\documents and settings\Owner\Application Data\MailWasherPro
2010-08-16 22:33 . 2010-05-07 20:26 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-08-16 22:32 . 2010-05-07 03:47 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-08-16 22:32 . 2010-05-07 03:47 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2010-08-16 20:46 . 2010-05-08 15:13 5102 ----a-w- c:\documents and settings\Owner\Application Data\wklnhst.dat
2010-08-16 16:44 . 2010-06-28 12:25 -------- d-----w- c:\program files\PDFCreator
2010-08-16 01:58 . 2010-05-07 19:55 -------- d-----w- c:\documents and settings\Owner\Application Data\DMCache
2010-08-15 12:32 . 2010-05-07 21:52 -------- d-----w- c:\program files\The Master Genealogist
2010-08-14 22:53 . 2010-05-07 20:33 -------- d-----w- c:\documents and settings\Owner\Application Data\Skype
2010-08-14 22:35 . 2010-05-07 20:40 -------- d-----w- c:\documents and settings\Owner\Application Data\skypePM
2010-08-13 22:16 . 2010-05-07 02:24 61272 ------w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-13 22:08 . 2010-05-08 15:01 -------- d-----w- c:\program files\Microsoft Works
2010-08-12 03:05 . 2010-05-11 18:00 -------- d-----w- c:\program files\Java
2010-08-10 01:10 . 2010-05-08 15:18 -------- d-----w- c:\documents and settings\Owner\Application Data\Template
2010-08-06 17:52 . 2010-05-07 00:32 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-05 21:27 . 2010-05-28 21:42 -------- d-----w- c:\documents and settings\Owner\Application Data\Wal-Mart Digital Photo Manager
2010-08-03 16:34 . 2010-05-07 19:55 -------- d-----w- c:\documents and settings\Owner\Application Data\IDM
2010-07-29 15:19 . 2010-05-07 19:40 -------- d-----w- c:\program files\Foxit Software
2010-07-26 22:45 . 2010-05-07 23:03 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-07-17 23:02 . 2010-05-07 12:27 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-07-17 12:22 . 2010-07-17 12:22 -------- d-----w- c:\program files\Speccy
2010-07-17 11:00 . 2010-05-11 18:01 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-11 21:42 . 2010-05-07 12:54 -------- d-----w- c:\program files\Firaxis Games
2010-07-11 14:01 . 2010-07-11 14:05 1109 ------w- c:\documents and settings\Owner\Application Data\Genie-soft\GBMPro8\Jobs\Weekly\00000007\maindata.sys
2010-07-10 01:29 . 2010-06-12 17:49 -------- d-----w- c:\program files\Magellan
2010-07-08 18:47 . 2010-07-08 14:54 -------- d-----w- c:\program files\Content Manager
2010-07-08 16:21 . 2010-06-28 12:26 -------- d-----w- c:\program files\zpdfforge Toolbar
2010-07-08 00:40 . 2010-05-08 16:57 -------- d-----w- c:\program files\Avery Wizard
2010-07-07 12:30 . 2010-07-07 12:30 36840 ------w- c:\documents and settings\All Users\Application Data\Screentime\3169437\saver1.dll
2010-07-07 12:30 . 2010-07-07 12:30 20728 ------w- c:\documents and settings\All Users\Application Data\Screentime\3169437\saver2.dll
2010-07-07 12:30 . 2010-06-03 20:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Screentime
2010-07-07 12:29 . 2010-07-07 12:29 36840 ------w- c:\documents and settings\All Users\Application Data\Screentime\felinefright_3169436\saver1.dll
2010-07-07 12:29 . 2010-07-07 12:29 20728 ------w- c:\documents and settings\All Users\Application Data\Screentime\felinefright_3169436\saver2.dll
2010-07-07 12:29 . 2010-06-03 20:41 674280 ----a-w- c:\windows\system32\felinefright_3169436.scr
2010-07-07 12:25 . 2010-07-07 12:25 36840 ------w- c:\documents and settings\All Users\Application Data\Screentime\hiddentreasure_3262482\saver1.dll
2010-07-07 12:25 . 2010-07-07 12:25 20728 ------w- c:\documents and settings\All Users\Application Data\Screentime\hiddentreasure_3262482\saver2.dll
2010-07-07 12:25 . 2010-07-07 12:25 674280 ----a-w- c:\windows\system32\hiddentreasure_3262482.scr
2010-07-06 22:24 . 2010-07-06 22:24 242976 ------w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\QWPATCH.EXE
2010-07-05 17:25 . 2010-07-05 17:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Avery
2010-07-05 17:25 . 2010-07-05 17:25 -------- d-----w- c:\program files\Avery Dennison
2010-07-05 14:39 . 2010-07-05 14:39 -------- d-----w- c:\program files\ConvertHelper
2010-07-04 14:01 . 2010-07-04 14:15 1109 ------w- c:\documents and settings\Owner\Application Data\Genie-soft\GBMPro8\Jobs\Weekly\00000006\maindata.sys
2010-07-02 01:06 . 2010-05-07 20:55 -------- d-----w- c:\program files\MSECache
2010-07-01 22:10 . 2010-06-30 00:25 -------- d-----w- c:\program files\ATI
2010-07-01 12:35 . 2010-05-07 20:26 -------- d-----w- c:\program files\TaskPlus
2010-06-30 12:31 . 2008-04-14 11:42 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-30 12:12 . 2010-05-07 16:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Cyberlink
2010-06-28 20:57 . 2010-06-29 07:50 38848 ----a-w- c:\windows\avastSS.scr
2010-06-28 20:57 . 2010-05-13 13:10 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-28 20:37 . 2010-05-13 13:11 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-28 20:37 . 2010-05-13 13:11 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-28 20:33 . 2010-05-13 13:11 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-28 20:32 . 2010-05-13 13:11 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-06-28 20:32 . 2010-05-13 13:11 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-06-28 20:32 . 2010-05-13 13:11 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-28 20:32 . 2010-05-13 13:11 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-06-28 12:28 . 2010-06-28 12:28 -------- d-----w- c:\documents and settings\Owner\Application Data\Search Settings
2010-06-28 12:28 . 2010-06-28 12:28 -------- d-----w- c:\documents and settings\Owner\Application Data\pdfforge
2010-06-28 12:26 . 2010-06-28 12:26 -------- d-----w- c:\program files\Application Updater
2010-06-24 12:22 . 2008-04-14 11:42 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2008-04-14 07:00 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2008-04-14 06:45 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-20 14:00 . 2010-06-20 14:03 1109 ------w- c:\documents and settings\Owner\Application Data\Genie-soft\GBMPro8\Jobs\Weekly\00000005\maindata.sys
2010-06-20 12:03 . 2010-05-07 22:54 -------- d-----w- c:\program files\SpywareBlaster
2010-06-17 14:03 . 2008-04-14 11:41 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2010-05-07 00:19 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41 . 2008-04-14 11:42 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-13 14:01 . 2010-06-13 14:17 1109 ------w- c:\documents and settings\Owner\Application Data\Genie-soft\GBMPro8\Jobs\Weekly\00000004\maindata.sys
2010-06-10 12:27 . 2010-05-26 00:10 218544 ------w- c:\documents and settings\Owner\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
2010-06-09 16:57 . 2010-06-09 16:55 3205464 ------w- c:\documents and settings\Owner\Application Data\IDM\idmupdt.exe
2010-06-06 14:01 . 2010-06-06 14:03 1109 ------w- c:\documents and settings\Owner\Application Data\Genie-soft\GBMPro8\Jobs\Weekly\00000003\maindata.sys
2010-06-04 17:55 . 2010-06-04 17:55 229312 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2010-06-03 20:42 . 2010-06-03 20:42 20728 ------w- c:\documents and settings\All Users\Application Data\Screentime\serenity_3262480\saver2.dll
2010-06-03 20:42 . 2010-06-03 20:42 674280 ----a-w- c:\windows\system32\serenity_3262480.scr
2010-06-03 20:42 . 2010-06-03 20:42 36840 ------w- c:\documents and settings\All Users\Application Data\Screentime\serenity_3262480\saver1.dll
2010-06-03 12:42 . 2010-06-03 12:37 105199 ----a-w- c:\windows\HPFins09.dat
2010-06-02 22:24 . 2010-06-02 22:24 128 ------w- c:\documents and settings\Owner\Local Settings\Application Data\fusioncache.dat
2010-06-02 01:00 . 2010-06-02 01:00 278288 ----a-w- c:\windows\system32\guard32.dll
2010-06-02 01:00 . 2010-06-02 01:00 87824 ----a-w- c:\windows\system32\drivers\inspect.sys
2010-06-02 01:00 . 2010-06-02 01:00 25240 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2010-06-02 01:00 . 2010-06-02 01:00 15464 ----a-w- c:\windows\system32\drivers\cmderd.sys
2010-05-30 14:01 . 2010-05-30 14:02 1109 ------w- c:\documents and settings\Owner\Application Data\Genie-soft\GBMPro8\Jobs\Weekly\00000002\maindata.sys
2010-05-29 00:20 . 2010-05-29 00:19 19497 ----a-w- c:\windows\hpqins13.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-07-26 2403568]
"StartWatch"="c:\program files\SoftWx\StartWatch\StartWatch.exe" [2008-01-14 315392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-01-12 110696]
"TaskPlus"="c:\program files\TaskPlus\taskplus0.exe" [2006-10-26 4653056]
"PhoneTray"="c:\program files\Traysoft\PhoneTray\PhoneTray.exe" [2009-04-15 445680]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-09-26 185640]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-12 13666408]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-06-02 2039240]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
MailWasherPro.lnk - c:\program files\FireTrust\MailWasher Pro\MailWasher.exe [2010-5-7 19317672]
Printkey.exe [1998-11-27 589824]
Virtual Weather Station.lnk - c:\vws\vws.exe [2010-1-23 21303296]
WallMaster.lnk - c:\program files\WallMaster\wallmast.exe [2010-5-7 288256]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Shortcut to toggler.exe.lnk - c:\program files\Toggler\togglr10\toggler.exe [2010-5-7 32256]

c:\documents and settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-9-24 282624]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLogoff"= 01000000
"NoRecentDocsNetHood"= 01000000
"NoSMMyDocs"= 01000000
"NoSMMyPictures"= 01000000

