[RESOLVED] Friends old Win XP Gateway laptop madbly infected

Started By ProblemsRBad, Jul 07 2011 01:52 PM

You cannot start a new topic
You cannot reply to this topic

15 replies to this topic

#1 ProblemsRBad

Member

161 posts
Joined: June 23, 2011
15 topics
Skin: IP.Board
Local time: 08:16 PM

Zodiac:Aries
OS:Windows 7
Country:

Offline

Time Online: 3d 20h 16m 27s

Posted 07 July 2011 - 01:52 PM

My friend dropped off his Win XP laptop to me the other night. I did the preliminary scans for you. DDs is the only one that would not scan, but just open a note pad and fill with gibberish computer language. Malwarebytes found 108 infections.

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 7025

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/5/2011 12:28:42 AM
mbam-log-2011-07-05 (00-28-42).txt

Scan type: Quick scan
Objects scanned: 164411
Time elapsed: 14 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 10
Registry Data Items Infected: 1
Folders Infected: 13
Files Infected: 80

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\qnpn7rjv93lf (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\AntiVirus 2010 (Rogue.AntiVirus2010) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\AntiVirus 2010 (Rogue.AntiVirus2010) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\brastk.exe (Security.Hijack) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0.8634735588959972 (Trojan.FakeAlert) -> Value: 0.8634735588959972 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\0.8634735588959972 (Trojan.FakeAlert) -> Value: 0.8634735588959972 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\QuickTimeResourcesQuickTimeResources (Trojan.FakeAlert) -> Value: QuickTimeResourcesQuickTimeResources -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\QuickTimeQuickTime (Trojan.FakeAlert) -> Value: QuickTimeQuickTime -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\QuickTimeQuickTimeResources7.6 (Trojan.FakeAlert) -> Value: QuickTimeQuickTimeResources7.6 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qmkurpaw (Trojan.FakeAV.Gen) -> Value: qmkurpaw -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nbrupruvfmf0 (Trojan.FakeAlert) -> Value: nbrupruvfmf0 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AntiVirus 2010 (Rogue.AntiVirus) -> Value: AntiVirus 2010 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer (PUM.Bad.Proxy) -> Value: ProxyServer -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\SecurityCenter (Rogue.AntiVirus2010) -> Value: SecurityCenter -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CLASSES_ROOT\.exe\(default) (Hijacked.exeFile) -> Bad: (secfile) Good: (exefile) -> Quarantined and deleted successfully.

Folders Infected:
c:\documents and settings\Owner\application data\antivirus 2010 (Rogue.AntiVirus2010) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\MPK (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\MPK\1 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\MPK\2 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\MPK\CPDA (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\MPK\CPDM (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\MPK\refog free keylogger (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\start menu\Programs\antivirus 2010 (Rogue.AntiVirus2010) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\MPK (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\MPK\Help (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\MPK\Help\English (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\MPK\Help\Spanish (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\MPK\Images (Refog.Keylogger) -> Quarantined and deleted successfully.

Files Infected:
c:\documents and settings\Owner\local settings\Temp\0.8634735588959972.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\program files\quicktime\propertypanels\panelhelperbase.resources\en.lproj\quicktimeresourcesquicktime.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\program files\quicktime\QTSystem\quicktime.resources\ko.lproj\quicktimequicktime.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\program files\quicktime\QTSystem\quicktimeimage.resources\ko.lproj\quicktimeresourcesquicktimeresources.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\iqroqlsxd\bcpfnmyaffm.exe (Trojan.FakeAV.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\start menu\Programs\antivirus 2010.lnk (Rogue.AntiVirus2010) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\Temp\m.24c.tmp.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\application data\antivirus 2010\antivirus_studio_2010.exe (Rogue.AntiVirus) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\application data\antivirus 2010\securitycenter.exe (Rogue.AntiVirus2010) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\application data\antivirus 2010\securityhelper.exe (Rogue.AntiVirus2010) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\application data\antivirus 2010\taskmgr.dll (Rogue.AntiVirus2010) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\MPK\M0000 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\MPK\S0000 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\MPK\1\D0000 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\MPK\1\i40124_1843928935 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\MPK\1\i40124_3420363079 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\MPK\1\S0000 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\MPK\2\D0000 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\MPK\2\S0000 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\MPK\CPDM\cpfm.bin (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\MPK\refog free keylogger\get discount!.lnk (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\MPK\refog free keylogger\order now!.lnk (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\MPK\refog free keylogger\refog free keylogger on the web.lnk (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\MPK\refog free keylogger\refog free keylogger.lnk (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\MPK\refog free keylogger\uninstall refog free keylogger.lnk (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\start menu\Programs\antivirus 2010\activate antivirus 2010.lnk (Rogue.AntiVirus2010) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\start menu\Programs\antivirus 2010\antivirus 2010.lnk (Rogue.AntiVirus2010) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\start menu\Programs\antivirus 2010\help antivirus 2010.lnk (Rogue.AntiVirus2010) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\start menu\Programs\antivirus 2010\how to activate antivirus 2010.lnk (Rogue.AntiVirus2010) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\MPK\French.lng (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\MPK\German.lng (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\MPK\icon_1.ico (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\MPK\Mpk.dll (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\MPK\MPK.exe (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\MPK\Mpk64.dll (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\MPK\MPK64.exe (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\MPK\Romanian.lng (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\MPK\Spanish.lng (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\MPK\sqlite3.dll (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\MPK\unins000.dat (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\MPK\unins000.exe (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\MPK\Help\English\alarms.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\MPK\Help\English\clipboard.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\MPK\Help\English\computer.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\MPK\Help\English\delivery.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\MPK\Help\English\file.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\MPK\Help\English\filters.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\MPK\Help\English\imhelp.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\MPK\Help\English\internet.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\MPK\Help\English\invisible.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\MPK\Help\English\keyboard.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\MPK\Help\English\logging.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\MPK\Help\English\log_size.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\MPK\Help\English\need_update_net.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\MPK\Help\English\password.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\MPK\Help\English\programs.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\MPK\Help\English\screenshot.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\MPK\Help\English\settings_node.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\MPK\Help\English\update.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\MPK\Help\English\users_node.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\MPK\Help\Spanish\alarms.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\MPK\Help\Spanish\clipboard.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\MPK\Help\Spanish\computer.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\MPK\Help\Spanish\delivery.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\MPK\Help\Spanish\filters.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\MPK\Help\Spanish\internet.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\MPK\Help\Spanish\invisible.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\MPK\Help\Spanish\keyboard.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\MPK\Help\Spanish\logging.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\MPK\Help\Spanish\log_size.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\MPK\Help\Spanish\password.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\MPK\Help\Spanish\programs.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\MPK\Help\Spanish\screenshot.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\MPK\Help\Spanish\settings_node.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\MPK\Help\Spanish\users_node.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\MPK\Images\english.gif (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\MPK\Images\german.gif (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\MPK\Images\russian.gif (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\MPK\Images\vista_hide.bmp (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\MPK\Images\xp_hide.bmp (Refog.Keylogger) -> Quarantined and deleted successfully.

==============================================================================================================================================

GMER 1.0.15.15640 - http://www.gmer.net
Rootkit scan 2011-07-05 01:25:19
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort0 IC25N060ATMR04-0 rev.MO3OAD4A
Running: 5et0gqx0.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\axlyqpog.sys

---- System - GMER 1.0.15 ----

SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xF776987E]
SSDT sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) ZwEnumerateKey [0xF759DC7E]
SSDT sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) ZwEnumerateValueKey [0xF759DFF6]
SSDT sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) ZwOpenKey [0xF759DA18]
SSDT sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) ZwQueryKey [0xF759E0C0]
SSDT sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) ZwQueryValueKey [0xF759DF58]
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xF7769BFE]

Code \SystemRoot\system32\drivers\mfehidk.sys ZwCreateFile [0xEEA3E78A]
Code \SystemRoot\system32\drivers\mfehidk.sys ZwCreateProcess [0xEEA3E738]
Code \SystemRoot\system32\drivers\mfehidk.sys ZwCreateProcessEx [0xEEA3E74C]
Code \SystemRoot\system32\drivers\mfehidk.sys ZwDeleteKey [0xEEA3E839]
Code \SystemRoot\system32\drivers\mfehidk.sys ZwDeleteValueKey [0xEEA3E865]
Code \SystemRoot\system32\drivers\mfehidk.sys ZwMapViewOfSection [0xEEA3E7CA]
Code \SystemRoot\system32\drivers\mfehidk.sys ZwNotifyChangeKey [0xEEA3E8FD]
Code \SystemRoot\system32\drivers\mfehidk.sys ZwOpenProcess [0xEEA3E710]
Code \SystemRoot\system32\drivers\mfehidk.sys ZwOpenThread [0xEEA3E724]
Code \SystemRoot\system32\drivers\mfehidk.sys ZwProtectVirtualMemory [0xEEA3E79E]
Code \SystemRoot\system32\drivers\mfehidk.sys ZwQueryMultipleValueKey [0xEEA3E8A7]
Code \SystemRoot\system32\drivers\mfehidk.sys ZwRenameKey [0xEEA3E84F]
Code \SystemRoot\system32\drivers\mfehidk.sys ZwReplaceKey [0xEEA3E925]
Code \SystemRoot\system32\drivers\mfehidk.sys ZwRestoreKey [0xEEA3E911]
Code \SystemRoot\system32\drivers\mfehidk.sys ZwSetContextThread [0xEEA3E776]
Code \SystemRoot\system32\drivers\mfehidk.sys ZwSetInformationProcess [0xEEA3E762]
Code \SystemRoot\system32\drivers\mfehidk.sys ZwTerminateProcess [0xEEA3E7F9]
Code \SystemRoot\system32\drivers\mfehidk.sys ZwUnloadKey [0xEEA3E8E7]
Code \SystemRoot\system32\drivers\mfehidk.sys ZwUnmapViewOfSection [0xEEA3E7E0]
Code \SystemRoot\system32\drivers\mfehidk.sys ZwYieldExecution [0xEEA3E7B4]
Code \SystemRoot\system32\drivers\mfehidk.sys NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys NtSetInformationProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!ZwYieldExecution + 19A 804E49F4 2 Bytes [F6, DF] {NEG BH}
.text ntoskrnl.exe!ZwYieldExecution 80515AB2 7 Bytes JMP EEA3E7B8 \SystemRoot\system32\drivers\mfehidk.sys
PAGE ntoskrnl.exe!NtCreateFile 80573DFB 5 Bytes JMP EEA3E78E \SystemRoot\system32\drivers\mfehidk.sys
PAGE ntoskrnl.exe!NtSetInformationProcess 80574B1F 5 Bytes JMP EEA3E766 \SystemRoot\system32\drivers\mfehidk.sys
PAGE ntoskrnl.exe!ZwUnmapViewOfSection 8057A401 5 Bytes JMP EEA3E7E4 \SystemRoot\system32\drivers\mfehidk.sys
PAGE ntoskrnl.exe!NtMapViewOfSection 8057A879 7 Bytes JMP EEA3E7CE \SystemRoot\system32\drivers\mfehidk.sys
PAGE ntoskrnl.exe!ZwProtectVirtualMemory 8057F1C3 7 Bytes JMP EEA3E7A2 \SystemRoot\system32\drivers\mfehidk.sys
PAGE ntoskrnl.exe!NtOpenProcess 8057F592 5 Bytes JMP EEA3E714 \SystemRoot\system32\drivers\mfehidk.sys
PAGE ntoskrnl.exe!NtOpenThread 80584849 5 Bytes JMP EEA3E728 \SystemRoot\system32\drivers\mfehidk.sys
PAGE ntoskrnl.exe!ZwCreateProcessEx 8059056D 7 Bytes JMP EEA3E750 \SystemRoot\system32\drivers\mfehidk.sys
PAGE ntoskrnl.exe!ZwTerminateProcess 80593435 5 Bytes JMP EEA3E7FD \SystemRoot\system32\drivers\mfehidk.sys
PAGE ntoskrnl.exe!ZwDeleteValueKey 805983A2 7 Bytes JMP EEA3E869 \SystemRoot\system32\drivers\mfehidk.sys
PAGE ntoskrnl.exe!ZwDeleteKey 80599783 7 Bytes JMP EEA3E83D \SystemRoot\system32\drivers\mfehidk.sys
PAGE ntoskrnl.exe!ZwCreateProcess 805B62C0 5 Bytes JMP EEA3E73C \SystemRoot\system32\drivers\mfehidk.sys
PAGE ntoskrnl.exe!ZwNotifyChangeKey 805E2166 5 Bytes JMP EEA3E901 \SystemRoot\system32\drivers\mfehidk.sys
PAGE ntoskrnl.exe!ZwSetContextThread 80635C83 5 Bytes JMP EEA3E77A \SystemRoot\system32\drivers\mfehidk.sys
PAGE ntoskrnl.exe!ZwUnloadKey 806550EA 7 Bytes JMP EEA3E8EB \SystemRoot\system32\drivers\mfehidk.sys
PAGE ntoskrnl.exe!ZwQueryMultipleValueKey 80655A23 7 Bytes JMP EEA3E8AB \SystemRoot\system32\drivers\mfehidk.sys
PAGE ntoskrnl.exe!ZwRenameKey 80655EA2 7 Bytes JMP EEA3E853 \SystemRoot\system32\drivers\mfehidk.sys
PAGE ntoskrnl.exe!ZwRestoreKey 80656395 5 Bytes JMP EEA3E915 \SystemRoot\system32\drivers\mfehidk.sys
PAGE ntoskrnl.exe!ZwReplaceKey 806567FE 5 Bytes JMP EEA3E929 \SystemRoot\system32\drivers\mfehidk.sys
? ffhqtfye.sys The system cannot find the file specified. !
? C:\WINDOWS\System32\Drivers\Mpfp.sys The system cannot find the file specified. !
? C:\WINDOWS\system32\drivers\mfehidk.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\svchost.exe[616] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C00000
.text C:\WINDOWS\system32\svchost.exe[616] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C00FB9
.text C:\WINDOWS\system32\svchost.exe[616] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C000A4
.text C:\WINDOWS\system32\svchost.exe[616] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C00093
.text C:\WINDOWS\system32\svchost.exe[616] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C0006C
.text C:\WINDOWS\system32\svchost.exe[616] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C0004A
.text C:\WINDOWS\system32\svchost.exe[616] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C000EE
.text C:\WINDOWS\system32\svchost.exe[616] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C00FA8
.text C:\WINDOWS\system32\svchost.exe[616] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C00F66
.text C:\WINDOWS\system32\svchost.exe[616] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C00F77
.text C:\WINDOWS\system32\svchost.exe[616] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00C00F55
.text C:\WINDOWS\system32\svchost.exe[616] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00C0005B
.text C:\WINDOWS\system32\svchost.exe[616] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00C00FEF
.text C:\WINDOWS\system32\svchost.exe[616] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00C000D3
.text C:\WINDOWS\system32\svchost.exe[616] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00C00FDE
.text C:\WINDOWS\system32\svchost.exe[616] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00C00025
.text C:\WINDOWS\system32\svchost.exe[616] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00C000FF
.text C:\WINDOWS\system32\svchost.exe[616] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00660FB9
.text C:\WINDOWS\system32\svchost.exe[616] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00660051
.text C:\WINDOWS\system32\svchost.exe[616] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00660FD4
.text C:\WINDOWS\system32\svchost.exe[616] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0066000A
.text C:\WINDOWS\system32\svchost.exe[616] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00660036
.text C:\WINDOWS\system32\svchost.exe[616] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00660FEF
.text C:\WINDOWS\system32\svchost.exe[616] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00660025
.text C:\WINDOWS\system32\svchost.exe[616] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00660F9E
.text C:\WINDOWS\system32\svchost.exe[616] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00650FB2
.text C:\WINDOWS\system32\svchost.exe[616] msvcrt.dll!system 77C293C7 5 Bytes JMP 0065003D
.text C:\WINDOWS\system32\svchost.exe[616] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00650018
.text C:\WINDOWS\system32\svchost.exe[616] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00650FEF
.text C:\WINDOWS\system32\svchost.exe[616] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00650FC3
.text C:\WINDOWS\system32\svchost.exe[616] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00650FDE
.text C:\WINDOWS\system32\svchost.exe[616] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00630000
.text C:\WINDOWS\system32\svchost.exe[616] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00630025
.text C:\WINDOWS\system32\svchost.exe[616] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00630036
.text C:\WINDOWS\system32\svchost.exe[616] WININET.dll!InternetOpenUrlW 3D9A6D5F 5 Bytes JMP 00630047
.text C:\WINDOWS\system32\svchost.exe[616] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00640000
.text C:\WINDOWS\Explorer.EXE[620] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00D70000
.text C:\WINDOWS\Explorer.EXE[620] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00D70F77
.text C:\WINDOWS\Explorer.EXE[620] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00D70F88
.text C:\WINDOWS\Explorer.EXE[620] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00D70FAF
.text C:\WINDOWS\Explorer.EXE[620] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00D70FC0
.text C:\WINDOWS\Explorer.EXE[620] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00D7003D
.text C:\WINDOWS\Explorer.EXE[620] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00D70F4B
.text C:\WINDOWS\Explorer.EXE[620] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00D70093
.text C:\WINDOWS\Explorer.EXE[620] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00D700D3
.text C:\WINDOWS\Explorer.EXE[620] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00D70F30
.text C:\WINDOWS\Explorer.EXE[620] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00D70F1F
.text C:\WINDOWS\Explorer.EXE[620] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00D70062
.text C:\WINDOWS\Explorer.EXE[620] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00D70FE5
.text C:\WINDOWS\Explorer.EXE[620] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00D70F66
.text C:\WINDOWS\Explorer.EXE[620] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00D7002C
.text C:\WINDOWS\Explorer.EXE[620] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00D7001B
.text C:\WINDOWS\Explorer.EXE[620] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00D700B8
.text C:\WINDOWS\Explorer.EXE[620] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00D6002C
.text C:\WINDOWS\Explorer.EXE[620] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00D60F80
.text C:\WINDOWS\Explorer.EXE[620] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00D6001B
.text C:\WINDOWS\Explorer.EXE[620] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00D60FE5
.text C:\WINDOWS\Explorer.EXE[620] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00D60047
.text C:\WINDOWS\Explorer.EXE[620] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00D6000A
.text C:\WINDOWS\Explorer.EXE[620] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00D60FAF
.text C:\WINDOWS\Explorer.EXE[620] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [F6, 88]
.text C:\WINDOWS\Explorer.EXE[620] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00D60FC0
.text C:\WINDOWS\Explorer.EXE[620] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00D00027
.text C:\WINDOWS\Explorer.EXE[620] msvcrt.dll!system 77C293C7 5 Bytes JMP 00D00FA6
.text C:\WINDOWS\Explorer.EXE[620] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00D00FD2
.text C:\WINDOWS\Explorer.EXE[620] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00D00FEF
.text C:\WINDOWS\Explorer.EXE[620] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00D00FC1
.text C:\WINDOWS\Explorer.EXE[620] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00D0000C
.text C:\WINDOWS\Explorer.EXE[620] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00C90FEF
.text C:\WINDOWS\Explorer.EXE[620] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00C90FD4
.text C:\WINDOWS\Explorer.EXE[620] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00C9000A
.text C:\WINDOWS\Explorer.EXE[620] WININET.dll!InternetOpenUrlW 3D9A6D5F 5 Bytes JMP 00C90FB9
.text C:\WINDOWS\Explorer.EXE[620] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00CF0FEF
.text C:\WINDOWS\system32\svchost.exe[684] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00AA0FEF
.text C:\WINDOWS\system32\svchost.exe[684] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00AA0F3A
.text C:\WINDOWS\system32\svchost.exe[684] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00AA002F
.text C:\WINDOWS\system32\svchost.exe[684] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00AA0F4B
.text C:\WINDOWS\system32\svchost.exe[684] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00AA0F72
.text C:\WINDOWS\system32\svchost.exe[684] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00AA0014
.text C:\WINDOWS\system32\svchost.exe[684] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00AA0F13
.text C:\WINDOWS\system32\svchost.exe[684] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00AA005B
.text C:\WINDOWS\system32\svchost.exe[684] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00AA0091
.text C:\WINDOWS\system32\svchost.exe[684] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00AA0080
.text C:\WINDOWS\system32\svchost.exe[684] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00AA00A2
.text C:\WINDOWS\system32\svchost.exe[684] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00AA0F83
.text C:\WINDOWS\system32\svchost.exe[684] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00AA0FDE
.text C:\WINDOWS\system32\svchost.exe[684] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00AA004A
.text C:\WINDOWS\system32\svchost.exe[684] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00AA0FA8
.text C:\WINDOWS\system32\svchost.exe[684] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00AA0FC3
.text C:\WINDOWS\system32\svchost.exe[684] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00AA0EF8
.text C:\WINDOWS\system32\svchost.exe[684] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00A9000A
.text C:\WINDOWS\system32\svchost.exe[684] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00A90F72
.text C:\WINDOWS\system32\svchost.exe[684] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00A90FB9
.text C:\WINDOWS\system32\svchost.exe[684] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00A90FD4
.text C:\WINDOWS\system32\svchost.exe[684] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00A9002F
.text C:\WINDOWS\system32\svchost.exe[684] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00A90FEF
.text C:\WINDOWS\system32\svchost.exe[684] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00A90F83
.text C:\WINDOWS\system32\svchost.exe[684] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [C9, 88]
.text C:\WINDOWS\system32\svchost.exe[684] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00A90F9E
.text C:\WINDOWS\system32\svchost.exe[684] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00A80FAB
.text C:\WINDOWS\system32\svchost.exe[684] msvcrt.dll!system 77C293C7 5 Bytes JMP 00A80FBC
.text C:\WINDOWS\system32\svchost.exe[684] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00A80011
.text C:\WINDOWS\system32\svchost.exe[684] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00A80000
.text C:\WINDOWS\system32\svchost.exe[684] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00A8002C
.text C:\WINDOWS\system32\svchost.exe[684] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00A80FE3
.text C:\WINDOWS\system32\svchost.exe[684] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00A70FEF
.text C:\WINDOWS\System32\svchost.exe[940] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02EC0FEF
.text C:\WINDOWS\System32\svchost.exe[940] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 02EC0F79
.text C:\WINDOWS\System32\svchost.exe[940] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 02EC006E
.text C:\WINDOWS\System32\svchost.exe[940] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02EC0051
.text C:\WINDOWS\System32\svchost.exe[940] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 02EC0036
.text C:\WINDOWS\System32\svchost.exe[940] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 02EC0025
.text C:\WINDOWS\System32\svchost.exe[940] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 02EC007F
.text C:\WINDOWS\System32\svchost.exe[940] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 02EC0F43
.text C:\WINDOWS\System32\svchost.exe[940] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 02EC00AB
.text C:\WINDOWS\System32\svchost.exe[940] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 02EC0F12
.text C:\WINDOWS\System32\svchost.exe[940] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 02EC0EF7
.text C:\WINDOWS\System32\svchost.exe[940] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 02EC0F9E
.text C:\WINDOWS\System32\svchost.exe[940] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 02EC0FD4
.text C:\WINDOWS\System32\svchost.exe[940] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 02EC0F5E
.text C:\WINDOWS\System32\svchost.exe[940] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 02EC0014
.text C:\WINDOWS\System32\svchost.exe[940] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 02EC0FC3
.text C:\WINDOWS\System32\svchost.exe[940] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 02EC009A
.text C:\WINDOWS\System32\svchost.exe[940] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 02EB002C
.text C:\WINDOWS\System32\svchost.exe[940] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 02EB0F83
.text C:\WINDOWS\System32\svchost.exe[940] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 02EB0FE5
.text C:\WINDOWS\System32\svchost.exe[940] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 02EB0011
.text C:\WINDOWS\System32\svchost.exe[940] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 02EB0F94
.text C:\WINDOWS\System32\svchost.exe[940] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 02EB0000
.text C:\WINDOWS\System32\svchost.exe[940] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 02EB0FA5
.text C:\WINDOWS\System32\svchost.exe[940] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [0B, 8B]
.text C:\WINDOWS\System32\svchost.exe[940] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 02EB0FB6
.text C:\WINDOWS\System32\svchost.exe[940] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 01FC0047
.text C:\WINDOWS\System32\svchost.exe[940] msvcrt.dll!system 77C293C7 5 Bytes JMP 01FC0FBC
.text C:\WINDOWS\System32\svchost.exe[940] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 01FC0FCD
.text C:\WINDOWS\System32\svchost.exe[940] msvcrt.dll!_open 77C2F566 5 Bytes JMP 01FC0FEF
.text C:\WINDOWS\System32\svchost.exe[940] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 01FC002C
.text C:\WINDOWS\System32\svchost.exe[940] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 01FC0FDE
.text C:\WINDOWS\System32\svchost.exe[940] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01FB0FEF
.text C:\WINDOWS\System32\svchost.exe[940] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 01FA0FE5
.text C:\WINDOWS\System32\svchost.exe[940] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 01FA0FD4
.text C:\WINDOWS\System32\svchost.exe[940] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 01FA0FC3
.text C:\WINDOWS\System32\svchost.exe[940] WININET.dll!InternetOpenUrlW 3D9A6D5F 5 Bytes JMP 01FA0FB2
.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00790000
.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0079008C
.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0079007B
.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!LoadLibraryExW 7C801AF5 3 Bytes JMP 00790F97
.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!LoadLibraryExW + 4 7C801AF9 1 Byte [83]
.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00790FA8
.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00790040
.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 007900B3
.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00790F6B
.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 007900F0
.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 007900DF
.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00790F3C
.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00790FB9
.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00790FE5
.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00790F7C
.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00790FD4
.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00790025
.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 007900C4
.text C:\WINDOWS\system32\svchost.exe[1024] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 0078002C
.text C:\WINDOWS\system32\svchost.exe[1024] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00780058
.text C:\WINDOWS\system32\svchost.exe[1024] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0078001B
.text C:\WINDOWS\system32\svchost.exe[1024] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0078000A
.text C:\WINDOWS\system32\svchost.exe[1024] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00780047
.text C:\WINDOWS\system32\svchost.exe[1024] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00780FE5
.text C:\WINDOWS\system32\svchost.exe[1024] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00780FA5
.text C:\WINDOWS\system32\svchost.exe[1024] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [98, 88]
.text C:\WINDOWS\system32\svchost.exe[1024] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00780FC0
.text C:\WINDOWS\system32\svchost.exe[1024] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 0077004A
.text C:\WINDOWS\system32\svchost.exe[1024] msvcrt.dll!system 77C293C7 5 Bytes JMP 00770FB5
.text C:\WINDOWS\system32\svchost.exe[1024] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00770FC6
.text C:\WINDOWS\system32\svchost.exe[1024] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00770FEF
.text C:\WINDOWS\system32\svchost.exe[1024] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0077001B
.text C:\WINDOWS\system32\svchost.exe[1024] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00770000
.text C:\WINDOWS\system32\svchost.exe[1024] WS2_32.dll!socket 71AB4211 5 Bytes JMP 0076000A
.text C:\WINDOWS\system32\services.exe[1424] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00070000
.text C:\WINDOWS\system32\services.exe[1424] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00070F92
.text C:\WINDOWS\system32\services.exe[1424] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00070FAD
.text C:\WINDOWS\system32\services.exe[1424] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00070087
.text C:\WINDOWS\system32\services.exe[1424] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00070FCA
.text C:\WINDOWS\system32\services.exe[1424] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00070FDB
.text C:\WINDOWS\system32\services.exe[1424] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00070F50
.text C:\WINDOWS\system32\services.exe[1424] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 000700A2
.text C:\WINDOWS\system32\services.exe[1424] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000700CE
.text C:\WINDOWS\system32\services.exe[1424] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 000700BD
.text C:\WINDOWS\system32\services.exe[1424] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00070F1A
.text C:\WINDOWS\system32\services.exe[1424] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00070062
.text C:\WINDOWS\system32\services.exe[1424] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0007001B
.text C:\WINDOWS\system32\services.exe[1424] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00070F77
.text C:\WINDOWS\system32\services.exe[1424] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00070047
.text C:\WINDOWS\system32\services.exe[1424] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 0007002C
.text C:\WINDOWS\system32\services.exe[1424] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00070F3F
.text C:\WINDOWS\system32\services.exe[1424] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 0006002F
.text C:\WINDOWS\system32\services.exe[1424] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00060080
.text C:\WINDOWS\system32\services.exe[1424] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0006001E
.text C:\WINDOWS\system32\services.exe[1424] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00060FDE
.text C:\WINDOWS\system32\services.exe[1424] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00060FC3
.text C:\WINDOWS\system32\services.exe[1424] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00060FEF
.text C:\WINDOWS\system32\services.exe[1424] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 0006006F
.text C:\WINDOWS\system32\services.exe[1424] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 0006004A
.text C:\WINDOWS\system32\services.exe[1424] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00050FBE
.text C:\WINDOWS\system32\services.exe[1424] msvcrt.dll!system 77C293C7 5 Bytes JMP 00050049
.text C:\WINDOWS\system32\services.exe[1424] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00050FE3
.text C:\WINDOWS\system32\services.exe[1424] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00050000
.text C:\WINDOWS\system32\services.exe[1424] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0005002E
.text C:\WINDOWS\system32\services.exe[1424] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0005001D
.text C:\WINDOWS\system32\services.exe[1424] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00040FEF
.text C:\WINDOWS\system32\lsass.exe[1436] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C40FEF
.text C:\WINDOWS\system32\lsass.exe[1436] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C4004A
.text C:\WINDOWS\system32\lsass.exe[1436] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C40F55
.text C:\WINDOWS\system32\lsass.exe[1436] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C4002F
.text C:\WINDOWS\system32\lsass.exe[1436] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C40F72
.text C:\WINDOWS\system32\lsass.exe[1436] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C40F9E
.text C:\WINDOWS\system32\lsass.exe[1436] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C40F0C
.text C:\WINDOWS\system32\lsass.exe[1436] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C40F29
.text C:\WINDOWS\system32\lsass.exe[1436] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C40080
.text C:\WINDOWS\system32\lsass.exe[1436] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C40EE7
.text C:\WINDOWS\system32\lsass.exe[1436] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00C40091
.text C:\WINDOWS\system32\lsass.exe[1436] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00C40F83
.text C:\WINDOWS\system32\lsass.exe[1436] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00C40FD4
.text C:\WINDOWS\system32\lsass.exe[1436] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00C40F3A
.text C:\WINDOWS\system32\lsass.exe[1436] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00C40FAF
.text C:\WINDOWS\system32\lsass.exe[1436] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00C40000
.text C:\WINDOWS\system32\lsass.exe[1436] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00C40065
.text C:\WINDOWS\system32\lsass.exe[1436] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00C30FD4
.text C:\WINDOWS\system32\lsass.exe[1436] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00C30F8D
.text C:\WINDOWS\system32\lsass.exe[1436] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00C30025
.text C:\WINDOWS\system32\lsass.exe[1436] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00C30FEF
.text C:\WINDOWS\system32\lsass.exe[1436] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00C30FA8
.text C:\WINDOWS\system32\lsass.exe[1436] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00C3000A
.text C:\WINDOWS\system32\lsass.exe[1436] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00C30FB9
.text C:\WINDOWS\system32\lsass.exe[1436] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [E3, 88] {JECXZ 0xffffffffffffff8a}
.text C:\WINDOWS\system32\lsass.exe[1436] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00C30036
.text C:\WINDOWS\system32\lsass.exe[1436] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00C20F90
.text C:\WINDOWS\system32\lsass.exe[1436] msvcrt.dll!system 77C293C7 5 Bytes JMP 00C20FA1
.text C:\WINDOWS\system32\lsass.exe[1436] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00C20FBC
.text C:\WINDOWS\system32\lsass.exe[1436] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00C20FEF
.text C:\WINDOWS\system32\lsass.exe[1436] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00C20011
.text C:\WINDOWS\system32\lsass.exe[1436] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00C20000
.text C:\WINDOWS\system32\lsass.exe[1436] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00C10FEF
.text C:\WINDOWS\system32\svchost.exe[1596] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00B20000
.text C:\WINDOWS\system32\svchost.exe[1596] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00B2007D
.text C:\WINDOWS\system32\svchost.exe[1596] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00B20062
.text C:\WINDOWS\system32\svchost.exe[1596] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00B20051
.text C:\WINDOWS\system32\svchost.exe[1596] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00B20F94
.text C:\WINDOWS\system32\svchost.exe[1596] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00B2002C
.text C:\WINDOWS\system32\svchost.exe[1596] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00B200C6
.text C:\WINDOWS\system32\svchost.exe[1596] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00B200AB
.text C:\WINDOWS\system32\svchost.exe[1596] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00B20F3E
.text C:\WINDOWS\system32\svchost.exe[1596] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00B20F59
.text C:\WINDOWS\system32\svchost.exe[1596] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00B20F23
.text C:\WINDOWS\system32\svchost.exe[1596] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00B20FA5
.text C:\WINDOWS\system32\svchost.exe[1596] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00B20FDB
.text C:\WINDOWS\system32\svchost.exe[1596] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00B2008E
.text C:\WINDOWS\system32\svchost.exe[1596] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00B20FC0
.text C:\WINDOWS\system32\svchost.exe[1596] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00B20011
.text C:\WINDOWS\system32\svchost.exe[1596] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00B200D7
.text C:\WINDOWS\system32\svchost.exe[1596] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00B10040
.text C:\WINDOWS\system32\svchost.exe[1596] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00B10087
.text C:\WINDOWS\system32\svchost.exe[1596] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00B10FEF
.text C:\WINDOWS\system32\svchost.exe[1596] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00B1001B
.text C:\WINDOWS\system32\svchost.exe[1596] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00B10076
.text C:\WINDOWS\system32\svchost.exe[1596] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00B10000
.text C:\WINDOWS\system32\svchost.exe[1596] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00B10FD4
.text C:\WINDOWS\system32\svchost.exe[1596] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [D1, 88]
.text C:\WINDOWS\system32\svchost.exe[1596] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00B1005B
.text C:\WINDOWS\system32\svchost.exe[1596] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00B00F6E
.text C:\WINDOWS\system32\svchost.exe[1596] msvcrt.dll!system 77C293C7 5 Bytes JMP 00B00F7F
.text C:\WINDOWS\system32\svchost.exe[1596] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00B00FB5
.text C:\WINDOWS\system32\svchost.exe[1596] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00B00FEF
.text C:\WINDOWS\system32\svchost.exe[1596] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00B00F90
.text C:\WINDOWS\system32\svchost.exe[1596] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00B00FC6
.text C:\WINDOWS\system32\svchost.exe[1596] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00AF0FEF
.text C:\WINDOWS\system32\svchost.exe[1660] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00CA0000
.text C:\WINDOWS\system32\svchost.exe[1660] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00CA0F77
.text C:\WINDOWS\system32\svchost.exe[1660] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00CA0F88
.text C:\WINDOWS\system32\svchost.exe[1660] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00CA0FA5
.text C:\WINDOWS\system32\svchost.exe[1660] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00CA0FB6
.text C:\WINDOWS\system32\svchost.exe[1660] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00CA0047
.text C:\WINDOWS\system32\svchost.exe[1660] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00CA00A2
.text C:\WINDOWS\system32\svchost.exe[1660] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00CA0F50
.text C:\WINDOWS\system32\svchost.exe[1660] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00CA0F24
.text C:\WINDOWS\system32\svchost.exe[1660] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00CA0F3F
.text C:\WINDOWS\system32\svchost.exe[1660] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00CA00D8
.text C:\WINDOWS\system32\svchost.exe[1660] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00CA0058
.text C:\WINDOWS\system32\svchost.exe[1660] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00CA0011
.text C:\WINDOWS\system32\svchost.exe[1660] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00CA0087
.text C:\WINDOWS\system32\svchost.exe[1660] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00CA0FDB
.text C:\WINDOWS\system32\svchost.exe[1660] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00CA002C
.text C:\WINDOWS\system32\svchost.exe[1660] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00CA00B3
.text C:\WINDOWS\system32\svchost.exe[1660] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00C90FAF
.text C:\WINDOWS\system32\svchost.exe[1660] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00C9006C
.text C:\WINDOWS\system32\svchost.exe[1660] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00C90FCA
.text C:\WINDOWS\system32\svchost.exe[1660] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00C90000
.text C:\WINDOWS\system32\svchost.exe[1660] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00C90051
.text C:\WINDOWS\system32\svchost.exe[1660] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00C90FE5
.text C:\WINDOWS\system32\svchost.exe[1660] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00C90036
.text C:\WINDOWS\system32\svchost.exe[1660] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00C90025
.text C:\WINDOWS\system32\svchost.exe[1660] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00C80070
.text C:\WINDOWS\system32\svchost.exe[1660] msvcrt.dll!system 77C293C7 5 Bytes JMP 00C8005F
.text C:\WINDOWS\system32\svchost.exe[1660] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00C80044
.text C:\WINDOWS\system32\svchost.exe[1660] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00C8000C
.text C:\WINDOWS\system32\svchost.exe[1660] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00C80FEF
.text C:\WINDOWS\system32\svchost.exe[1660] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00C80029
.text C:\WINDOWS\system32\svchost.exe[1660] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00C7000A