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 21:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^ERUNT AutoBackup.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
backup=c:\windows\pss\ERUNT AutoBackup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 11:42 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
2008-06-12 15:00 113136 ----a-w- c:\program files\Roxio\CinePlayer\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager]
2006-10-12 21:57 102400 ------w- c:\program files\EPSON\Creativity Suite\Event Manager\EEventManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GBMPro8Agent]
2008-09-11 11:27 189056 ----a-w- c:\program files\Genie-Soft\GBMPro8\GBMAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-09-24 06:08 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
2010-05-26 13:03 3220912 ----a-w- c:\program files\Internet Download Manager\IDMan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2009-10-14 19:36 2793304 ----a-w- c:\program files\Logitech\Logitech WebCam Software\LWS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
2000-04-27 22:57 29184 ------w- c:\progra~1\ScanSoft\PAPERP~1\Pptd40nt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2009-09-11 19:36 128232 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPWebCap]
2000-04-27 23:12 40448 ------w- c:\progra~1\ScanSoft\PAPERP~1\PPWEBCAP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 03:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2008-06-23 15:05 244208 ----a-w- c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 17:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"CyberLink Media Library Service"=2 (0x2)
"CLSched"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5/13/2010 7:11 AM 165456]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [6/4/2010 11:55 AM 229312]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [6/1/2010 7:00 PM 25240]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/6/2010 5:10 PM 67656]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [1/8/2010 12:51 AM 380928]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/13/2010 7:11 AM 17744]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [9/25/2009 11:32 PM 189736]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [5/7/2010 4:45 PM 304464]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [5/7/2010 4:45 PM 20952]
S2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\Roxio\Digital Home 10\RoxioUpnpService10.exe [6/23/2008 9:08 AM 362992]
S2 SessionLauncher;SessionLauncher;c:\docume~1\Owner\LOCALS~1\Temp\DX9\SessionLauncher.exe --> c:\docume~1\Owner\LOCALS~1\Temp\DX9\SessionLauncher.exe [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [5/6/2010 6:32 PM 1691480]
S3 DIGIRPS;Digi PortServer Driver;c:\windows\system32\drivers\digirlpt.sys [5/26/2010 8:14 AM 42432]
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [6/23/2008 9:08 AM 313840]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [6/23/2008 9:05 AM 1120752]
S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/7/2010 2:42 PM 136176]
S4 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [6/23/2008 9:06 AM 309744]
S4 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [6/23/2008 9:06 AM 166384]
.
Contents of the 'Scheduled Tasks' folder

2010-08-15 c:\windows\Tasks\GBM - Weekly-Full.job
- c:\program files\Genie-Soft\GBMPro8\GBM8.exe [2010-05-07 11:27]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: Download All Links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
LSP: c:\windows\system32\idmmbc.dll
DPF: {A27C56D2-3F58-4ABB-AA31-1168EDA6636F} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\yjucofau.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - component: c:\documents and settings\Owner\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
FF - plugin: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\yjucofau.default\extensions\DeviceDetection@logitech.com\plugins\npLogitechDeviceDetection.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-POINTER - point32.exe
MSConfigStartUp-CMCService - c:\program files\ATI\Catalyst Media Center\CMCService.exe
MSConfigStartUp-nwiz - nwiz.exe
MSConfigStartUp-SearchSettings - c:\program files\pdfforge Toolbar\SearchSettings.exe
AddRemove-3169437 - c:\windows\system32\3169437.scr
AddRemove-TaxACT 2009 - c:\2ndsto~2\TAXACT~1\Unta09.exe
AddRemove-TaxACT 2009 New Mexico - c:\2ndsto~1\ZTAXAC~1\UnStTax.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-16 16:35
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3865db42-e2dd-47ea-a489-7438deda5a1b}]
@Denied: (Full) (Everyone)
"Model"=dword:000000bf
"Therad"=dword:00000008
"MData"=hex(0):6c,ad,00,7b,63,e8,0f,1b,e4,03,00,3d,ae,41,d7,9f,fd,5d,1e,41,88,
ed,a6,87,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):f0,53,08,91,44,9a,bf,d5,76,0b,ed,09,79,f2,c2,10,1d,c5,1d,39,0a,
15,76,22,1b,d1,a3,87,19,19,40,05,6e,2b,02,14,2c,66,b6,f4,00,00,00,00,00,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(772)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll

- - - - - - - > 'lsass.exe'(828)
c:\windows\system32\idmmbc.dll

- - - - - - - > 'explorer.exe'(4476)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Microsoft Hardware\Mouse\point32.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Seagate\SeagateManager\Sync\MaxSync.exe
c:\documents and settings\Owner\Start Menu\Programs\Startup\Printkey.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-08-16 16:39:11 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-16 22:39

Pre-Run: 442,080,768,000 bytes free
Post-Run: 441,818,525,696 bytes free

- - End Of File - - 509176E1493205DCF9AE858842F5018B

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x000003fc

Kernel Drivers (total 147):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xB85A8000 \WINDOWS\system32\KDCOM.DLL
0xB84B8000 \WINDOWS\system32\BOOTVID.dll
0xB7F79000 ACPI.sys
0xB85AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB7F68000 pci.sys
0xB80A8000 isapnp.sys
0xB8670000 pciide.sys
0xB8328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xB80B8000 MountMgr.sys
0xB7F49000 ftdisk.sys
0xB8330000 PartMgr.sys
0xB80C8000 VolSnap.sys
0xB7F31000 atapi.sys
0xB80D8000 disk.sys
0xB80E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB7F11000 fltMgr.sys
0xB7EFF000 sr.sys
0xB7EE9000 DRVMCDB.SYS
0xB80F8000 PxHelp20.sys
0xB7ED2000 KSecDD.sys
0xB7E45000 Ntfs.sys
0xB7E31000 inspect.sys
0xB7E04000 \WINDOWS\System32\DRIVERS\NDIS.SYS
0xB8338000 \WINDOWS\System32\DRIVERS\TDI.SYS
0xB7DEA000 Mup.sys
0xB768B000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB6C6E000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xB6C5A000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB6C19000 \SystemRoot\system32\DRIVERS\e1e5132.sys
0xB8410000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB6BF5000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xB8418000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB6BCD000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xB6B8B000 \SystemRoot\system32\DRIVERS\HSFHWBS2.sys
0xB6B68000 \SystemRoot\system32\DRIVERS\ks.sys
0xB6A76000 \SystemRoot\system32\DRIVERS\HSF_DPV.sys
0xB69C3000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xB8420000 \SystemRoot\System32\Drivers\Modem.SYS
0xB690B000 \SystemRoot\system32\DRIVERS\atinavrr.sys
0xB7DB2000 \SystemRoot\system32\DRIVERS\NCREMOTEPCI.SYS
0xB85DC000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xB7DAE000 \SystemRoot\system32\DRIVERS\BdaSup.SYS
0xB8428000 \SystemRoot\system32\DRIVERS\fdc.sys
0xB766B000 \SystemRoot\system32\DRIVERS\imapi.sys
0xB85DE000 \SystemRoot\System32\Drivers\DLACDBHM.SYS
0xB765B000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xB764B000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB868E000 \SystemRoot\system32\DRIVERS\audstub.sys
0xB763B000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xB7DA2000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB68F4000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xB8138000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xB8148000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xB68E3000 \SystemRoot\system32\DRIVERS\psched.sys
0xB8158000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xB8430000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xB8438000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB8168000 \SystemRoot\system32\DRIVERS\termdd.sys
0xB8440000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xB8448000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xB85E0000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB6885000 \SystemRoot\system32\DRIVERS\update.sys
0xB7BDC000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xB8188000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xB81B8000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xB4063000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xB403F000 \SystemRoot\system32\drivers\portcls.sys
0xB81E8000 \SystemRoot\system32\drivers\drmk.sys
0xB3FB9000 \SystemRoot\System32\DRIVERS\cmdguard.sys
0xB860E000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xB87D3000 \SystemRoot\System32\Drivers\Null.SYS
0xB8610000 \SystemRoot\System32\Drivers\Beep.SYS
0xB8488000 \SystemRoot\System32\Drivers\DLARTL_M.SYS
0xB8490000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xB8498000 \SystemRoot\System32\drivers\vga.sys
0xB8612000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xB8614000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xB84A0000 \SystemRoot\System32\Drivers\Msfs.SYS
0xB84A8000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB7DBE000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB3F86000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xB3F2D000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xB84B0000 \SystemRoot\System32\DRIVERS\cmdhlp.sys
0xB3EDF000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xB8208000 \SystemRoot\System32\Drivers\aswTdi.SYS
0xB3EB7000 \SystemRoot\system32\DRIVERS\netbt.sys
0xB76E3000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xB3E95000 \SystemRoot\System32\drivers\afd.sys
0xB8218000 \SystemRoot\system32\DRIVERS\netbios.sys
0xB3E73000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0xB8348000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0xB3E48000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xB8228000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xB3DD8000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xB8238000 \SystemRoot\System32\Drivers\Fips.SYS
0xB87E1000 \SystemRoot\System32\Drivers\BANTExt.sys
0xB3D89000 \SystemRoot\System32\Drivers\aswSP.SYS
0xB8380000 \SystemRoot\System32\Drivers\Aavmker4.SYS
0xB8258000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB8268000 \SystemRoot\system32\DRIVERS\ser2pl.sys
0xB401B000 \SystemRoot\system32\DRIVERS\serenum.sys
0xB8390000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xB8398000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xB3FF3000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xB8288000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xB3719000 \SystemRoot\system32\DRIVERS\lvuvc.sys
0xB8298000 \SystemRoot\system32\drivers\usbaudio.sys
0xB36D9000 \SystemRoot\system32\DRIVERS\lvrs.sys
0xB7DC2000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xB3F29000 \SystemRoot\system32\DRIVERS\IPFilter.sys
0xB36C8000 \SystemRoot\System32\Drivers\Udfs.SYS
0xB3F15000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xB36B0000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xB864A000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB3DD4000 \SystemRoot\System32\drivers\Dxapi.sys
0xB83A8000 \SystemRoot\System32\watchdog.sys
0xBD000000 \SystemRoot\System32\drivers\dxg.sys
0xB86D6000 \SystemRoot\System32\drivers\dxgthk.sys
0xBD012000 \SystemRoot\System32\nv4_disp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xB33DC000 \??\C:\WINDOWS\system32\drivers\mbam.sys
0xB33D8000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0xB81A8000 \SystemRoot\System32\Drivers\DRVNDDM.SYS
0xB878F000 \SystemRoot\System32\DLA\DLADResM.SYS
0xB3290000 \SystemRoot\System32\DLA\DLAIFS_M.SYS
0xB83C8000 \SystemRoot\System32\DLA\DLAOPIOM.SYS
0xB8666000 \SystemRoot\System32\DLA\DLAPoolM.SYS
0xB83D0000 \SystemRoot\System32\DLA\DLABMFSM.SYS
0xB83D8000 \SystemRoot\System32\DLA\DLABOIOM.SYS
0xB322A000 \SystemRoot\System32\DLA\DLAUDFAM.SYS
0xB3213000 \SystemRoot\System32\DLA\DLAUDF_M.SYS
0xB2F7C000 \SystemRoot\System32\Drivers\aswMon2.SYS
0xB2B57000 \SystemRoot\system32\drivers\wdmaud.sys
0xB35E8000 \SystemRoot\system32\drivers\sysaudio.sys
0xB2792000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xB85B8000 \SystemRoot\system32\drivers\enodpl.sys
0xB25FB000 \SystemRoot\system32\DRIVERS\srv.sys
0xB272A000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xB8646000 \SystemRoot\system32\drivers\tandpl.sys
0xB83A0000 \SystemRoot\system32\DRIVERS\LVPr2Mon.sys
0xB242A000 \SystemRoot\System32\Drivers\HTTP.sys
0xB3240000 \SystemRoot\System32\Drivers\aswRdr.SYS
0xB2573000 \SystemRoot\system32\DRIVERS\ipfltdrv.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 49):
0 System Idle Process
4 System
684 C:\WINDOWS\system32\smss.exe
744 csrss.exe
768 C:\WINDOWS\system32\winlogon.exe
812 C:\WINDOWS\system32\services.exe
824 C:\WINDOWS\system32\lsass.exe
1028 C:\WINDOWS\system32\nvsvc32.exe
1068 C:\WINDOWS\system32\svchost.exe
1176 svchost.exe
1284 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
1312 C:\WINDOWS\system32\svchost.exe
1508 svchost.exe
1660 svchost.exe
1724 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
1856 C:\WINDOWS\explorer.exe
1992 C:\WINDOWS\system32\rundll32.exe
2028 C:\Program Files\Microsoft Hardware\Mouse\point32.exe
2036 C:\Program Files\TaskPlus\taskplus0.exe
140 C:\Program Files\Traysoft\PhoneTray\PhoneTray.exe
160 C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
176 C:\PROGRA~1\ALWILS~1\Avast5\AvastUI.exe
184 C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
196 C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
224 C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
468 C:\Program Files\Toggler\togglr10\toggler.exe
504 C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
516 C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Printkey.exe
1832 C:\WINDOWS\system32\spoolsv.exe
548 C:\Program Files\WallMaster\wallmast.exe
2392 svchost.exe
2428 C:\Program Files\Application Updater\ApplicationUpdater.exe
2456 C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
2636 C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
2708 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
2736 C:\Program Files\Seagate\SeagateManager\Sync\MaxSync.exe
2960 C:\WINDOWS\system32\svchost.exe
4076 alg.exe
1216 C:\vws\vws.exe
2548 C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
2300 C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
4068 C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
1872 C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
4036 C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
1576 C:\Program Files\Mozilla Thunderbird\thunderbird.exe
748 C:\Program Files\Mozilla Firefox\firefox.exe
3680 C:\Program Files\Internet Download Manager\IDMan.exe
3508 C:\Program Files\Internet Download Manager\IEMonitor.exe
3504 C:\Documents and Settings\Owner\Desktop\Downloaded\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: WDCWD5001AALS-00L3B2, Rev: 01.03B01
PhysicalDrive1 Model Number: SeagateFreeAgent Go, Rev: 102D