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \WINDOWS\System32\Drivers\SPTD5309.SYS[ntoskrnl.exe!IoConnectInterrupt] [F75A6E06] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)
IAT \WINDOWS\System32\Drivers\SPTD5309.SYS[ntoskrnl.exe!IofCompleteRequest] [F75BBC76] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F75A6DB2] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F75BC71E] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)
IAT ftdisk.sys[ntoskrnl.exe!IoGetAttachedDeviceReference] [F75A73B2] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)
IAT ftdisk.sys[ntoskrnl.exe!IoGetDeviceObjectPointer] [F75A72B6] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)
IAT ftdisk.sys[ntoskrnl.exe!IofCallDriver] [F75A7482] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)
IAT PartMgr.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F75BC032] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)
IAT PartMgr.sys[ntoskrnl.exe!IoDetachDevice] [F75A6F6E] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)
IAT atapi.sys[ntoskrnl.exe!IofCompleteRequest] [F75BBC76] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)
IAT atapi.sys[ntoskrnl.exe!IoConnectInterrupt] [F75A6E06] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F7599A32] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F7599B6E] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F7599AF6] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F759A6CC] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F759A5A2] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)
IAT disk.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F75BC864] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)
IAT \WINDOWS\system32\DRIVERS\CLASSPNP.SYS[ntoskrnl.exe!IoDetachDevice] [F75ABF78] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)
IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!IofCompleteRequest] [F75BBC76] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F75BBC82] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)
IAT \SystemRoot\system32\DRIVERS\cdrom.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F75BC864] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)
IAT \SystemRoot\system32\DRIVERS\rdbss.sys[ntoskrnl.exe!IofCallDriver] [F7599020] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[ntoskrnl.exe!IofCallDriver] [F7599020] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 85FD4350

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys

Device \FileSystem\Fastfat \FatCdrom 85CD00E8

AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys

Device \Driver\prodrv06 \Device\ProDrv06 E1E59878
Device \Driver\Ftdisk \Device\HarddiskVolume1 85F880E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 85F880E8
Device \Driver\Cdrom \Device\CdRom0 85F885D0
Device \FileSystem\Rdbss \Device\FsWrap 85CDC988
Device \Driver\atapi \Device\Ide\IdePort0 [F74DDB40] atapi.sys[unknown section] {MOV EAX, 0x85f88b98; XCHG [ESP], EAX; PUSH EAX; PUSH 0xf75ae442; RET }
Device \Driver\atapi \Device\Ide\IdePort0 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F74DDB40] atapi.sys[unknown section] {MOV EAX, 0x85f88b98; XCHG [ESP], EAX; PUSH EAX; PUSH 0xf75ae442; RET }
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort1 [F74DDB40] atapi.sys[unknown section] {MOV EAX, 0x85f88b98; XCHG [ESP], EAX; PUSH EAX; PUSH 0xf75ae442; RET }
Device \Driver\atapi \Device\Ide\IdePort1 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e [F74DDB40] atapi.sys[unknown section] {MOV EAX, 0x85f88b98; XCHG [ESP], EAX; PUSH EAX; PUSH 0xf75ae442; RET }
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\NetBT \Device\NetBT_Tcpip_{6DFC9B56-2255-4427-A280-C3E8646B20EF} 85F88EB0
Device \Driver\NetBT \Device\NetBT_Tcpip_{5202DEE2-1569-4EA6-BE3C-20BB208D8B2F} 85F88EB0
Device \Driver\prohlp02 \Device\ProHlp02 E1A23838
Device \Driver\NetBT \Device\NetBt_Wins_Export 85F88EB0
Device \Driver\NetBT \Device\NetbiosSmb 85F88EB0

AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys

Device \Driver\Disk \Device\Harddisk0\DR0 85FD4608

AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 85B200E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 85B200E8
Device \FileSystem\Npfs \Device\NamedPipe 85F88A40
Device \Driver\Ftdisk \Device\FtControl 85F880E8
Device \FileSystem\Msfs \Device\Mailslot 85F88808
Device \Driver\NetBT \Device\NetBT_Tcpip_{43775853-67DC-470D-86F3-2BA459345925} 85F88EB0
Device \FileSystem\Fastfat \Fat 85CD00E8

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys

Device \FileSystem\Cdfs \Cdfs 85E76930

---- Threads - GMER 1.0.15 ----

Thread System [4:296] EDC59D65
Thread System [4:320] EDC59D74
Thread System [4:304] EDC59D74
Thread System [4:316] EDC59D74
Thread System [4:348] EDC59D74
Thread System [4:344] EDC59D74
Thread System [4:376] EDC59D74
Thread System [4:372] EDC59D74

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s0 -494347310
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 -450295572
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 -241382869
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xC5 0xA1 0x40 0x57 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xC5 0xA1 0x40 0x57 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xC5 0xA1 0x40 0x57 ...

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 MBR read error
Disk \Device\Harddisk0\DR0 MBR BIOS signature not found 0

---- EOF - GMER 1.0.15 ----

=============================================================================================================================================

aswMBR version 0.9.7.675 Copyright© 2011 AVAST Software
Run date: 2011-07-07 09:18:19
-----------------------------
09:18:19.031 OS Version: Windows 5.1.2600 Service Pack 3
09:18:19.031 Number of processors: 2 586 0x401
09:18:19.031 ComputerName: MXF-M930916G UserName: Owner
09:18:22.234 Initialize success
09:18:24.750 AVAST engine defs: 11070700
09:18:27.625 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
09:18:27.640 Disk 0 Vendor: IC25N060ATMR04-0 MO3OAD4A Size: 57231MB BusType: 3
09:18:27.640 Disk 0 MBR read error 0
09:18:27.640 Disk 0 MBR scan
09:18:27.718 Disk 0 unknown MBR code
09:18:27.718 MBR BIOS signature not found 0
09:18:27.734 Disk 0 scanning sectors +117194175
09:18:27.734 Disk 0 scanning C:\WINDOWS\system32\drivers
09:18:48.828 Service scanning
09:18:51.531 Disk 0 trace - called modules:
09:18:51.562 ntoskrnl.exe >>UNKNOWN [0x85f87a40]<<
09:18:51.578 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85f5d030]
09:18:51.578 \Driver\Disk[0x85f145d8] -> IRP_MJ_CREATE -> 0x85f87a40
09:18:51.828 AVAST engine scan C:\WINDOWS
09:19:15.718 AVAST engine scan C:\Documents and Settings\Owner
09:19:15.875 AVAST engine scan C:\Documents and Settings\All Users
09:19:15.890 Scan finished successfully
09:22:35.750 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"
09:22:35.750 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt"

Back to top

#2 Broni Re: [RESOLVED] Friends old Win XP Gateway laptop madbly infected

Malware Annihilator

24,883 posts
Joined: October 04, 2004
1,860 topics
Age: 57
Skin: IPBoard wide
Local time: 06:16 PM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Online

Time Online: 57d 9h 20m 43s

Posted 07 July 2011 - 11:47 PM

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running tools or applying updates other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

===========================================================================

Download TDSSKiller and save it to your desktop.

Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

Back to top

#3 ProblemsRBad Re: [RESOLVED] Friends old Win XP Gateway laptop madbly infected

Member

161 posts
Joined: June 23, 2011
15 topics
Skin: IP.Board
Local time: 08:16 PM

Zodiac:Aries
OS:Windows 7
Country:

Offline

Time Online: 3d 20h 16m 27s

Posted 08 July 2011 - 02:56 AM

I ran it twice, sorry about that.