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
232 GB \\.\PhysicalDrive1 RE: Unknown MBR code
SHA1: 639AC5CDF8A5CF3245975932C6A4215450A7B98F

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice: Enter the physical disk number to dump (0-99, -1 to exit): -1

Done!

Thanks again

#4 Broni Re: [RESOLVED] Bancos IXQ and System Surveillance Pro 4.2

Malware Annihilator

24,345 posts
Joined: October 04, 2004
1,748 topics
Age: 57
Skin: IPBoard wide
Local time: 01:01 PM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Online

Time Online: 40d 22h 16m 35s

Posted 16 August 2010 - 11:35 PM

Run MBRCheck again.

When it's done you'll see the following line:
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Pres the Y key and then press Enter

When the program asks you to Enter your choice, enter 2 and press the Enter key.

Next the program will ask you to Enter the physical disk number to fix (0-99, -1 to cancel):
Enter 1 and press the Enter key.

Next the program will show Available MBR codes:, followed by a list of operating systems.
Please enter 1 for Windows XP, and then press Enter.

Next the program will prompt for confirmation.
Type YES and hit Enter.

When it's done there should be a text file with the results on your desktop.
Please copy and paste it back here.

Then reboot, run MBRCheck again and post new log.

#5 jdhoward Re: [RESOLVED] Bancos IXQ and System Surveillance Pro 4.2

$ Supporting Member

27 posts
Joined: August 16, 2010
4 topics
Skin: IP.Board
Local time: 02:01 PM

Zodiac:Aquarius
Gender:Male
OS:Windows XP
Country:

Offline

Time Online: 3h 43s

Posted 17 August 2010 - 01:09 PM

Good morning Broni,
The first log:
MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x000003fc

Kernel Drivers (total 149):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xB85A8000 \WINDOWS\system32\KDCOM.DLL
0xB84B8000 \WINDOWS\system32\BOOTVID.dll
0xB7F79000 ACPI.sys
0xB85AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB7F68000 pci.sys
0xB80A8000 isapnp.sys
0xB8670000 pciide.sys
0xB8328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xB80B8000 MountMgr.sys
0xB7F49000 ftdisk.sys
0xB8330000 PartMgr.sys
0xB80C8000 VolSnap.sys
0xB7F31000 atapi.sys
0xB80D8000 disk.sys
0xB80E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB7F11000 fltMgr.sys
0xB7EFF000 sr.sys
0xB7EE9000 DRVMCDB.SYS
0xB80F8000 PxHelp20.sys
0xB7ED2000 KSecDD.sys
0xB7E45000 Ntfs.sys
0xB7E31000 inspect.sys
0xB7E04000 \WINDOWS\System32\DRIVERS\NDIS.SYS
0xB8338000 \WINDOWS\System32\DRIVERS\TDI.SYS
0xB7DEA000 Mup.sys
0xB76B7000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB6CCA000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xB6CB6000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB6C75000 \SystemRoot\system32\DRIVERS\e1e5132.sys
0xB8448000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB6C51000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xB8450000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB6C29000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xB6BE7000 \SystemRoot\system32\DRIVERS\HSFHWBS2.sys
0xB6BC4000 \SystemRoot\system32\DRIVERS\ks.sys
0xB6AD2000 \SystemRoot\system32\DRIVERS\HSF_DPV.sys
0xB6A1F000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xB8458000 \SystemRoot\System32\Drivers\Modem.SYS
0xB6967000 \SystemRoot\system32\DRIVERS\atinavrr.sys
0xB7DAE000 \SystemRoot\system32\DRIVERS\NCREMOTEPCI.SYS
0xB85E8000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xB7DAA000 \SystemRoot\system32\DRIVERS\BdaSup.SYS
0xB8460000 \SystemRoot\system32\DRIVERS\fdc.sys
0xB7697000 \SystemRoot\system32\DRIVERS\imapi.sys
0xB85EA000 \SystemRoot\System32\Drivers\DLACDBHM.SYS
0xB8128000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xB8138000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB87AC000 \SystemRoot\system32\DRIVERS\audstub.sys
0xB8148000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xB7DA2000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB6950000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xB8158000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xB8168000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xB693F000 \SystemRoot\system32\DRIVERS\psched.sys
0xB8178000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xB8468000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xB8470000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB8188000 \SystemRoot\system32\DRIVERS\termdd.sys
0xB8478000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xB8480000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xB85EC000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB68E1000 \SystemRoot\system32\DRIVERS\update.sys
0xB7C63000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xB81A8000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xB81C8000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xB40BF000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xB409B000 \SystemRoot\system32\drivers\portcls.sys
0xB8228000 \SystemRoot\system32\drivers\drmk.sys
0xB4015000 \SystemRoot\System32\DRIVERS\cmdguard.sys
0xB8646000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xB8782000 \SystemRoot\System32\Drivers\Null.SYS
0xB8648000 \SystemRoot\System32\Drivers\Beep.SYS
0xB83B0000 \SystemRoot\System32\Drivers\DLARTL_M.SYS
0xB83B8000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xB83C0000 \SystemRoot\System32\drivers\vga.sys
0xB864A000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xB864C000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xB83C8000 \SystemRoot\System32\Drivers\Msfs.SYS
0xB83D0000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB7C43000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB3FE2000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xB3F89000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xB83D8000 \SystemRoot\System32\DRIVERS\cmdhlp.sys
0xB3F3B000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xB8248000 \SystemRoot\System32\Drivers\aswTdi.SYS
0xB3F13000 \SystemRoot\system32\DRIVERS\netbt.sys
0xB855C000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xB3EF1000 \SystemRoot\System32\drivers\afd.sys
0xB8258000 \SystemRoot\system32\DRIVERS\netbios.sys
0xB8268000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xB3ECF000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0xB83E0000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0xB3EA4000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xB3E34000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xB8278000 \SystemRoot\System32\Drivers\Fips.SYS
0xB8790000 \SystemRoot\System32\Drivers\BANTExt.sys
0xB3E0D000 \SystemRoot\System32\Drivers\aswSP.SYS
0xB83F0000 \SystemRoot\System32\Drivers\Aavmker4.SYS
0xB8298000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB82A8000 \SystemRoot\system32\DRIVERS\ser2pl.sys
0xB407B000 \SystemRoot\system32\DRIVERS\serenum.sys
0xB8418000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xB4063000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xB82B8000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xB404F000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xB404B000 \SystemRoot\system32\DRIVERS\IPFilter.sys
0xB3684000 \SystemRoot\System32\Drivers\Udfs.SYS
0xB366C000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xB866C000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB3F61000 \SystemRoot\System32\drivers\Dxapi.sys
0xB8430000 \SystemRoot\System32\watchdog.sys
0xBD000000 \SystemRoot\System32\drivers\dxg.sys
0xB871C000 \SystemRoot\System32\drivers\dxgthk.sys
0xBD012000 \SystemRoot\System32\nv4_disp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xB343C000 \??\C:\WINDOWS\system32\drivers\mbam.sys
0xB3430000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0xB8288000 \SystemRoot\System32\Drivers\DRVNDDM.SYS
0xB8719000 \SystemRoot\System32\DLA\DLADResM.SYS
0xB32EC000 \SystemRoot\System32\DLA\DLAIFS_M.SYS
0xB8498000 \SystemRoot\System32\DLA\DLAOPIOM.SYS
0xB85CA000 \SystemRoot\System32\DLA\DLAPoolM.SYS
0xB84A0000 \SystemRoot\System32\DLA\DLABMFSM.SYS
0xB84A8000 \SystemRoot\System32\DLA\DLABOIOM.SYS
0xB3286000 \SystemRoot\System32\DLA\DLAUDFAM.SYS
0xB326F000 \SystemRoot\System32\DLA\DLAUDF_M.SYS
0xB3000000 \SystemRoot\System32\Drivers\aswMon2.SYS
0xB2BDB000 \SystemRoot\system32\drivers\wdmaud.sys
0xB2E20000 \SystemRoot\system32\drivers\sysaudio.sys
0xB27EE000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xB862C000 \SystemRoot\system32\drivers\enodpl.sys
0xB26F7000 \SystemRoot\system32\DRIVERS\srv.sys
0xB27B6000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xB8606000 \SystemRoot\system32\drivers\tandpl.sys
0xB23BE000 \SystemRoot\System32\Drivers\HTTP.sys
0xB83E8000 \SystemRoot\System32\Drivers\aswRdr.SYS
0xB76D7000 \SystemRoot\system32\DRIVERS\ipfltdrv.sys
0xB32CC000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xB3F6D000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xB1D4B000 \SystemRoot\system32\drivers\usbaudio.sys
0xB14D9000 \SystemRoot\system32\DRIVERS\lvrs.sys
0xB0E31000 \SystemRoot\system32\DRIVERS\lvuvc.sys
0xB25B7000 \SystemRoot\system32\DRIVERS\NdisIP.sys
0xAFC9F000 \SystemRoot\system32\drivers\kmixer.sys
0xB84B0000 \SystemRoot\system32\Drivers\LVPr2Mon.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 44):
0 System Idle Process
4 System
684 C:\WINDOWS\system32\smss.exe
744 csrss.exe
768 C:\WINDOWS\system32\winlogon.exe
812 C:\WINDOWS\system32\services.exe
824 C:\WINDOWS\system32\lsass.exe
1032 C:\WINDOWS\system32\nvsvc32.exe
1072 C:\WINDOWS\system32\svchost.exe
1160 svchost.exe
1284 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
1312 C:\WINDOWS\system32\svchost.exe
1520 svchost.exe
1604 svchost.exe
1688 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
1872 C:\WINDOWS\explorer.exe
1996 C:\WINDOWS\system32\rundll32.exe
2004 C:\Program Files\TaskPlus\taskplus0.exe
2044 C:\Program Files\Traysoft\PhoneTray\PhoneTray.exe
164 C:\PROGRA~1\ALWILS~1\Avast5\AvastUI.exe
176 C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
244 C:\WINDOWS\system32\ctfmon.exe
288 C:\Program Files\Toggler\togglr10\toggler.exe
304 C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
1788 C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Printkey.exe
204 C:\vws\vws.exe
1140 C:\Program Files\WallMaster\wallmast.exe
664 C:\WINDOWS\system32\spoolsv.exe
2396 svchost.exe
2448 C:\Program Files\Application Updater\ApplicationUpdater.exe
2480 C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
2720 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
2748 C:\Program Files\Seagate\SeagateManager\Sync\MaxSync.exe
2972 C:\WINDOWS\system32\svchost.exe
2140 alg.exe
804 C:\Program Files\Microsoft Hardware\Mouse\point32.exe
1508 C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
1336 C:\WINDOWS\system32\msiexec.exe
1880 C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
2436 C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
3084 C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
1888 C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe
1500 C:\WINDOWS\system32\wscntfy.exe
2740 C:\Documents and Settings\Owner\Desktop\Downloaded\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: WDCWD5001AALS-00L3B2, Rev: 01.03B01
PhysicalDrive1 Model Number: SeagateFreeAgent Go, Rev: 102D

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
232 GB \\.\PhysicalDrive1 RE: Unknown MBR code
SHA1: 639AC5CDF8A5CF3245975932C6A4215450A7B98F

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice: Enter the physical disk number to dump (0-99, -1 to exit): 1Dumping \\.\PhysicalDisk1...
Enter filename to dump to: downloadsRE: Dumped successfully!

Enter the physical disk number to dump (0-99, -1 to exit): 1Dumping \\.\PhysicalDisk1...
Enter filename to dump to: -1RE: Dumped successfully!

Enter the physical disk number to dump (0-99, -1 to exit): -1

Done!

The second (hope this is correct)
MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x000003fc

Kernel Drivers (total 149):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xB85A8000 \WINDOWS\system32\KDCOM.DLL
0xB84B8000 \WINDOWS\system32\BOOTVID.dll
0xB7F79000 ACPI.sys
0xB85AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB7F68000 pci.sys
0xB80A8000 isapnp.sys
0xB8670000 pciide.sys
0xB8328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xB80B8000 MountMgr.sys
0xB7F49000 ftdisk.sys
0xB8330000 PartMgr.sys
0xB80C8000 VolSnap.sys
0xB7F31000 atapi.sys
0xB80D8000 disk.sys
0xB80E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB7F11000 fltMgr.sys
0xB7EFF000 sr.sys
0xB7EE9000 DRVMCDB.SYS
0xB80F8000 PxHelp20.sys
0xB7ED2000 KSecDD.sys
0xB7E45000 Ntfs.sys
0xB7E31000 inspect.sys
0xB7E04000 \WINDOWS\System32\DRIVERS\NDIS.SYS
0xB8338000 \WINDOWS\System32\DRIVERS\TDI.SYS
0xB7DEA000 Mup.sys
0xB76B7000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB6CCA000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xB6CB6000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB6C75000 \SystemRoot\system32\DRIVERS\e1e5132.sys
0xB8448000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB6C51000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xB8450000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB6C29000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xB6BE7000 \SystemRoot\system32\DRIVERS\HSFHWBS2.sys
0xB6BC4000 \SystemRoot\system32\DRIVERS\ks.sys
0xB6AD2000 \SystemRoot\system32\DRIVERS\HSF_DPV.sys
0xB6A1F000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xB8458000 \SystemRoot\System32\Drivers\Modem.SYS
0xB6967000 \SystemRoot\system32\DRIVERS\atinavrr.sys
0xB7DAE000 \SystemRoot\system32\DRIVERS\NCREMOTEPCI.SYS
0xB85E8000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xB7DAA000 \SystemRoot\system32\DRIVERS\BdaSup.SYS
0xB8460000 \SystemRoot\system32\DRIVERS\fdc.sys
0xB7697000 \SystemRoot\system32\DRIVERS\imapi.sys
0xB85EA000 \SystemRoot\System32\Drivers\DLACDBHM.SYS
0xB8128000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xB8138000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB87AC000 \SystemRoot\system32\DRIVERS\audstub.sys
0xB8148000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xB7DA2000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB6950000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xB8158000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xB8168000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xB693F000 \SystemRoot\system32\DRIVERS\psched.sys
0xB8178000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xB8468000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xB8470000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB8188000 \SystemRoot\system32\DRIVERS\termdd.sys
0xB8478000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xB8480000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xB85EC000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB68E1000 \SystemRoot\system32\DRIVERS\update.sys
0xB7C63000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xB81A8000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xB81C8000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xB40BF000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xB409B000 \SystemRoot\system32\drivers\portcls.sys
0xB8228000 \SystemRoot\system32\drivers\drmk.sys
0xB4015000 \SystemRoot\System32\DRIVERS\cmdguard.sys
0xB8646000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xB8782000 \SystemRoot\System32\Drivers\Null.SYS
0xB8648000 \SystemRoot\System32\Drivers\Beep.SYS
0xB83B0000 \SystemRoot\System32\Drivers\DLARTL_M.SYS
0xB83B8000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xB83C0000 \SystemRoot\System32\drivers\vga.sys
0xB864A000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xB864C000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xB83C8000 \SystemRoot\System32\Drivers\Msfs.SYS
0xB83D0000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB7C43000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB3FE2000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xB3F89000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xB83D8000 \SystemRoot\System32\DRIVERS\cmdhlp.sys
0xB3F3B000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xB8248000 \SystemRoot\System32\Drivers\aswTdi.SYS
0xB3F13000 \SystemRoot\system32\DRIVERS\netbt.sys
0xB855C000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xB3EF1000 \SystemRoot\System32\drivers\afd.sys
0xB8258000 \SystemRoot\system32\DRIVERS\netbios.sys
0xB8268000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xB3ECF000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0xB83E0000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0xB3EA4000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xB3E34000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xB8278000 \SystemRoot\System32\Drivers\Fips.SYS
0xB8790000 \SystemRoot\System32\Drivers\BANTExt.sys
0xB3E0D000 \SystemRoot\System32\Drivers\aswSP.SYS
0xB83F0000 \SystemRoot\System32\Drivers\Aavmker4.SYS
0xB8298000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB82A8000 \SystemRoot\system32\DRIVERS\ser2pl.sys
0xB407B000 \SystemRoot\system32\DRIVERS\serenum.sys
0xB8418000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xB4063000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xB82B8000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xB404F000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xB404B000 \SystemRoot\system32\DRIVERS\IPFilter.sys
0xB3684000 \SystemRoot\System32\Drivers\Udfs.SYS
0xB366C000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xB866C000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB3F61000 \SystemRoot\System32\drivers\Dxapi.sys
0xB8430000 \SystemRoot\System32\watchdog.sys
0xBD000000 \SystemRoot\System32\drivers\dxg.sys
0xB871C000 \SystemRoot\System32\drivers\dxgthk.sys
0xBD012000 \SystemRoot\System32\nv4_disp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xB343C000 \??\C:\WINDOWS\system32\drivers\mbam.sys
0xB3430000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0xB8288000 \SystemRoot\System32\Drivers\DRVNDDM.SYS
0xB8719000 \SystemRoot\System32\DLA\DLADResM.SYS
0xB32EC000 \SystemRoot\System32\DLA\DLAIFS_M.SYS
0xB8498000 \SystemRoot\System32\DLA\DLAOPIOM.SYS
0xB85CA000 \SystemRoot\System32\DLA\DLAPoolM.SYS
0xB84A0000 \SystemRoot\System32\DLA\DLABMFSM.SYS
0xB84A8000 \SystemRoot\System32\DLA\DLABOIOM.SYS
0xB3286000 \SystemRoot\System32\DLA\DLAUDFAM.SYS
0xB326F000 \SystemRoot\System32\DLA\DLAUDF_M.SYS
0xB3000000 \SystemRoot\System32\Drivers\aswMon2.SYS
0xB2BDB000 \SystemRoot\system32\drivers\wdmaud.sys
0xB2E20000 \SystemRoot\system32\drivers\sysaudio.sys
0xB27EE000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xB862C000 \SystemRoot\system32\drivers\enodpl.sys
0xB26F7000 \SystemRoot\system32\DRIVERS\srv.sys
0xB27B6000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xB8606000 \SystemRoot\system32\drivers\tandpl.sys
0xB23BE000 \SystemRoot\System32\Drivers\HTTP.sys
0xB83E8000 \SystemRoot\System32\Drivers\aswRdr.SYS
0xB76D7000 \SystemRoot\system32\DRIVERS\ipfltdrv.sys
0xB32CC000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xB3F6D000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xB1D4B000 \SystemRoot\system32\drivers\usbaudio.sys
0xB14D9000 \SystemRoot\system32\DRIVERS\lvrs.sys
0xB0E31000 \SystemRoot\system32\DRIVERS\lvuvc.sys
0xB25B7000 \SystemRoot\system32\DRIVERS\NdisIP.sys
0xAFC9F000 \SystemRoot\system32\drivers\kmixer.sys
0xB84B0000 \SystemRoot\system32\Drivers\LVPr2Mon.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 44):
0 System Idle Process
4 System
684 C:\WINDOWS\system32\smss.exe
744 csrss.exe
768 C:\WINDOWS\system32\winlogon.exe
812 C:\WINDOWS\system32\services.exe
824 C:\WINDOWS\system32\lsass.exe
1032 C:\WINDOWS\system32\nvsvc32.exe
1072 C:\WINDOWS\system32\svchost.exe
1160 svchost.exe
1284 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
1312 C:\WINDOWS\system32\svchost.exe
1520 svchost.exe
1604 svchost.exe
1688 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
1872 C:\WINDOWS\explorer.exe
1996 C:\WINDOWS\system32\rundll32.exe
2004 C:\Program Files\TaskPlus\taskplus0.exe
2044 C:\Program Files\Traysoft\PhoneTray\PhoneTray.exe
164 C:\PROGRA~1\ALWILS~1\Avast5\AvastUI.exe
176 C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
244 C:\WINDOWS\system32\ctfmon.exe
288 C:\Program Files\Toggler\togglr10\toggler.exe
304 C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
1788 C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Printkey.exe
204 C:\vws\vws.exe
1140 C:\Program Files\WallMaster\wallmast.exe
664 C:\WINDOWS\system32\spoolsv.exe
2396 svchost.exe
2448 C:\Program Files\Application Updater\ApplicationUpdater.exe
2480 C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
2720 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
2748 C:\Program Files\Seagate\SeagateManager\Sync\MaxSync.exe
2972 C:\WINDOWS\system32\svchost.exe
2140 alg.exe
804 C:\Program Files\Microsoft Hardware\Mouse\point32.exe
1508 C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
1336 C:\WINDOWS\system32\msiexec.exe
1880 C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
2436 C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
3084 C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
1888 C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe
1500 C:\WINDOWS\system32\wscntfy.exe
2740 C:\Documents and Settings\Owner\Desktop\Downloaded\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: WDCWD5001AALS-00L3B2, Rev: 01.03B01
PhysicalDrive1 Model Number: SeagateFreeAgent Go, Rev: 102D