2011/07/07 22:54:44.0843 3916 TDSS rootkit removing tool 2.5.9.0 Jul 1 2011 18:45:21
2011/07/07 22:54:46.0859 3916 ================================================================================
2011/07/07 22:54:46.0859 3916 SystemInfo:
2011/07/07 22:54:46.0859 3916
2011/07/07 22:54:46.0859 3916 OS Version: 5.1.2600 ServicePack: 3.0
2011/07/07 22:54:46.0859 3916 Product type: Workstation
2011/07/07 22:54:46.0859 3916 ComputerName: MXF-M930916G
2011/07/07 22:54:46.0859 3916 UserName: Owner
2011/07/07 22:54:46.0859 3916 Windows directory: C:\WINDOWS
2011/07/07 22:54:46.0859 3916 System windows directory: C:\WINDOWS
2011/07/07 22:54:46.0859 3916 Processor architecture: Intel x86
2011/07/07 22:54:46.0859 3916 Number of processors: 2
2011/07/07 22:54:46.0859 3916 Page size: 0x1000
2011/07/07 22:54:46.0859 3916 Boot type: Normal boot
2011/07/07 22:54:46.0859 3916 ================================================================================
2011/07/07 22:54:52.0203 3916 Initialize success
2011/07/07 22:55:05.0453 4024 ================================================================================
2011/07/07 22:55:05.0453 4024 Scan started
2011/07/07 22:55:05.0453 4024 Mode: Manual;
2011/07/07 22:55:05.0453 4024 ================================================================================
2011/07/07 22:55:07.0812 4024 Aavmker4 (dfcdd5936cad0138775d5a105d4c7716) C:\WINDOWS\system32\drivers\Aavmker4.sys
2011/07/07 22:55:07.0906 4024 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/07/07 22:55:08.0015 4024 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/07/07 22:55:08.0109 4024 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/07/07 22:55:08.0140 4024 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/07/07 22:55:08.0218 4024 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/07/07 22:55:08.0296 4024 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/07/07 22:55:08.0328 4024 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/07/07 22:55:08.0375 4024 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/07/07 22:55:08.0406 4024 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/07/07 22:55:08.0468 4024 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/07/07 22:55:08.0546 4024 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/07/07 22:55:08.0656 4024 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/07/07 22:55:08.0687 4024 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/07/07 22:55:08.0734 4024 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/07/07 22:55:08.0765 4024 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/07/07 22:55:08.0843 4024 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/07/07 22:55:09.0015 4024 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/07/07 22:55:09.0046 4024 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/07/07 22:55:09.0093 4024 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/07/07 22:55:09.0203 4024 aswFsBlk (861cb512e4e850e87dd2316f88d69330) C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011/07/07 22:55:09.0250 4024 aswMon2 (7857e0b4c817f69ff463eea2c63e56f9) C:\WINDOWS\system32\drivers\aswMon2.sys
2011/07/07 22:55:09.0296 4024 aswRdr (8db043bf96bb6d334e5b4888e709e1c7) C:\WINDOWS\system32\drivers\aswRdr.sys
2011/07/07 22:55:09.0359 4024 aswSnx (17230708a2028cd995656df455f2e303) C:\WINDOWS\system32\drivers\aswSnx.sys
2011/07/07 22:55:09.0421 4024 aswSP (dbedd9d43b00630966ef05d2d8d04cee) C:\WINDOWS\system32\drivers\aswSP.sys
2011/07/07 22:55:09.0484 4024 aswTdi (984cfce2168286c2511695c2f9621475) C:\WINDOWS\system32\drivers\aswTdi.sys
2011/07/07 22:55:09.0578 4024 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/07/07 22:55:09.0640 4024 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/07/07 22:55:09.0859 4024 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/07/07 22:55:09.0890 4024 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/07/07 22:55:10.0031 4024 BCM43XX (d87b4e14e890091d8e64fb5c570cf192) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
2011/07/07 22:55:10.0109 4024 bcm4sbxp (b60f57b4d9cdbc663cc03eb8af7ec34e) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
2011/07/07 22:55:10.0156 4024 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/07/07 22:55:10.0281 4024 CAMCAUD (631fb586a927969147d706c8e09babb3) C:\WINDOWS\system32\drivers\camcaud.sys
2011/07/07 22:55:10.0375 4024 CAMCHALA (d0331a53dcfd06d9fa33dfe1d4393c2b) C:\WINDOWS\system32\drivers\camchal.sys
2011/07/07 22:55:10.0484 4024 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/07/07 22:55:10.0562 4024 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/07/07 22:55:10.0640 4024 CBTNDIS5 (181b4a19965024a2afa01fa2102b2a2d) C:\WINDOWS\system32\CBTNDIS5.SYS
2011/07/07 22:55:10.0703 4024 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/07/07 22:55:10.0734 4024 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/07/07 22:55:10.0781 4024 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/07/07 22:55:10.0828 4024 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/07/07 22:55:10.0890 4024 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/07/07 22:55:10.0968 4024 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/07/07 22:55:11.0000 4024 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/07/07 22:55:11.0031 4024 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/07/07 22:55:11.0093 4024 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/07/07 22:55:11.0156 4024 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/07/07 22:55:11.0187 4024 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/07/07 22:55:11.0234 4024 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/07/07 22:55:11.0328 4024 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/07/07 22:55:11.0437 4024 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/07/07 22:55:11.0546 4024 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/07/07 22:55:11.0640 4024 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/07/07 22:55:11.0703 4024 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/07/07 22:55:11.0734 4024 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/07/07 22:55:11.0812 4024 dtscsi (12aca694b50ea53563c1e7c99e7bb27d) C:\WINDOWS\System32\Drivers\dtscsi.sys
2011/07/07 22:55:11.0875 4024 Eacfilt (ef61caabcbc8f7992accec153b9bbf41) C:\WINDOWS\system32\DRIVERS\eacfilt.sys
2011/07/07 22:55:11.0968 4024 EMCFILT (3fb7b6b029db71435101adce5f5e09fc) C:\WINDOWS\System32\Drivers\EMcFilt.sys
2011/07/07 22:55:12.0078 4024 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/07/07 22:55:12.0140 4024 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/07/07 22:55:12.0187 4024 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/07/07 22:55:12.0265 4024 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/07/07 22:55:12.0406 4024 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/07/07 22:55:12.0531 4024 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/07/07 22:55:12.0562 4024 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/07/07 22:55:12.0625 4024 GEARAspiWDM (df6e37b27a9a1a498c6d9f29995b7a03) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/07/07 22:55:12.0687 4024 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/07/07 22:55:12.0781 4024 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/07/07 22:55:12.0812 4024 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/07/07 22:55:12.0890 4024 HSFHWICH (2d9f10d6e7baa20c4526ce6a16444581) C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
2011/07/07 22:55:12.0984 4024 HSF_DP (2d566a7f0b4c54b417ac637cb608444b) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
2011/07/07 22:55:13.0093 4024 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/07/07 22:55:13.0359 4024 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/07/07 22:55:13.0406 4024 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/07/07 22:55:13.0437 4024 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/07/07 22:55:13.0531 4024 ialm (50d909fdaf6df35b04c6b6a4bcb6d675) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/07/07 22:55:13.0562 4024 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/07/07 22:55:13.0625 4024 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/07/07 22:55:13.0671 4024 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/07/07 22:55:13.0734 4024 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/07/07 22:55:13.0781 4024 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/07/07 22:55:13.0843 4024 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/07/07 22:55:13.0890 4024 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/07/07 22:55:13.0953 4024 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/07/07 22:55:14.0000 4024 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/07/07 22:55:14.0078 4024 IPSECEXT (a663ff4cbe396f919cf1746ccb12481a) C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys
2011/07/07 22:55:14.0109 4024 IPSECSHM (a663ff4cbe396f919cf1746ccb12481a) C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys
2011/07/07 22:55:14.0156 4024 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/07/07 22:55:14.0375 4024 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/07/07 22:55:14.0437 4024 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/07/07 22:55:14.0484 4024 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/07/07 22:55:14.0562 4024 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/07/07 22:55:14.0718 4024 MBAMProtector (3d2c13377763eeac0ca6fb46f57217ed) C:\WINDOWS\system32\drivers\mbam.sys
2011/07/07 22:55:14.0781 4024 MBAMSwissArmy (b309912717c29fc67e1ba4730a82b6dd) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011/07/07 22:55:14.0859 4024 MDC8021X (d7010580bf4e45d5e793a1fe75758c69) C:\WINDOWS\system32\DRIVERS\mdc8021x.sys
2011/07/07 22:55:14.0937 4024 mdmxsdk (b72d7ea394d5f1c5053368783ad7f7ed) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/07/07 22:55:15.0031 4024 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/07/07 22:55:15.0078 4024 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/07/07 22:55:15.0125 4024 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/07/07 22:55:15.0218 4024 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/07/07 22:55:15.0265 4024 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/07/07 22:55:15.0328 4024 MR97310_VGA_DUAL_CAMERA (756631e54f818773653a7afcfa332d0e) C:\WINDOWS\system32\DRIVERS\mr97310v.sys
2011/07/07 22:55:15.0468 4024 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/07/07 22:55:15.0562 4024 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/07/07 22:55:15.0625 4024 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/07/07 22:55:15.0984 4024 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/07/07 22:55:16.0093 4024 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/07/07 22:55:16.0140 4024 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/07/07 22:55:16.0187 4024 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/07/07 22:55:16.0250 4024 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/07/07 22:55:16.0296 4024 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/07/07 22:55:16.0328 4024 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/07/07 22:55:16.0375 4024 mxnic (e1cdf20697d992cf83ff86dd04df1285) C:\WINDOWS\system32\DRIVERS\mxnic.sys
2011/07/07 22:55:16.0437 4024 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/07/07 22:55:17.0562 4024 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/07/07 22:55:17.0625 4024 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/07/07 22:55:17.0687 4024 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/07/07 22:55:17.0718 4024 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/07/07 22:55:17.0781 4024 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/07/07 22:55:17.0828 4024 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/07/07 22:55:17.0859 4024 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/07/07 22:55:17.0921 4024 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/07/07 22:55:18.0015 4024 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/07/07 22:55:18.0046 4024 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/07/07 22:55:18.0109 4024 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/07/07 22:55:18.0171 4024 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/07/07 22:55:18.0328 4024 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/07/07 22:55:18.0562 4024 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/07/07 22:55:18.0640 4024 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/07/07 22:55:18.0734 4024 odysseyIM3 (dd03bdd1459d1966ee640f63221c175a) C:\WINDOWS\system32\DRIVERS\odysseyIM3.sys
2011/07/07 22:55:18.0796 4024 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/07/07 22:55:18.0875 4024 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys
2011/07/07 22:55:18.0953 4024 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/07/07 22:55:19.0015 4024 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/07/07 22:55:19.0062 4024 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/07/07 22:55:19.0109 4024 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/07/07 22:55:19.0187 4024 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/07/07 22:55:19.0234 4024 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2011/07/07 22:55:19.0406 4024 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/07/07 22:55:19.0437 4024 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/07/07 22:55:19.0546 4024 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/07/07 22:55:19.0640 4024 prodrv06 (5ac2dcbbceb5534bfcd88c2670993f3c) C:\WINDOWS\System32\drivers\prodrv06.sys
2011/07/07 22:55:19.0796 4024 prohlp02 (7a78181cc947cdaa0902e113cfd01e93) C:\WINDOWS\system32\drivers\prohlp02.sys
2011/07/07 22:55:19.0828 4024 prosync1 (f3471e7971ee62420451d958da635064) C:\WINDOWS\system32\drivers\prosync1.sys
2011/07/07 22:55:19.0875 4024 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/07/07 22:55:19.0921 4024 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/07/07 22:55:19.0968 4024 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/07/07 22:55:20.0000 4024 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/07/07 22:55:20.0031 4024 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/07/07 22:55:20.0062 4024 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/07/07 22:55:20.0093 4024 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/07/07 22:55:20.0125 4024 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/07/07 22:55:20.0187 4024 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/07/07 22:55:20.0265 4024 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/07/07 22:55:20.0312 4024 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/07/07 22:55:20.0343 4024 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/07/07 22:55:20.0390 4024 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/07/07 22:55:20.0437 4024 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/07/07 22:55:20.0500 4024 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/07/07 22:55:20.0578 4024 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/07/07 22:55:20.0765 4024 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/07/07 22:55:20.0843 4024 RimUsb (f17713d108aca124a139fde877eef68a) C:\WINDOWS\system32\Drivers\RimUsb.sys
2011/07/07 22:55:20.0890 4024 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
2011/07/07 22:55:20.0921 4024 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2011/07/07 22:55:21.0093 4024 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/07/07 22:55:21.0171 4024 Ser2pl (b490ad520257dda26c1d587a71e527b5) C:\WINDOWS\system32\DRIVERS\ser2pl.sys
2011/07/07 22:55:21.0265 4024 ser2plms (227df2e68510d25462ee80136722374e) C:\WINDOWS\system32\DRIVERS\ser2plms.sys
2011/07/07 22:55:21.0328 4024 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/07/07 22:55:21.0359 4024 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/07/07 22:55:21.0468 4024 sfhlp01 (91f99f3e331e24c438819a38a1ad049c) C:\WINDOWS\system32\drivers\sfhlp01.sys
2011/07/07 22:55:21.0515 4024 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
2011/07/07 22:55:21.0609 4024 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/07/07 22:55:21.0781 4024 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/07/07 22:55:21.0843 4024 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
2011/07/07 22:55:21.0890 4024 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/07/07 22:55:21.0953 4024 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/07/07 22:55:22.0109 4024 sptd (6bcb26c019f1907a28bb6ca9aed7935c) C:\WINDOWS\system32\Drivers\sptd.sys
2011/07/07 22:55:22.0109 4024 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 6bcb26c019f1907a28bb6ca9aed7935c
2011/07/07 22:55:22.0125 4024 sptd - detected LockedFile.Multi.Generic (1)
2011/07/07 22:55:22.0187 4024 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/07/07 22:55:22.0250 4024 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/07/07 22:55:22.0343 4024 StreamDispatcher (3e5aa17e13fba9969d17b5455bde8efd) C:\WINDOWS\system32\DRIVERS\strmdisp.sys
2011/07/07 22:55:22.0390 4024 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/07/07 22:55:22.0421 4024 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/07/07 22:55:22.0484 4024 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/07/07 22:55:22.0546 4024 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/07/07 22:55:22.0593 4024 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/07/07 22:55:22.0656 4024 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/07/07 22:55:22.0703 4024 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/07/07 22:55:22.0765 4024 SynTP (b6396adc5b0aa50e20e7a7169843af59) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2011/07/07 22:55:22.0937 4024 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/07/07 22:55:23.0062 4024 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/07/07 22:55:23.0109 4024 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/07/07 22:55:23.0156 4024 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/07/07 22:55:23.0187 4024 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/07/07 22:55:23.0296 4024 TNET1130x (146bee1419a7d61660e234be2f09d04e) C:\WINDOWS\system32\DRIVERS\tnet1130x.sys
2011/07/07 22:55:23.0343 4024 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/07/07 22:55:23.0437 4024 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/07/07 22:55:23.0531 4024 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/07/07 22:55:23.0796 4024 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/07/07 22:55:23.0890 4024 USBAAPL (026f7f224f088ee11e383bca448fff81) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/07/07 22:55:23.0968 4024 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/07/07 22:55:24.0015 4024 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/07/07 22:55:24.0078 4024 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/07/07 22:55:24.0109 4024 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/07/07 22:55:24.0171 4024 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/07/07 22:55:24.0203 4024 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/07/07 22:55:24.0250 4024 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/07/07 22:55:24.0296 4024 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/07/07 22:55:24.0343 4024 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/07/07 22:55:24.0421 4024 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/07/07 22:55:24.0531 4024 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/07/07 22:55:24.0656 4024 winachsf (88a5f20c6c221e50f01c00d8235db8c4) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/07/07 22:55:24.0953 4024 WpdUsb (1385e5aa9c9821790d33a9563b8d2dd0) C:\WINDOWS\system32\Drivers\wpdusb.sys
2011/07/07 22:55:25.0031 4024 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/07/07 22:55:25.0171 4024 {6080A529-897E-4629-A488-ABA0C29B635E} (1a301c3c65a3d119803fbac5ab65897f) C:\WINDOWS\system32\drivers\ialmsbw.sys
2011/07/07 22:55:25.0250 4024 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (4afee4b1625d5146b16526e48953d7a6) C:\WINDOWS\system32\drivers\ialmkchw.sys
2011/07/07 22:55:25.0312 4024 MBR (0x1B8) (b20939cd98b7710036274839082ae757) \Device\Harddisk0\DR0
2011/07/07 22:55:25.0359 4024 Boot (0x1200) (41d6326bf94eaaed94effae05d6d1b93) \Device\Harddisk0\DR0\Partition0
2011/07/07 22:55:25.0375 4024 Boot (0x1200) (984b59886d08215ce0fa9a4ceef7782b) \Device\Harddisk0\DR0\Partition1