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
232 GB \\.\PhysicalDrive1 RE: Unknown MBR code
SHA1: 639AC5CDF8A5CF3245975932C6A4215450A7B98F

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice: Enter the physical disk number to dump (0-99, -1 to exit): 1Dumping \\.\PhysicalDisk1...
Enter filename to dump to: downloadsRE: Dumped successfully!

Enter the physical disk number to dump (0-99, -1 to exit): 1Dumping \\.\PhysicalDisk1...
Enter filename to dump to: -1RE: Dumped successfully!

Enter the physical disk number to dump (0-99, -1 to exit): -1

Done!

#6 Broni Re: [RESOLVED] Bancos IXQ and System Surveillance Pro 4.2

Malware Annihilator

24,345 posts
Joined: October 04, 2004
1,748 topics
Age: 57
Skin: IPBoard wide
Local time: 01:01 PM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Online

Time Online: 40d 22h 16m 35s

Posted 17 August 2010 - 07:01 PM

All looks fine, so far :)

Please, re-run OTL "Quick scan" and post fresh log.

#7 jdhoward Re: [RESOLVED] Bancos IXQ and System Surveillance Pro 4.2

$ Supporting Member

27 posts
Joined: August 16, 2010
4 topics
Skin: IP.Board
Local time: 02:01 PM

Zodiac:Aquarius
Gender:Male
OS:Windows XP
Country:

Offline

Time Online: 3h 43s

Posted 17 August 2010 - 08:59 PM

Well... It did not produce the Extras Log.
I don't think I made a mistake Posted Image

OTL logfile created on: 8/17/2010 2:37:09 PM - Run 6
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 60.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 4092 6200 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 410.59 Gb Free Space | 88.16% Space Free | Partition Type: NTFS
Drive D: | 232.88 Gb Total Space | 114.68 Gb Free Space | 49.24% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 4.23 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JDXP
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/08/15 19:56:59 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL_2.exe
PRC - [2010/07/26 16:45:28 | 002,403,568 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2010/06/28 14:57:18 | 002,837,864 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/06/28 14:57:15 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/06/08 09:24:27 | 012,732,080 | ---- | M] (Mozilla Messaging) -- C:\Program Files\Mozilla Thunderbird\thunderbird.exe
PRC - [2010/06/01 19:00:52 | 001,778,480 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2010/05/07 18:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
PRC - [2010/05/07 18:43:52 | 000,651,096 | ---- | M] () -- C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe
PRC - [2010/05/07 18:35:22 | 000,165,208 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2010/05/07 18:34:58 | 000,168,792 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
PRC - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2010/04/01 11:58:04 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/01/23 10:36:46 | 021,303,296 | ---- | M] (Ambient, LLC) -- C:\vws\vws.exe
PRC - [2010/01/08 00:51:02 | 000,380,928 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe
PRC - [2009/09/25 23:32:20 | 000,202,024 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\MaxSync.exe
PRC - [2009/09/25 23:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2009/09/25 23:31:32 | 000,185,640 | ---- | M] (Seagate LLC) -- C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
PRC - [2009/04/14 19:58:24 | 000,445,680 | ---- | M] () -- C:\Program Files\Traysoft\PhoneTray\PhoneTray.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/10/26 09:57:55 | 004,653,056 | ---- | M] (Contact Plus Corporation) -- C:\Program Files\TaskPlus\taskplus0.exe
PRC - [2001/11/22 23:00:00 | 000,288,256 | ---- | M] (Tropical Wares) -- C:\Program Files\WallMaster\wallmast.exe
PRC - [2001/08/23 12:37:40 | 000,167,936 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Hardware\Mouse\point32.exe
PRC - [2001/01/20 11:01:22 | 000,032,256 | ---- | M] (Aestas Software) -- C:\Program Files\Toggler\togglr10\toggler.exe
PRC - [1998/11/27 19:41:00 | 000,589,824 | ---- | M] (Fred's Software Company) -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Printkey.exe