2011/07/07 22:55:25.0390 4024 ================================================================================
2011/07/07 22:55:25.0390 4024 Scan finished
2011/07/07 22:55:25.0390 4024 ================================================================================
2011/07/07 22:55:25.0421 2160 Detected object count: 1
2011/07/07 22:55:25.0421 2160 Actual detected object count: 1
2011/07/07 22:55:44.0718 2160 LockedFile.Multi.Generic(sptd) - User select action: Skip
2011/07/07 22:55:54.0812 3992 ================================================================================
2011/07/07 22:55:54.0812 3992 Scan started
2011/07/07 22:55:54.0812 3992 Mode: Manual;
2011/07/07 22:55:54.0812 3992 ================================================================================
2011/07/07 22:55:55.0125 3992 Aavmker4 (dfcdd5936cad0138775d5a105d4c7716) C:\WINDOWS\system32\drivers\Aavmker4.sys
2011/07/07 22:55:55.0218 3992 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/07/07 22:55:55.0281 3992 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/07/07 22:55:55.0328 3992 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/07/07 22:55:55.0359 3992 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/07/07 22:55:55.0421 3992 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/07/07 22:55:55.0625 3992 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/07/07 22:55:55.0687 3992 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/07/07 22:55:55.0718 3992 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/07/07 22:55:55.0765 3992 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/07/07 22:55:55.0812 3992 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/07/07 22:55:55.0875 3992 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/07/07 22:55:55.0921 3992 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/07/07 22:55:55.0953 3992 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/07/07 22:55:55.0984 3992 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/07/07 22:55:56.0015 3992 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/07/07 22:55:56.0078 3992 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/07/07 22:55:56.0109 3992 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/07/07 22:55:56.0140 3992 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/07/07 22:55:56.0171 3992 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/07/07 22:55:56.0265 3992 aswFsBlk (861cb512e4e850e87dd2316f88d69330) C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011/07/07 22:55:56.0312 3992 aswMon2 (7857e0b4c817f69ff463eea2c63e56f9) C:\WINDOWS\system32\drivers\aswMon2.sys
2011/07/07 22:55:56.0359 3992 aswRdr (8db043bf96bb6d334e5b4888e709e1c7) C:\WINDOWS\system32\drivers\aswRdr.sys
2011/07/07 22:55:56.0421 3992 aswSnx (17230708a2028cd995656df455f2e303) C:\WINDOWS\system32\drivers\aswSnx.sys
2011/07/07 22:55:56.0468 3992 aswSP (dbedd9d43b00630966ef05d2d8d04cee) C:\WINDOWS\system32\drivers\aswSP.sys
2011/07/07 22:55:56.0531 3992 aswTdi (984cfce2168286c2511695c2f9621475) C:\WINDOWS\system32\drivers\aswTdi.sys
2011/07/07 22:55:56.0593 3992 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/07/07 22:55:56.0750 3992 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/07/07 22:55:56.0828 3992 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/07/07 22:55:56.0859 3992 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/07/07 22:55:56.0984 3992 BCM43XX (d87b4e14e890091d8e64fb5c570cf192) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
2011/07/07 22:55:57.0078 3992 bcm4sbxp (b60f57b4d9cdbc663cc03eb8af7ec34e) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
2011/07/07 22:55:57.0109 3992 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/07/07 22:55:57.0250 3992 CAMCAUD (631fb586a927969147d706c8e09babb3) C:\WINDOWS\system32\drivers\camcaud.sys
2011/07/07 22:55:57.0296 3992 CAMCHALA (d0331a53dcfd06d9fa33dfe1d4393c2b) C:\WINDOWS\system32\drivers\camchal.sys
2011/07/07 22:55:57.0328 3992 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/07/07 22:55:57.0359 3992 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/07/07 22:55:57.0421 3992 CBTNDIS5 (181b4a19965024a2afa01fa2102b2a2d) C:\WINDOWS\system32\CBTNDIS5.SYS
2011/07/07 22:55:57.0468 3992 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/07/07 22:55:57.0609 3992 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/07/07 22:55:57.0640 3992 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/07/07 22:55:57.0671 3992 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/07/07 22:55:57.0734 3992 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/07/07 22:55:57.0796 3992 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/07/07 22:55:57.0828 3992 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/07/07 22:55:57.0859 3992 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/07/07 22:55:57.0921 3992 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/07/07 22:55:57.0984 3992 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/07/07 22:55:58.0015 3992 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/07/07 22:55:58.0078 3992 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/07/07 22:55:58.0171 3992 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/07/07 22:55:58.0234 3992 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/07/07 22:55:58.0281 3992 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/07/07 22:55:58.0343 3992 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/07/07 22:55:58.0390 3992 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/07/07 22:55:58.0437 3992 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/07/07 22:55:58.0515 3992 dtscsi (12aca694b50ea53563c1e7c99e7bb27d) C:\WINDOWS\System32\Drivers\dtscsi.sys
2011/07/07 22:55:58.0578 3992 Eacfilt (ef61caabcbc8f7992accec153b9bbf41) C:\WINDOWS\system32\DRIVERS\eacfilt.sys
2011/07/07 22:55:58.0687 3992 EMCFILT (3fb7b6b029db71435101adce5f5e09fc) C:\WINDOWS\System32\Drivers\EMcFilt.sys
2011/07/07 22:55:58.0921 3992 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/07/07 22:55:58.0968 3992 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/07/07 22:55:59.0031 3992 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/07/07 22:55:59.0078 3992 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/07/07 22:55:59.0140 3992 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/07/07 22:55:59.0218 3992 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/07/07 22:55:59.0250 3992 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/07/07 22:55:59.0296 3992 GEARAspiWDM (df6e37b27a9a1a498c6d9f29995b7a03) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/07/07 22:55:59.0359 3992 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/07/07 22:55:59.0437 3992 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/07/07 22:55:59.0484 3992 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/07/07 22:55:59.0562 3992 HSFHWICH (2d9f10d6e7baa20c4526ce6a16444581) C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
2011/07/07 22:55:59.0656 3992 HSF_DP (2d566a7f0b4c54b417ac637cb608444b) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
2011/07/07 22:55:59.0859 3992 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/07/07 22:55:59.0906 3992 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/07/07 22:55:59.0953 3992 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/07/07 22:56:00.0000 3992 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/07/07 22:56:00.0078 3992 ialm (50d909fdaf6df35b04c6b6a4bcb6d675) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/07/07 22:56:00.0125 3992 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/07/07 22:56:00.0203 3992 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/07/07 22:56:00.0265 3992 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/07/07 22:56:00.0343 3992 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/07/07 22:56:00.0390 3992 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/07/07 22:56:00.0421 3992 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/07/07 22:56:00.0453 3992 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/07/07 22:56:00.0515 3992 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/07/07 22:56:00.0562 3992 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/07/07 22:56:00.0640 3992 IPSECEXT (a663ff4cbe396f919cf1746ccb12481a) C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys
2011/07/07 22:56:00.0671 3992 IPSECSHM (a663ff4cbe396f919cf1746ccb12481a) C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys
2011/07/07 22:56:00.0734 3992 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/07/07 22:56:00.0890 3992 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/07/07 22:56:00.0937 3992 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/07/07 22:56:01.0000 3992 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/07/07 22:56:01.0046 3992 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/07/07 22:56:01.0250 3992 MBAMProtector (3d2c13377763eeac0ca6fb46f57217ed) C:\WINDOWS\system32\drivers\mbam.sys
2011/07/07 22:56:01.0312 3992 MBAMSwissArmy (b309912717c29fc67e1ba4730a82b6dd) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011/07/07 22:56:01.0390 3992 MDC8021X (d7010580bf4e45d5e793a1fe75758c69) C:\WINDOWS\system32\DRIVERS\mdc8021x.sys
2011/07/07 22:56:01.0468 3992 mdmxsdk (b72d7ea394d5f1c5053368783ad7f7ed) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/07/07 22:56:01.0578 3992 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/07/07 22:56:01.0625 3992 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/07/07 22:56:01.0656 3992 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/07/07 22:56:01.0734 3992 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/07/07 22:56:01.0796 3992 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/07/07 22:56:01.0859 3992 MR97310_VGA_DUAL_CAMERA (756631e54f818773653a7afcfa332d0e) C:\WINDOWS\system32\DRIVERS\mr97310v.sys
2011/07/07 22:56:02.0015 3992 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/07/07 22:56:02.0062 3992 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/07/07 22:56:02.0156 3992 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/07/07 22:56:02.0203 3992 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/07/07 22:56:02.0250 3992 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/07/07 22:56:02.0296 3992 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/07/07 22:56:02.0343 3992 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/07/07 22:56:02.0406 3992 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/07/07 22:56:02.0453 3992 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/07/07 22:56:02.0500 3992 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/07/07 22:56:02.0562 3992 mxnic (e1cdf20697d992cf83ff86dd04df1285) C:\WINDOWS\system32\DRIVERS\mxnic.sys
2011/07/07 22:56:02.0625 3992 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/07/07 22:56:03.0890 3992 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/07/07 22:56:03.0953 3992 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/07/07 22:56:04.0000 3992 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/07/07 22:56:04.0046 3992 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/07/07 22:56:04.0109 3992 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/07/07 22:56:04.0140 3992 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/07/07 22:56:04.0218 3992 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/07/07 22:56:04.0265 3992 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/07/07 22:56:04.0328 3992 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/07/07 22:56:04.0375 3992 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/07/07 22:56:04.0453 3992 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/07/07 22:56:04.0515 3992 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/07/07 22:56:04.0640 3992 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/07/07 22:56:04.0828 3992 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/07/07 22:56:04.0875 3992 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/07/07 22:56:04.0953 3992 odysseyIM3 (dd03bdd1459d1966ee640f63221c175a) C:\WINDOWS\system32\DRIVERS\odysseyIM3.sys
2011/07/07 22:56:05.0015 3992 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/07/07 22:56:05.0093 3992 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys
2011/07/07 22:56:05.0156 3992 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/07/07 22:56:05.0203 3992 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/07/07 22:56:05.0343 3992 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/07/07 22:56:05.0390 3992 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/07/07 22:56:05.0500 3992 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/07/07 22:56:05.0546 3992 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2011/07/07 22:56:05.0734 3992 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/07/07 22:56:05.0765 3992 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/07/07 22:56:05.0875 3992 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/07/07 22:56:06.0109 3992 prodrv06 (5ac2dcbbceb5534bfcd88c2670993f3c) C:\WINDOWS\System32\drivers\prodrv06.sys
2011/07/07 22:56:06.0140 3992 prohlp02 (7a78181cc947cdaa0902e113cfd01e93) C:\WINDOWS\system32\drivers\prohlp02.sys
2011/07/07 22:56:06.0171 3992 prosync1 (f3471e7971ee62420451d958da635064) C:\WINDOWS\system32\drivers\prosync1.sys
2011/07/07 22:56:06.0218 3992 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/07/07 22:56:06.0265 3992 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/07/07 22:56:06.0312 3992 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/07/07 22:56:06.0343 3992 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/07/07 22:56:06.0390 3992 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/07/07 22:56:06.0437 3992 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/07/07 22:56:06.0484 3992 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/07/07 22:56:06.0531 3992 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/07/07 22:56:06.0593 3992 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/07/07 22:56:06.0671 3992 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/07/07 22:56:06.0734 3992 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/07/07 22:56:06.0750 3992 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/07/07 22:56:06.0812 3992 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/07/07 22:56:06.0859 3992 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/07/07 22:56:06.0921 3992 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/07/07 22:56:06.0984 3992 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/07/07 22:56:07.0062 3992 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/07/07 22:56:07.0140 3992 RimUsb (f17713d108aca124a139fde877eef68a) C:\WINDOWS\system32\Drivers\RimUsb.sys
2011/07/07 22:56:07.0187 3992 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
2011/07/07 22:56:07.0375 3992 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2011/07/07 22:56:07.0562 3992 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/07/07 22:56:07.0671 3992 Ser2pl (b490ad520257dda26c1d587a71e527b5) C:\WINDOWS\system32\DRIVERS\ser2pl.sys
2011/07/07 22:56:07.0750 3992 ser2plms (227df2e68510d25462ee80136722374e) C:\WINDOWS\system32\DRIVERS\ser2plms.sys
2011/07/07 22:56:07.0812 3992 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/07/07 22:56:07.0890 3992 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/07/07 22:56:07.0968 3992 sfhlp01 (91f99f3e331e24c438819a38a1ad049c) C:\WINDOWS\system32\drivers\sfhlp01.sys
2011/07/07 22:56:08.0015 3992 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
2011/07/07 22:56:08.0125 3992 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/07/07 22:56:08.0187 3992 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/07/07 22:56:08.0250 3992 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
2011/07/07 22:56:08.0296 3992 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/07/07 22:56:08.0328 3992 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/07/07 22:56:08.0453 3992 sptd (6bcb26c019f1907a28bb6ca9aed7935c) C:\WINDOWS\system32\Drivers\sptd.sys
2011/07/07 22:56:08.0453 3992 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 6bcb26c019f1907a28bb6ca9aed7935c
2011/07/07 22:56:08.0468 3992 sptd - detected LockedFile.Multi.Generic (1)
2011/07/07 22:56:08.0687 3992 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/07/07 22:56:08.0781 3992 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/07/07 22:56:08.0875 3992 StreamDispatcher (3e5aa17e13fba9969d17b5455bde8efd) C:\WINDOWS\system32\DRIVERS\strmdisp.sys
2011/07/07 22:56:08.0937 3992 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/07/07 22:56:08.0968 3992 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/07/07 22:56:09.0046 3992 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/07/07 22:56:09.0109 3992 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/07/07 22:56:09.0156 3992 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/07/07 22:56:09.0187 3992 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/07/07 22:56:09.0234 3992 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/07/07 22:56:09.0312 3992 SynTP (b6396adc5b0aa50e20e7a7169843af59) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2011/07/07 22:56:09.0359 3992 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/07/07 22:56:09.0484 3992 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/07/07 22:56:09.0531 3992 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/07/07 22:56:09.0593 3992 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/07/07 22:56:09.0609 3992 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/07/07 22:56:09.0718 3992 TNET1130x (146bee1419a7d61660e234be2f09d04e) C:\WINDOWS\system32\DRIVERS\tnet1130x.sys
2011/07/07 22:56:09.0906 3992 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/07/07 22:56:10.0000 3992 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/07/07 22:56:10.0031 3992 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/07/07 22:56:10.0156 3992 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/07/07 22:56:10.0250 3992 USBAAPL (026f7f224f088ee11e383bca448fff81) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/07/07 22:56:10.0312 3992 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/07/07 22:56:10.0359 3992 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/07/07 22:56:10.0437 3992 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/07/07 22:56:10.0468 3992 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/07/07 22:56:10.0531 3992 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/07/07 22:56:10.0578 3992 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/07/07 22:56:10.0609 3992 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/07/07 22:56:10.0656 3992 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/07/07 22:56:10.0687 3992 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/07/07 22:56:10.0781 3992 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/07/07 22:56:10.0875 3992 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/07/07 22:56:11.0171 3992 winachsf (88a5f20c6c221e50f01c00d8235db8c4) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/07/07 22:56:11.0359 3992 WpdUsb (1385e5aa9c9821790d33a9563b8d2dd0) C:\WINDOWS\system32\Drivers\wpdusb.sys
2011/07/07 22:56:11.0421 3992 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/07/07 22:56:11.0578 3992 {6080A529-897E-4629-A488-ABA0C29B635E} (1a301c3c65a3d119803fbac5ab65897f) C:\WINDOWS\system32\drivers\ialmsbw.sys
2011/07/07 22:56:11.0625 3992 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (4afee4b1625d5146b16526e48953d7a6) C:\WINDOWS\system32\drivers\ialmkchw.sys
2011/07/07 22:56:11.0671 3992 MBR (0x1B8) (b20939cd98b7710036274839082ae757) \Device\Harddisk0\DR0
2011/07/07 22:56:11.0703 3992 Boot (0x1200) (41d6326bf94eaaed94effae05d6d1b93) \Device\Harddisk0\DR0\Partition0
2011/07/07 22:56:11.0734 3992 Boot (0x1200) (984b59886d08215ce0fa9a4ceef7782b) \Device\Harddisk0\DR0\Partition1
2011/07/07 22:56:11.0750 3992 ================================================================================
2011/07/07 22:56:11.0750 3992 Scan finished
2011/07/07 22:56:11.0750 3992 ================================================================================
2011/07/07 22:56:11.0781 4000 Detected object count: 1
2011/07/07 22:56:11.0781 4000 Actual detected object count: 1
2011/07/07 22:56:17.0203 4000 LockedFile.Multi.Generic(sptd) - User select action: Skip