========== Modules (SafeList) ==========

MOD - [2010/08/15 19:56:59 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL_2.exe
MOD - [2010/06/01 19:00:52 | 000,278,288 | ---- | M] (COMODO) -- C:\WINDOWS\system32\guard32.dll
MOD - [2009/03/26 07:35:40 | 000,034,224 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\idmmkb.dll
MOD - [2008/04/14 05:40:22 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2001/05/09 13:00:28 | 000,045,056 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Hardware\Mouse\Msh_zwf.dll
MOD - [2001/05/09 13:00:28 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Hardware\Mouse\point32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\DOCUME~1\Owner\LOCALS~1\Temp\DX9\SessionLauncher.exe -- (SessionLauncher)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/06/28 14:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/06/28 14:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/06/28 14:57:15 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/06/01 19:00:52 | 001,778,480 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2010/05/07 18:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/01/08 00:51:02 | 000,380,928 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2009/09/25 23:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2008/06/23 09:08:34 | 000,362,992 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe -- (Roxio Upnp Server 10)
SRV - [2008/06/23 09:08:28 | 000,313,840 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe -- (Roxio UPnP Renderer 10)
SRV - [2008/06/23 09:06:18 | 000,309,744 | ---- | M] (Sonic Solutions) [Disabled | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe -- (RoxLiveShare10)
SRV - [2008/06/23 09:06:10 | 000,166,384 | ---- | M] (Sonic Solutions) [Disabled | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe -- (RoxWatch10)
SRV - [2008/06/23 09:05:38 | 001,120,752 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2005/03/14 12:05:02 | 000,069,632 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2010/07/07 14:55:58 | 000,023,904 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2010/07/07 14:55:34 | 006,842,464 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam 500(UVC)
DRV - [2010/07/07 14:53:48 | 000,282,336 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2010/06/28 14:37:52 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/06/28 14:37:30 | 000,165,456 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/06/28 14:33:13 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/06/28 14:32:45 | 000,100,176 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/06/28 14:32:33 | 000,017,744 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/06/28 14:32:16 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/06/04 11:55:58 | 000,229,312 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2010/06/01 19:00:24 | 000,087,824 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\inspect.sys -- (Inspect)
DRV - [2010/06/01 19:00:22 | 000,025,240 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2010/05/25 15:28:57 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/05/07 18:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/04/06 18:13:04 | 005,912,096 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2010/02/17 11:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/01/11 22:03:33 | 010,276,768 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2009/11/18 07:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009/11/18 07:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009/10/22 15:11:14 | 000,057,800 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2009/10/22 15:09:34 | 000,072,520 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2008/06/23 10:11:24 | 000,057,328 | ---- | M] (Sonic Solutions) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\RxFilter.sys -- (RxFilter)
DRV - [2008/05/08 19:36:17 | 000,752,768 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atinavrr.sys -- (ATIAVPCI)
DRV - [2008/04/14 00:16:24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
DRV - [2008/04/14 00:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 22:06:06 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/02/27 13:49:00 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt)
DRV - [2007/09/05 04:03:00 | 000,049,664 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2007/06/20 12:08:20 | 000,987,904 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007/06/20 12:07:42 | 000,268,032 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2007/06/20 12:07:38 | 000,731,136 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2007/04/13 20:33:34 | 000,254,872 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel®
DRV - [2007/02/09 12:34:16 | 000,051,768 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2007/02/08 20:05:30 | 000,028,120 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/02/08 20:05:30 | 000,012,856 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/11/02 00:50:52 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2006/10/26 16:22:02 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/10/26 16:21:34 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/10/26 16:21:34 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/10/26 16:21:32 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/10/26 16:21:30 | 000,026,296 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/10/26 16:21:28 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/10/26 16:21:26 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/10/26 16:21:24 | 000,104,536 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/07/21 11:21:26 | 000,099,176 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2003/04/19 02:32:04 | 000,004,736 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tandpl.sys -- (tandpl)
DRV - [2003/03/02 19:44:26 | 000,007,552 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\enodpl.sys -- (enodpl)
DRV - [2001/08/23 01:33:12 | 000,010,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ipfilter.sys -- (IPFilter)
DRV - [2001/08/17 12:17:44 | 000,042,432 | ---- | M] (Digi International, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\digirlpt.sys -- (DIGIRPS)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.order.12: ""
FF - prefs.js..browser.search.order.13: "Webster"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledItems: DeviceDetection@logitech.com:1.0.176.0
FF - prefs.js..extensions.enabledItems: flvmoviesdownloader@rzll:1.40
FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2d}:1.2.4
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100503
FF - prefs.js..extensions.enabledItems: {B17C1C5A-04B1-11DB-9804-B622A1EF5492}:1.2
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.48.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: mozilla_cc@internetdownloadmanager.com:6.9.7
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1
FF - prefs.js..extensions.enabledItems: {6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}:0.9.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/16 05:53:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/27 06:26:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/07/17 17:02:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2010/05/07 06:29:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2010/05/07 06:29:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/08/16 14:57:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yjucofau.default\extensions
[2010/05/09 06:50:56 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yjucofau.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/05/07 06:28:39 | 000,000,000 | ---D | M] (PopupMaster) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yjucofau.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2d}
[2010/07/07 09:59:23 | 000,000,000 | ---D | M] (Google Analytics Opt-out Browser Add-on) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yjucofau.default\extensions\{6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}
[2010/07/28 16:13:11 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yjucofau.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/05/07 06:28:39 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yjucofau.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(2)
[2010/05/18 06:52:57 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yjucofau.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/05/07 06:28:39 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yjucofau.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}(2)
[2010/05/07 06:28:39 | 000,000,000 | ---D | M] (Password Exporter) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yjucofau.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}
[2010/07/27 10:53:37 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yjucofau.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/07/11 05:46:20 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yjucofau.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/07/30 06:04:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yjucofau.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2010/05/07 06:28:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yjucofau.default\extensions\DeviceDetection@logitech.com
[2010/05/09 06:50:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yjucofau.default\extensions\flvmoviesdownloader@rzll
[2009/05/11 14:25:32 | 000,002,207 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yjucofau.default\searchplugins\askcom.xml
[2009/05/11 14:20:32 | 000,000,705 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yjucofau.default\searchplugins\webster.xml
[2010/08/16 14:57:46 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/11 12:01:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/11 21:06:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/05/07 13:39:51 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2010/01/13 16:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll

O1 HOSTS File: ([2010/08/16 16:33:22 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Tonec Inc.)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [PhoneTray] C:\Program Files\Traysoft\PhoneTray\PhoneTray.exe ()
O4 - HKLM..\Run: [TaskPlus] C:\Program Files\TaskPlus\taskplus0.exe (Contact Plus Corporation)
O4 - HKCU..\Run: [StartWatch] C:\Program Files\SoftWx\StartWatch\StartWatch.exe (SoftWx Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled [2010/06/03 06:50:19 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Shortcut to toggler.exe.lnk = C:\Program Files\Toggler\togglr10\toggler.exe (Aestas Software)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Logitech . Product Registration.lnk = C:\Program Files\Logitech\Ereg\eReg.exe (Leader Technologies/Logitech)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\MailWasherPro.lnk = C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe (Firetrust Ltd)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Printkey.exe (Fred's Software Company)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Virtual Weather Station.lnk = C:\vws\vws.exe (Ambient, LLC)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\WallMaster.lnk = C:\Program Files\WallMaster\wallmast.exe (Tropical Wares)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 01 00 00 00 [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 01 00 00 00 [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 01 00 00 00 [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyDocs = 01 00 00 00 [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 01 00 00 00 [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWinKeys = 0
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\idmmbc.dll (Tonec Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\System32\idmmbc.dll (Tonec Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1273193430734 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1274974253500 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {A27C56D2-3F58-4ABB-AA31-1168EDA6636F} http://utilities.pcp...ols/pcmatic.cab (PCMaticVer Class)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 74.50.130.108 74.50.130.109
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/05/06 18:20:55 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/08/16 10:18:45 | 000,000,000 | R--D | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/08/16 18:16:51 | 000,000,062 | ---- | M] () - D:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17746534284132352)