Back to top

#4 Broni Re: [RESOLVED] Friends old Win XP Gateway laptop madbly infected

Malware Annihilator

24,883 posts
Joined: October 04, 2004
1,860 topics
Age: 57
Skin: IPBoard wide
Local time: 06:16 PM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Online

Time Online: 57d 9h 20m 43s

Posted 08 July 2011 - 03:07 AM

That looks clean.

Please download Rootkit Unhooker from one of the following links and save it to your desktop.

Link 1 (.exe file)

Link 2 (zipped file)

Link 3 (.rar file)

In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can download, install and use the free 7-zip utility.

Double-click on RKUnhookerLE.exe to start the program.
Vista/Windows 7 users right-click and select Run As Administrator.
Click the Report tab, then click Scan.
Check Drivers, Stealth, and uncheck the rest.
Click OK.
Wait until it's finished and then go to File > Save Report.
Save the report to your Desktop.
Copy and paste the contents of the report into your next reply.

-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".

Back to top

#5 ProblemsRBad Re: [RESOLVED] Friends old Win XP Gateway laptop madbly infected

Member

161 posts
Joined: June 23, 2011
15 topics
Skin: IP.Board
Local time: 08:16 PM

Zodiac:Aries
OS:Windows 7
Country:

Offline

Time Online: 3d 20h 16m 27s

Posted 08 July 2011 - 03:23 AM

RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>Drivers
==============================================
0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2260992 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2260992 bytes
0x804D7000 RAW 2260992 bytes
0x804D7000 WMIxWDM 2260992 bytes
0xBF800000 Win32k 1855488 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xF5F9D000 C:\WINDOWS\system32\DRIVERS\HSF_DP.sys 1110016 bytes (Conexant Systems, Inc., HSF_DP driver)
0xF7598000 00000085 851968 bytes
0xF7598000 sptd.sys 851968 bytes
0xF5F04000 C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 626688 bytes (Conexant Systems, Inc., WinACHSF driver)
0xF73B9000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xBF073000 C:\WINDOWS\System32\ialmdd5.DLL 503808 bytes (Intel Corporation, DirectDraw® Driver for Intel® Graphics Technology)
0xED9BD000 C:\WINDOWS\System32\Drivers\aswSnx.SYS 458752 bytes (AVAST Software, avast! Virtualization Driver)
0xEDA9F000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xF5DF4000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xEDB84000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xED2CD000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xF61D3000 C:\WINDOWS\system32\DRIVERS\bcmwl5.sys 344064 bytes (Broadcom Corporation, BCM 802.11g Network Adapter wireless driver)
0xEDA55000 C:\WINDOWS\System32\Drivers\aswSP.SYS 303104 bytes (AVAST Software, avast! self protection module)
0xF60F9000 C:\WINDOWS\system32\drivers\camcaud.sys 294912 bytes (Conexant Systems Inc., Conexant WDM AC97 Audio Driver)
0xF6141000 C:\WINDOWS\system32\drivers\camchal.sys 274432 bytes (Conexant Systems Inc., Conexant AmcHal Driver)
0xECF59000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xBF042000 C:\WINDOWS\System32\ialmdev5.DLL 200704 bytes (Intel Corporation, Component GHAL Driver)
0xF7552000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xED415000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF738C000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xF748F000 dac2w2k.sys 180224 bytes (Mylex Corporation, Mylex Disk Array Controller Driver)
0xF61A7000 C:\WINDOWS\system32\DRIVERS\SynTP.sys 180224 bytes (Synaptics, Inc., Synaptics Touchpad Driver)
0xEDB0F000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xF60AC000 C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys 167936 bytes (Conexant Systems, Inc., HSFHWICH WDM driver)
0xEDB5C000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xF5E52000 C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys 151552 bytes (Nortel Networks NA, Inc., Contivity VPN Client Adapter)
0xED971000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xF60D5000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF6227000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF6184000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xEDB3A000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xBF020000 C:\WINDOWS\System32\ialmdnt5.dll 139264 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0x806FF000 ACPI_HAL 134400 bytes
0x806FF000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF746F000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF7504000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xEDD00000 C:\WINDOWS\system32\drivers\ialmsbw.sys 122880 bytes (Intel Corporation, Intel Graphics Platform (SoftBIOS) Driver for Windows 2000® & Windows XP™)
0xF7523000 pcmcia.sys 122880 bytes (Microsoft Corporation, PCMCIA Bus Driver)
0xF7372000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF74BB000 adpu160m.sys 102400 bytes (Microsoft Corporation, Adaptec Ultra160 SCSI miniport)
0xF74D4000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xED959000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xEDD1E000 C:\WINDOWS\system32\drivers\ialmkchw.sys 98304 bytes (Intel Corporation, Intel Graphics Chipset (KCH) Driver for Windows 2000® & Windows XP™)
0xF74EC000 C:\WINDOWS\system32\DRIVERS\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
0xF7580000 C:\WINDOWS\System32\Drivers\SPTD5309.SYS 98304 bytes
0xED69A000 C:\WINDOWS\System32\Drivers\aswMon2.SYS 94208 bytes (AVAST Software, avast! File System Filter Driver for Windows XP)
0xF625F000 C:\WINDOWS\system32\DRIVERS\ialmnt5.sys 94208 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0xF7446000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF5E88000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xED290000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF624B000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xEDBDD000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF745D000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF7541000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF5E77000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xED1CD000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF7849000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF7819000 C:\WINDOWS\system32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)
0xF7799000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xF7789000 prohlp02.sys 65536 bytes (Protection Technology, StarForce Protection Helper Driver)
0xF72F2000 C:\WINDOWS\system32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)
0xF7869000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF78B9000 C:\WINDOWS\system32\DRIVERS\odysseyIM3.sys 61440 bytes (Funk Software, Inc., Odyssey Intermediate Driver)
0xF7859000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xED67A000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF78F9000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF77A9000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xF76E9000 aic78u2.sys 57344 bytes (Microsoft Corporation, Adaptec Ultra2 SCSI miniport)
0xF76B9000 aic78xx.sys 57344 bytes (Microsoft Corporation, Adaptec Ultra SCSI miniport)
0xBF012000 C:\WINDOWS\System32\ialmrnt5.dll 57344 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0xF7749000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF6B67000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF7322000 C:\WINDOWS\System32\drivers\prodrv06.sys 53248 bytes (Protection Technology, StarForce Protection Environment Driver)
0xF7879000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF76A9000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF7729000 ql12160.sys 49152 bytes (QLogic Corporation, Miniport Driver for QLogic ISP PCI Adapters)
0xF7719000 ql1280.sys 49152 bytes (QLogic Corporation, Miniport Driver for QLogic ISP PCI Adapters)
0xF7899000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF77B9000 agp440.sys 45056 bytes (Microsoft Corporation, 440 NT AGP Filter)
0xF77E9000 agpCPQ.sys 45056 bytes (Microsoft Corporation, CompatNT AGP Filter)
0xF77C9000 alim1541.sys 45056 bytes (Microsoft Corporation, ALi M1541 NT AGP Filter)
0xF77D9000 amdagp.sys 45056 bytes (Advanced Micro Devices, Inc., AMD Win2000 AGP Filter)
0xF6B77000 C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys 45056 bytes (Broadcom Corporation, Broadcom Corporation NDIS 5.1 ethernet driver)
0xF7312000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF7839000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF7699000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF7889000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF7779000 viaagp.sys 45056 bytes (Microsoft Corporation, VIA NT AGP Filter)
0xF7689000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF78D9000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF7709000 ql1080.sys 40960 bytes (QLogic Corporation, Miniport Driver for QLogic ISP PCI Adapters)
0xF76D9000 ql1240.sys 40960 bytes (Microsoft Corporation, QLogic ISP PCI Adapters)
0xED36D000 C:\WINDOWS\system32\DRIVERS\secdrv.sys 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0xF7769000 sisagp.sys 40960 bytes (Silicon Integrated Systems Corporation, SiS NT AGP Filter)
0xF78C9000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF7362000 C:\WINDOWS\System32\Drivers\aswTdi.SYS 36864 bytes (AVAST Software, avast! TDI Filter Driver)
0xED929000 C:\WINDOWS\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0xF7739000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xED14A000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xF6B87000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xED5FA000 C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 36864 bytes (Microsoft Corporation, IP FILTER DRIVER)
0xF78A9000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF7352000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xF7759000 PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xF76C9000 ql10wnt.sys 36864 bytes (Microsoft Corporation, Miniport Driver for QLogic ISP PCI Adapters)
0xF76F9000 ultra.sys 36864 bytes (Promise Technology, Inc., Promise Ultra66 Miniport Driver)
0xF7302000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF79A1000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xF79E9000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF7A59000 C:\WINDOWS\system32\DRIVERS\strmdisp.sys 32768 bytes (Conexant Systems, Inc., Conexant Stream Dispatcher)
0xF7939000 symc8xx.sys 32768 bytes (LSI Logic, Symbios 8XX SCSI Miniport Driver)
0xF7949000 sym_u3.sys 32768 bytes (LSI Logic, Symbios Ultra3 SCSI Miniport Driver)
0xF7A89000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF7921000 asc.sys 28672 bytes (Advanced System Products, Inc., AdvanSys SCSI Controller Driver)
0xF79C1000 C:\WINDOWS\system32\DRIVERS\eacfilt.sys 28672 bytes (Nortel Networks, NDIS Filter Intermediate Driver)
0xF7A29000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xF7971000 hpn.sys 28672 bytes (Microsoft Corporation, NetRAID-4M Miniport Driver)
0xF7909000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF7969000 perc2.sys 28672 bytes (Microsoft Corporation, PERC 2 Miniport Driver)
0xF79C9000 C:\WINDOWS\system32\DRIVERS\RimSerial.sys 28672 bytes (Research in Motion Ltd, RIM Virtual Serial Driver)
0xF7941000 sym_hi.sys 28672 bytes (LSI Logic, Symbios Hi-Perf SCSI Miniport Driver)
0xF7A01000 C:\WINDOWS\System32\Drivers\Aavmker4.SYS 24576 bytes (AVAST Software, avast! Base Kernel-Mode Device Driver for Windows NT/2000/XP)
0xF7951000 ABP480N5.SYS 24576 bytes (Microsoft Corporation, AdvanSys SCSI Controller Driver)
0xF7959000 asc3350p.sys 24576 bytes (Microsoft Corporation, AdvanSys SCSI Card Driver)
0xF7A91000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF7981000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF7A81000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xF79D9000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF79F1000 C:\WINDOWS\System32\Drivers\aswRdr.SYS 20480 bytes (AVAST Software, avast! TDI RDR Driver)
0xF7961000 dpti2o.sys 20480 bytes (Microsoft Corporation, DPT SmartRAID miniport)
0xF7999000 C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 20480 bytes (GEAR Software Inc., CD DVD Filter)
0xF7931000 i2omp.sys 20480 bytes (Microsoft Corporation, I2O Miniport Driver)
0xF7929000 mraid35x.sys 20480 bytes (American Megatrends Inc., MegaRAID RAID Controller Driver for Windows Whistler 32)
0xF79E1000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF7911000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF79B1000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF79B9000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xF7919000 sparrow.sys 20480 bytes (Adaptec, Inc., Adaptec AIC-6x60 series SCSI miniport)
0xF79A9000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF7A09000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF7AAD000 aha154x.sys 16384 bytes (Microsoft Corporation, Adaptec AHA-154x series SCSI miniport)
0xF7ABD000 asc3550.sys 16384 bytes (Advanced System Products, Inc., AdvanSys Ultra-Wide PCI SCSI Driver)
0xF7AA5000 C:\WINDOWS\System32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver)
0xF7AC5000 cbidf2k.sys 16384 bytes (Microsoft Corporation, CardBus/PCMCIA IDE Miniport Driver)
0xF7276000 C:\WINDOWS\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xF7AA9000 cpqarray.sys 16384 bytes (Microsoft Corporation, Compaq Drive Array Controllers SCSI Miniport Driver)
0xF7AB5000 dac960nt.sys 16384 bytes (Microsoft Corporation, Mylex Disk Array Controller Driver)
0xF7AC1000 ini910u.sys 16384 bytes (Microsoft Corporation, INITIO ini910u SCSI miniport)
0xED8A1000 C:\WINDOWS\system32\drivers\mbam.sys 16384 bytes (Malwarebytes Corporation, Malwarebytes' Anti-Malware)
0xED851000 C:\WINDOWS\system32\DRIVERS\mdc8021x.sys 16384 bytes (Meetinghouse Data Communications, IEEE 802.1X Protocol Driver)
0xF7266000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xED849000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF7AB1000 symc810.sys 16384 bytes (Symbios Logic Inc., Symbios Logic Inc. SCSI Miniport Driver)
0xF7A9D000 ACPIEC.sys 12288 bytes (Microsoft Corporation, ACPI Embedded Controller Driver)
0xF7AB9000 amsint.sys 12288 bytes (Microsoft Corporation, AMD SCSI/NET Controller)
0xED89D000 C:\WINDOWS\System32\Drivers\aswFsBlk.SYS 12288 bytes (AVAST Software, avast! File System Access Blocking Driver)
0xF7A99000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF7AA1000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0xF728A000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xECE9D000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xF723A000 C:\WINDOWS\System32\Drivers\i2omgmt.SYS 12288 bytes (Microsoft Corporation, I2O Utility Filter)
0xED56E000 C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 12288 bytes (Conexant, Diagnostic Interface DRIVER)
0xECDB9000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xF7272000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF7B7D000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF7B8D000 aliide.sys 8192 bytes (Acer Laboratories Inc., ALi mini IDE Driver)
0xF7BC3000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF7B97000 cd20xrnt.sys 8192 bytes (Microsoft Corporation, IBM Portable CD-ROM Drive Miniport)
0xF7B95000 cmdide.sys 8192 bytes (CMD Technology, Inc., CMD PCI IDE Bus Driver)
0xF7BCD000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF7BC1000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF7B8F000 intelide.sys 8192 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0xF7B89000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF7BC5000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF7B99000 perc2hib.sys 8192 bytes (Microsoft Corporation, PERC 2 Hibernate Driver)
0xF7B9D000 prosync1.sys 8192 bytes (Protection Technology, StarForce Protection Synchronization Driver)
0xF7BC7000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF7BB9000 C:\WINDOWS\System32\Drivers\RootMdm.sys 8192 bytes (Microsoft Corporation, Legacy Non-Pnp Modem Device Driver)
0xF7B9B000 sfhlp01.sys 8192 bytes (Protection Technology, StarForce Protection Helper Driver)
0xF7BBB000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF7B91000 toside.sys 8192 bytes (Microsoft Corporation, Toshiba PCI IDE Controller)
0xF7BB7000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7B93000 viaide.sys 8192 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0xF7B8B000 C:\WINDOWS\System32\Drivers\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7CD7000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF7D54000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF7CF7000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7C51000 C:\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS 4096 bytes (Microsoft Corporation, ACPI Operation Registration Driver)
0xF7C52000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0xE1EE9008 unknown_irp_handler 4088 bytes
0x85FD50E8 unknown_irp_handler 3864 bytes
0x85F870E8 unknown_irp_handler 3864 bytes
0x85FD60E8 unknown_irp_handler 3864 bytes
0x85F850E8 unknown_irp_handler 3864 bytes
0x85FD70E8 unknown_irp_handler 3864 bytes
0x85B2A0E8 unknown_irp_handler 3864 bytes
0x85AE21E8 unknown_irp_handler 3608 bytes
0x85AE32B8 unknown_irp_handler 3400 bytes
0x85FD6350 unknown_irp_handler 3248 bytes
0x85F863D0 unknown_irp_handler 3120 bytes
0x85FD7450 unknown_irp_handler 2992 bytes
0x85E34470 unknown_irp_handler 2960 bytes
0x85FD54D0 unknown_irp_handler 2864 bytes
0x85F88510 unknown_irp_handler 2800 bytes
0x85AFC5B0 unknown_irp_handler 2640 bytes
0x85F87688 unknown_irp_handler 2424 bytes
0x85FD7708 unknown_irp_handler 2296 bytes
0x85E42818 unknown_irp_handler 2024 bytes
0x857758A8 unknown_irp_handler 1880 bytes
0x85F86940 unknown_irp_handler 1728 bytes
0x85F86BF8 unknown_irp_handler 1032 bytes
0x85F88C38 unknown_irp_handler 968 bytes
0x85F85C78 unknown_irp_handler 904 bytes
0x85FD5C78 unknown_irp_handler 904 bytes
0x85D65DA8 unknown_irp_handler 600 bytes
0xE1A23DC8 unknown_irp_handler 568 bytes
0x85F86EB0 unknown_irp_handler 336 bytes
==============================================
>Stealth
==============================================
WARNING: File locked for read access [C:\WINDOWS\system32\drivers\sptd.sys]
WARNING: File locked for read access [C:\WINDOWS\system32\drivers\sptd5309.sys]