========== Files/Folders - Created Within 90 Days ==========

[2010/08/17 06:48:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\logishrd
[2010/08/17 06:48:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Logitech
[2010/08/17 06:48:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LWS
[2010/08/17 05:56:18 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Owner\UserData
[2010/08/16 18:12:36 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/08/16 16:47:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\New Folder
[2010/08/16 16:18:48 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/08/16 16:16:42 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/08/16 10:18:45 | 000,000,000 | R--D | C] -- C:\autorun.inf
[2010/08/15 19:56:43 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL_2.exe
[2010/08/14 06:50:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Application Updater
[2010/08/13 18:16:22 | 000,000,000 | ---D | C] -- C:\Program Files\Lavalys
[2010/08/13 16:10:21 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Streets and Trips Essentials
[2010/08/13 16:10:09 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Location Finder
[2010/08/13 16:07:52 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft ActiveSync
[2010/08/13 16:07:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\ShellNew
[2010/08/13 16:07:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Designer
[2010/08/13 16:03:47 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works Suite 2006
[2010/08/11 21:06:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/08/11 09:06:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\F-Secure
[2010/08/10 18:44:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2010/08/10 18:44:20 | 000,000,000 | ---D | C] -- C:\Program Files\PCPitstop
[2010/08/09 14:59:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\1982
[2010/08/09 14:58:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Grand Canyon 2010
[2010/08/09 07:02:50 | 000,000,000 | ---D | C] -- C:\Program Files\Belarc
[2010/08/09 06:52:08 | 000,000,000 | ---D | C] -- C:\Program Files\SIW
[2010/08/08 19:32:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\EOB
[2010/08/06 11:36:23 | 000,000,000 | ---D | C] -- C:\Program Files\Seagate
[2010/08/06 11:36:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2010/08/06 11:35:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Downloaded Installations
[2010/08/06 11:35:46 | 000,000,000 | -HSD | C] -- C:\WINDOWS\ftpcache
[2010/08/05 18:33:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Wal-Mart
[2010/08/05 15:30:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Printer Info Cache
[2010/07/27 18:39:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\FxsTmp
[2010/07/17 06:22:33 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy
[2010/07/09 19:30:37 | 000,000,000 | ---D | C] -- C:\My GPS
[2010/07/08 08:54:04 | 000,000,000 | ---D | C] -- C:\Program Files\Content Manager
[2010/07/07 06:25:33 | 000,674,280 | ---- | C] (ScreenTime Media) -- C:\WINDOWS\System32\hiddentreasure_3262482.scr
[2010/07/05 11:25:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avery
[2010/07/05 11:25:31 | 000,000,000 | ---D | C] -- C:\Program Files\Avery Dennison
[2010/07/05 08:42:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\dwhelper
[2010/07/05 08:39:48 | 000,000,000 | ---D | C] -- C:\Program Files\ConvertHelper
[2010/07/04 14:25:31 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/07/04 14:22:38 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/07/04 14:22:38 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/07/04 14:22:38 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/07/01 14:30:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Maps
[2010/06/29 18:25:29 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2010/06/29 01:50:39 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
[2010/06/28 06:28:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Search Settings
[2010/06/28 06:28:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\pdfforge
[2010/06/28 06:26:39 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater
[2010/06/28 06:26:38 | 000,000,000 | ---D | C] -- C:\Program Files\zpdfforge Toolbar
[2010/06/28 06:25:22 | 000,000,000 | ---D | C] -- C:\Program Files\PDFCreator
[2010/06/17 06:23:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\assembly
[2010/06/16 06:33:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Softland
[2010/06/16 06:05:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\COMODO
[2010/06/16 06:03:25 | 000,000,000 | ---D | C] -- C:\Program Files\FireTrust
[2010/06/15 15:41:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Comodo Downloader
[2010/06/12 18:26:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\WMTools Downloaded Files
[2010/06/12 18:23:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\RegisteredPackages
[2010/06/12 11:49:11 | 000,000,000 | ---D | C] -- C:\Program Files\Magellan
[2010/06/12 06:46:30 | 000,000,000 | ---D | C] -- C:\Program Files\movie maker
[2010/06/10 06:28:10 | 000,000,000 | ---D | C] -- C:\Program Files\WinDirStat
[2010/06/07 19:01:22 | 000,000,000 | ---D | C] -- C:\Program Files\Encore
[2010/06/03 14:42:11 | 000,674,280 | ---- | C] (ScreenTime Media) -- C:\WINDOWS\System32\serenity_3262480.scr
[2010/06/03 14:41:25 | 000,674,280 | ---- | C] (ScreenTime Media) -- C:\WINDOWS\System32\felinefright_3169436.scr
[2010/06/03 14:41:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Screentime
[2010/06/03 14:41:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Screentime
[2010/06/03 06:50:19 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled
[2010/06/03 06:41:23 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard
[2010/06/02 16:52:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\HpUpdate
[2010/06/02 16:52:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\Hewlett-Packard
[2010/06/02 16:24:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\My Albums
[2010/06/02 16:24:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\IsolatedStorage
[2010/05/28 18:20:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\HP
[2010/05/28 15:42:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Wal-Mart Digital Photo Manager
[2010/05/28 15:08:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Help
[2010/05/28 15:08:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Help
[2010/05/28 14:57:47 | 000,000,000 | ---D | C] -- C:\WESTWOOD
[2010/05/27 10:56:25 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2010/05/27 06:25:41 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/05/27 06:25:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2010/05/27 06:24:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010/05/27 06:24:36 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/05/27 06:24:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2010/05/26 19:15:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Talkback
[2010/05/26 08:05:55 | 000,029,184 | ---- | C] (Silitek Corp.) -- C:\WINDOWS\System32\Sktempdm.exe
[2010/05/26 08:05:49 | 000,060,416 | ---- | C] (Silitek Corp.) -- C:\WINDOWS\System32\SKMEDIA.DLL
[2010/05/26 08:05:49 | 000,029,184 | ---- | C] (Silitek Corp.) -- C:\WINDOWS\System32\SK2000DM.EXE
[2010/05/26 08:05:48 | 000,138,240 | ---- | C] (Silitek Corporation) -- C:\WINDOWS\System32\MMKEYBD.EXE
[2010/05/26 08:05:48 | 000,123,904 | ---- | C] (Silitek Corporation) -- C:\WINDOWS\System32\SKUNINST.EXE
[2010/05/26 08:05:48 | 000,112,640 | ---- | C] (Silitek Corp.) -- C:\WINDOWS\System32\SKUTIL.DLL
[2010/05/26 08:05:48 | 000,066,048 | ---- | C] (Silitek Corporation) -- C:\WINDOWS\System32\SK9910DM.EXE
[2010/05/26 08:05:48 | 000,053,760 | ---- | C] (Silitek Corp.) -- C:\WINDOWS\System32\SKSETUP.DLL
[2010/05/26 08:05:48 | 000,037,888 | ---- | C] (Silitek Corp.) -- C:\WINDOWS\System32\SKOSD.DLL
[2010/05/26 08:05:48 | 000,013,508 | ---- | C] (Silitek Corp.) -- C:\WINDOWS\System32\drivers\Sk9910uf.sys
[2010/05/26 06:14:07 | 000,000,000 | ---D | C] -- C:\Program Files\XLABELS
[2010/05/26 06:13:48 | 000,000,000 | ---D | C] -- C:\Trailer
[2010/05/25 17:35:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Roxio
[1 C:\Documents and Settings\Owner\My Documents\*.tmp files -> C:\Documents and Settings\Owner\My Documents\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/08/17 14:37:03 | 005,767,168 | ---- | M] () -- C:\Documents and Settings\Owner\ntuser.dat
[2010/08/17 10:16:16 | 000,268,856 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010/08/17 10:16:13 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/17 10:16:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/17 10:15:59 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2010/08/17 10:15:54 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2010/08/17 09:56:22 | 000,005,102 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat
[2010/08/17 06:48:59 | 000,000,749 | ---- | M] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
[2010/08/17 06:06:21 | 000,013,694 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/16 16:35:16 | 000,000,261 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/08/16 16:33:22 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/08/16 08:43:35 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\My machine.doc
[2010/08/16 06:10:27 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Owner\My Documents\~$ machine.doc
[2010/08/15 19:56:59 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL_2.exe
[2010/08/15 08:09:45 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\GBM - Weekly-Full.job
[2010/08/15 06:35:16 | 000,700,416 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\JDH.paf
[2010/08/15 06:34:42 | 000,015,596 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\NEWEXPORT.lst
[2010/08/15 06:25:12 | 000,000,862 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/08/15 06:25:12 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/08/14 08:37:24 | 017,767,750 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\14.reg
[2010/08/13 19:07:49 | 005,089,178 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2010/08/13 16:24:45 | 000,259,048 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/13 16:16:40 | 000,061,272 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/08/13 16:08:10 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2010/08/13 16:07:52 | 000,001,730 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
[2010/08/13 06:13:31 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/08/13 06:11:36 | 000,504,030 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/13 06:11:36 | 000,442,796 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/13 06:11:36 | 000,071,936 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/10 18:53:06 | 000,262,144 | ---- | M] () -- C:\Documents and Settings\All Users\ntuser.dat
[2010/08/09 07:02:53 | 000,001,766 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Belarc Advisor.lnk
[2010/08/04 18:28:43 | 000,132,599 | ---- | M] () -- C:\WINDOWS\System32\AdobeFnt.lst
[2010/08/04 06:21:05 | 000,012,800 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/28 10:39:01 | 000,001,071 | ---- | M] () -- C:\WINDOWS\AWMODEM.INF
[2010/07/27 18:39:18 | 000,000,535 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2010/07/17 17:02:59 | 000,001,686 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2010/07/14 09:20:29 | 000,004,608 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\South Pass.est
[2010/07/10 11:19:36 | 000,000,178 | ---- | M] () -- C:\WINDOWS\QUICKEN.INI
[2010/07/07 18:40:53 | 000,053,248 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Return Address Labels.doc
[2010/07/07 14:44:56 | 000,102,744 | ---- | M] () -- C:\WINDOWS\System32\LogiDPPApp.exe
[2010/07/07 14:44:30 | 010,829,656 | ---- | M] () -- C:\WINDOWS\System32\LogiDPP.dll
[2010/07/07 14:44:20 | 000,290,648 | ---- | M] () -- C:\WINDOWS\System32\DevManagerCore.dll
[2010/07/07 14:37:06 | 000,266,828 | ---- | M] () -- C:\WINDOWS\System32\drivers\LVAFT.cfg
[2010/07/07 14:36:30 | 000,090,071 | ---- | M] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010/07/07 14:36:16 | 000,037,518 | ---- | M] () -- C:\WINDOWS\System32\Repository.reg
[2010/07/07 06:29:42 | 000,674,280 | ---- | M] (ScreenTime Media) -- C:\WINDOWS\System32\felinefright_3169436.scr
[2010/07/07 06:25:33 | 000,674,280 | ---- | M] (ScreenTime Media) -- C:\WINDOWS\System32\hiddentreasure_3262482.scr
[2010/06/29 01:50:41 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/06/28 14:57:33 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
[2010/06/28 14:57:12 | 000,165,032 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/06/28 14:37:52 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/06/28 14:37:30 | 000,165,456 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/06/28 14:33:13 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/06/28 14:32:45 | 000,100,176 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/06/28 14:32:42 | 000,094,544 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/06/28 14:32:33 | 000,017,744 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/06/28 14:32:16 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/06/22 06:01:29 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Brandi Howard.doc
[2010/06/17 09:24:15 | 000,000,211 | ---- | M] () -- C:\zBoot.bak
[2010/06/12 06:45:27 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2010/06/10 16:05:17 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\BIPORT
[2010/06/03 14:42:11 | 000,674,280 | ---- | M] (ScreenTime Media) -- C:\WINDOWS\System32\serenity_3262480.scr
[2010/06/03 06:42:03 | 000,105,199 | ---- | M] () -- C:\WINDOWS\HPFins09.dat
[2010/06/03 06:39:40 | 000,000,171 | ---- | M] () -- C:\WINDOWS\System32\AddPort.ini
[2010/06/03 06:39:36 | 000,000,769 | ---- | M] () -- C:\WINDOWS\hpntwksetup.ini
[2010/06/02 16:24:02 | 000,000,128 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2010/05/28 18:20:35 | 000,019,497 | ---- | M] () -- C:\WINDOWS\hpqins13.dat
[2010/05/27 06:00:23 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/05/25 17:35:00 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\rx_image32.Cache
[1 C:\Documents and Settings\Owner\My Documents\*.tmp files -> C:\Documents and Settings\Owner\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/17 06:48:59 | 000,000,749 | ---- | C] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
[2010/08/16 06:10:27 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Owner\My Documents\~$ machine.doc
[2010/08/15 06:34:42 | 000,015,596 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\NEWEXPORT.lst
[2010/08/15 06:31:53 | 000,700,416 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\JDH.paf
[2010/08/14 08:37:24 | 017,767,750 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\14.reg
[2010/08/13 16:07:52 | 000,001,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
[2010/08/11 19:03:17 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\My machine.doc
[2010/08/10 18:53:06 | 000,262,144 | ---- | C] () -- C:\Documents and Settings\All Users\ntuser.dat
[2010/08/10 18:53:06 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\All Users\ntuser.dat.LOG
[2010/08/09 07:02:52 | 000,001,766 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Belarc Advisor.lnk
[2010/08/09 07:02:50 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2010/07/28 10:39:01 | 000,001,071 | ---- | C] () -- C:\WINDOWS\AWMODEM.INF
[2010/07/27 18:39:12 | 000,000,535 | ---- | C] () -- C:\WINDOWS\System32\mapisvc.inf
[2010/07/27 18:39:10 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2010/07/27 18:39:10 | 000,001,361 | ---- | C] () -- C:\WINDOWS\System32\fxscount.h
[2010/07/14 09:20:29 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\South Pass.est
[2010/07/07 18:40:53 | 000,053,248 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Return Address Labels.doc
[2010/07/07 14:44:56 | 000,102,744 | ---- | C] () -- C:\WINDOWS\System32\LogiDPPApp.exe
[2010/07/07 14:44:30 | 010,829,656 | ---- | C] () -- C:\WINDOWS\System32\LogiDPP.dll
[2010/07/07 14:44:20 | 000,290,648 | ---- | C] () -- C:\WINDOWS\System32\DevManagerCore.dll
[2010/07/04 14:25:35 | 000,000,211 | ---- | C] () -- C:\zBoot.bak
[2010/07/04 14:25:33 | 000,260,272 | ---- | C] () -- C:\zcmldr
[2010/07/04 14:22:38 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/07/04 14:22:38 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/07/04 14:22:38 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/07/04 14:22:38 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/07/04 14:22:38 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/06/28 06:25:23 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2010/06/22 06:01:28 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Brandi Howard.doc
[2010/06/12 11:49:39 | 000,007,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\enodpl.sys
[2010/06/12 11:49:39 | 000,004,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\tandpl.sys
[2010/06/03 06:39:23 | 000,000,769 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2010/06/03 06:37:44 | 000,105,199 | ---- | C] () -- C:\WINDOWS\HPFins09.dat
[2010/06/03 06:37:44 | 000,003,732 | ---- | C] () -- C:\WINDOWS\hpfmdl09.dat
[2010/06/02 16:24:02 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2010/06/01 10:21:44 | 005,767,168 | ---- | C] () -- C:\Documents and Settings\Owner\ntuser.dat
[2010/05/28 18:19:21 | 000,019,497 | ---- | C] () -- C:\WINDOWS\hpqins13.dat
[2010/05/28 15:00:57 | 000,001,966 | ---- | C] () -- C:\WINDOWS\System\DVA.386
[2010/05/26 19:15:13 | 000,001,686 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2010/05/26 08:05:49 | 000,000,258 | ---- | C] () -- C:\WINDOWS\System32\UPDATE.INI
[2010/05/26 06:01:09 | 000,000,005 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DragToDiscUserNameE.txt
[2010/05/25 17:43:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\BIPORT
[2010/05/25 17:35:00 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\rx_image32.Cache
[2010/05/11 15:03:24 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2010/05/08 10:39:55 | 000,000,577 | ---- | C] () -- C:\WINDOWS\System32\gmsblist.dll
[2010/05/08 09:34:30 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\ImgLibLead.dll
[2010/05/08 09:34:29 | 000,100,864 | ---- | C] () -- C:\WINDOWS\System32\Dc50ip32.dll
[2010/05/08 09:34:29 | 000,065,864 | ---- | C] () -- C:\WINDOWS\System32\Digita.sys
[2010/05/08 09:34:29 | 000,007,808 | ---- | C] () -- C:\WINDOWS\System32\dc240u.sys
[2010/05/08 09:34:25 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2010/05/08 09:13:00 | 000,005,102 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat
[2010/05/08 09:03:47 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/05/08 06:36:34 | 000,000,048 | ---- | C] () -- C:\WINDOWS\TaxACT09.ini
[2010/05/08 06:16:26 | 000,000,131 | ---- | C] () -- C:\WINDOWS\EurekaLog.ini
[2010/05/08 06:16:15 | 000,000,048 | ---- | C] () -- C:\WINDOWS\System32\gr6rlzay.dll
[2010/05/07 18:46:36 | 000,014,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2010/05/07 18:43:30 | 000,025,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2010/05/07 15:52:32 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[2010/05/07 15:38:13 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\lfkodak.dll
[2010/05/07 14:00:04 | 000,000,068 | ---- | C] () -- C:\WINDOWS\IDMan.INI
[2010/05/07 12:06:47 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2010/05/07 12:06:45 | 000,000,171 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2010/05/07 12:04:37 | 000,015,595 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2010/05/07 11:39:23 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\Jpeg32.dll
[2010/05/07 11:39:18 | 000,001,042 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2010/05/07 11:39:18 | 000,000,090 | ---- | C] () -- C:\WINDOWS\calera.ini
[2010/05/07 11:39:15 | 000,269,312 | ---- | C] () -- C:\WINDOWS\System32\FPXIG.DLL
[2010/05/07 11:39:15 | 000,068,096 | ---- | C] () -- C:\WINDOWS\System32\IGFPX32P.DLL
[2010/05/07 11:39:15 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\JPEGACC.DLL
[2010/05/07 11:39:09 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\WELSOF32.DLL
[2010/05/07 11:31:57 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
[2010/05/07 11:31:57 | 000,000,166 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/05/07 11:24:42 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2010/05/07 10:41:24 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2010/05/07 10:22:34 | 000,000,178 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2010/05/06 22:05:07 | 000,012,800 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/06 18:44:00 | 000,876,544 | ---- | C] () -- C:\WINDOWS\System32\TEACico2.dll
[2009/04/30 22:39:36 | 000,090,071 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2008/06/16 13:47:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/01/30 15:07:46 | 000,245,408 | ---- | C] () -- C:\WINDOWS\System32\unicows.dll
[2001/07/06 16:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1999/08/12 00:00:00 | 001,708,032 | ---- | C] () -- C:\WINDOWS\System32\MSO97V.DLL
[1999/08/12 00:00:00 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1999/08/12 00:00:00 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\MSORFS.DLL
[1999/08/12 00:00:00 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

========== LOP Check ==========

[2010/05/06 18:46:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/07/05 11:25:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avery
[2010/08/11 09:06:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\F-Secure
[2010/05/07 15:28:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Genie-Soft
[2010/05/08 10:23:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Karen's Power Tools
[2010/05/07 16:17:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\National Instruments
[2010/05/08 11:33:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2010/08/11 06:40:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2010/07/07 06:30:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Screentime
[2010/08/06 11:36:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2010/06/12 06:32:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2010/06/16 06:33:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Softland
[2010/08/17 10:16:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/05/07 11:08:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
[2010/08/14 06:50:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Application Updater
[2010/05/08 15:05:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Auslogics
[2010/08/15 19:58:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DMCache
[2010/05/11 18:44:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\EPSON
[2010/05/07 13:40:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Foxit
[2010/05/07 11:33:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Genie-soft
[2010/08/03 10:34:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\IDM
[2010/06/03 06:47:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Image Zone Express
[2010/05/07 05:10:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2010/08/17 11:28:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MailWasherPro
[2010/05/08 11:33:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\NCH Swift Sound
[2010/06/28 06:28:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\pdfforge
[2010/08/05 15:30:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Printer Info Cache
[2010/06/28 06:28:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Search Settings
[2010/06/16 06:33:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Softland
[2010/08/09 19:10:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Template
[2010/05/07 06:29:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Thunderbird
[2010/08/05 18:33:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Wal-Mart
[2010/08/05 15:27:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Wal-Mart Digital Photo Manager
[2010/08/15 08:09:45 | 000,000,356 | ---- | M] () -- C:\WINDOWS\Tasks\GBM - Weekly-Full.job

========== Purity Check ==========

========== Custom Scans ==========

< >

< %SYSTEMDRIVE%\*.exe >

< MD5 for: AGP440.SYS >
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386\atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008/04/14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: IASTOR.SYS >
[2007/03/21 13:58:56 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\dell\drivers\Storage manager\iastor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008/04/14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2008/04/14 05:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/14 05:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008/04/14 05:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: USERINIT.EXE >
[2008/04/14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2010/05/06 12:03:40 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2010/05/06 12:03:40 | 001,064,960 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2010/05/06 12:03:40 | 000,937,984 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

========== Alternate Data Streams ==========

@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:631CA307
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0D3D740E
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >

#8 Broni Re: [RESOLVED] Bancos IXQ and System Surveillance Pro 4.2

Malware Annihilator

24,345 posts
Joined: October 04, 2004
1,748 topics
Age: 57
Skin: IPBoard wide
Local time: 01:01 PM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Online

Time Online: 40d 22h 16m 35s

Posted 17 August 2010 - 09:08 PM

You did fine :)
You ran OTL before, that's why, it didn't give you 2nd log.
Let's see, what you got there....

#9 Broni Re: [RESOLVED] Bancos IXQ and System Surveillance Pro 4.2

Malware Annihilator

24,345 posts
Joined: October 04, 2004
1,748 topics
Age: 57
Skin: IPBoard wide
Local time: 01:01 PM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Online

Time Online: 40d 22h 16m 35s

Posted 17 August 2010 - 09:13 PM

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
[1 C:\Documents and Settings\Owner\My Documents\*.tmp files -> C:\Documents and Settings\Owner\My Documents\*.tmp -> ]
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:631CA307
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0D3D740E
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
You will get a log that shows the results of the fix. Please post it.

============================================================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe
Follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

2. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

3. Go to Kaspersky website and perform an online antivirus scan.

Disable your active antivirus program.
Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
- Spyware, Adware, Dialers, and other potentially dangerous programs
- Archives
- Mail databases
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

#10 jdhoward Re: [RESOLVED] Bancos IXQ and System Surveillance Pro 4.2

$ Supporting Member

27 posts
Joined: August 16, 2010
4 topics
Skin: IP.Board
Local time: 02:01 PM

Zodiac:Aquarius
Gender:Male
OS:Windows XP
Country:

Offline

Time Online: 3h 43s

Posted 18 August 2010 - 04:32 AM

OK, good news.
Kapersky found no threats.
He are the logs:
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Tuesday, August 17, 2010
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Tuesday, August 17, 2010 21:53:37
Records in database: 4137160
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\

Scan statistics:
Objects scanned: 213507
Threats found: 0
Infected objects found: 0
Suspicious objects found: 0
Scan duration: 03:15:47

No threats found. Scanned area is clean.

Selected area has been scanned.

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\AutorunsDisabled\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
C:\Documents and Settings\Owner\My Documents\~WRL2072.tmp deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:631CA307 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:0D3D740E deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Owner
->Temp folder emptied: 127236807 bytes
->Temporary Internet Files folder emptied: 103039533 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 52149507 bytes
->Flash cache emptied: 637 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16384 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 91521375 bytes

Total Files Cleaned = 357.00 mb

[EMPTYFLASH]

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: Owner
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.10.0 log created on 08172010_181547

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_208.dat not found!

Registry entries deleted on Reboot...

Results of screen317's Security Check version 0.99.5
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
avast! Free Antivirus
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java™ 6 Update 21
Adobe Flash Player 10.0.45.2
Mozilla Firefox (3.6.3) Firefox Out of Date!
Mozilla Thunderbird (3.1.) Thunderbird Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
Comodo Firewall cmdagent.exe
Comodo Firewall cfp.exe
Alwil Software Avast5 AvastSvc.exe
ALWILS~1 Avast5 avastUI.exe
FireTrust MailWasher Pro MailWasher.exe
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

I really appreciate your help, Broni

#11 Broni Re: [RESOLVED] Bancos IXQ and System Surveillance Pro 4.2

Malware Annihilator

24,345 posts
Joined: October 04, 2004
1,748 topics
Age: 57
Skin: IPBoard wide
Local time: 01:01 PM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Online

Time Online: 40d 22h 16m 35s

Posted 18 August 2010 - 04:40 AM

You're welcome :)

Please, update Firefox and Thunderbird.
Everything else looks good :)

OTL Clean-Up
Clean up with OTL:

* Double-click OTL.exe to start the program.
* Close all other programs apart from OTL as this step will require a reboot
* On the OTL main screen, press the CLEANUP button
* Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

===============================================================================================================

Your computer is clean Posted Image

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point.

Turn off System Restore:

- Windows XP:
1. Click Start.
2. Right-click the My Computer icon, and then click Properties.
3. Click the System Restore tab.
4. Check "Turn off System Restore".
5. Click Apply.
6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
7. Click OK.
- Windows Vista and 7:
1. Click Start.
2. Right-click the Computer icon, and then click Properties.
3. Click on System Protection under the Tasks column on the left side
4. Click on Continue on the "User Account Control" window that pops up
5. Under the System Protection tab, find Available Disks
6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C:")
7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this.
8. Click OK

2. Restart computer.

3. Turn System Restore on.

4. Make sure, Windows Updates are current.

5. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

7. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

8. Run Temporary File Cleaner (TFC) weekly.

9. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/v...ning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

10. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

11. Run defrag at your convenience.

12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingc.../topic2520.html

13. Please, let me know, how your computer is doing.