Back to top

#6 Broni Re: [RESOLVED] Friends old Win XP Gateway laptop madbly infected

Malware Annihilator

24,883 posts
Joined: October 04, 2004
1,860 topics
Age: 57
Skin: IPBoard wide
Local time: 06:16 PM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Online

Time Online: 57d 9h 20m 43s

Posted 08 July 2011 - 03:24 AM

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

Double-click on the Rkill desktop icon to run the tool.
If using Vista or Windows 7 right-click on it and choose Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
Do not reboot until instructed.
If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

Back to top

#7 ProblemsRBad Re: [RESOLVED] Friends old Win XP Gateway laptop madbly infected

Member

161 posts
Joined: June 23, 2011
15 topics
Skin: IP.Board
Local time: 08:16 PM

Zodiac:Aries
OS:Windows 7
Country:

Offline

Time Online: 3d 20h 16m 27s

Posted 08 July 2011 - 04:04 AM

ComboFix 11-07-07.05 - Owner 07/07/2011 23:38:37.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.479.214 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\720672f
c:\documents and settings\All Users\Application Data\720672f\18.mof
c:\documents and settings\All Users\Application Data\720672f\BackUp\Last.fm Helper.lnk
c:\documents and settings\All Users\Application Data\720672f\BackUp\OneNote 2007 Screen Clipper and Launcher.lnk
c:\documents and settings\All Users\Application Data\720672f\mozcrt19.dll
c:\documents and settings\All Users\Application Data\720672f\sqlite3.dll
c:\documents and settings\All Users\Application Data\720672f\WES.ico
c:\documents and settings\All Users\Application Data\720672f\WESSys\vd952342.bd
c:\documents and settings\All Users\Application Data\dLhChKi06511
c:\documents and settings\All Users\Application Data\dLhChKi06511\dLhChKi06511
c:\documents and settings\All Users\Application Data\dLhChKi06511\dLhChKi06511.exe
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\Owner\Local Settings\Application Data\{2E5B9DA7-85C7-4064-97F1-DF1AE18C9248}
c:\documents and settings\Owner\Local Settings\Application Data\{2E5B9DA7-85C7-4064-97F1-DF1AE18C9248}\chrome.manifest
c:\documents and settings\Owner\Local Settings\Application Data\{2E5B9DA7-85C7-4064-97F1-DF1AE18C9248}\chrome\content\_cfg.js
c:\documents and settings\Owner\Local Settings\Application Data\{2E5B9DA7-85C7-4064-97F1-DF1AE18C9248}\chrome\content\c.js
c:\documents and settings\Owner\Local Settings\Application Data\{2E5B9DA7-85C7-4064-97F1-DF1AE18C9248}\chrome\content\overlay.xul
c:\documents and settings\Owner\Local Settings\Application Data\{2E5B9DA7-85C7-4064-97F1-DF1AE18C9248}\install.rdf
c:\documents and settings\Owner\WINDOWS
c:\program files\Mozilla Firefox\searchplugins\search.xml
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\wnsapisv.exe
D:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2011-06-08 to 2011-07-08 )))))))))))))))))))))))))))))))
.
.
2011-07-07 13:01 . 2011-07-04 11:36 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-07-07 13:01 . 2011-07-04 11:32 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-07-07 13:01 . 2011-07-04 11:32 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-07 13:01 . 2011-07-04 11:35 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-07-07 13:01 . 2011-07-04 11:36 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-07 13:01 . 2011-07-04 11:35 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-07-07 13:01 . 2011-07-04 11:35 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-07-07 13:01 . 2011-07-04 11:32 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-07-07 13:00 . 2011-07-04 11:43 40112 ----a-w- c:\windows\avastSS.scr
2011-07-07 13:00 . 2011-07-04 11:43 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-07-07 13:00 . 2011-07-07 13:00 -------- d-----w- c:\program files\AVAST Software
2011-07-07 13:00 . 2011-07-07 13:00 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2011-07-07 12:55 . 2008-04-13 23:11 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2011-07-07 12:55 . 2008-04-13 23:11 21504 ----a-w- c:\windows\system32\hidserv.dll
2011-07-05 03:54 . 2011-07-05 03:54 711728 ----a-w- c:\windows\is-KJGD9.exe
2011-07-05 03:49 . 2011-07-05 05:04 -------- d-----w- C:\Program Installers
2011-06-13 00:53 . 2011-06-13 00:53 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-29 13:11 . 2009-12-04 03:09 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 13:11 . 2009-12-04 03:08 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-13 212992]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-03-27 98304]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-03-27 499712]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
.
c:\documents and settings\Owner\Start Menu\Programs\Startup\
Last.fm Helper.lnk - c:\program files\Last.fm\LastFMHelper.exe [2008-2-3 106496]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk
backup=c:\windows\pss\AutoCAD Startup Accelerator.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Last.fm Helper.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\Last.fm Helper.lnk
backup=c:\windows\pss\Last.fm Helper.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^RollerCoaster Tycoon 3 Registration.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\RollerCoaster Tycoon 3 Registration.lnk
backup=c:\windows\pss\RollerCoaster Tycoon 3 Registration.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gcasServ]
2005-07-12 20:35 473928 ----a-w- c:\program files\Microsoft AntiSpyware\gcasServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 16:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2003-07-10 08:13 114688 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2003-07-10 08:25 155648 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-03-11 17:52 342312 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Location Finder]
2005-08-24 23:25 101080 ----a-w- c:\program files\Microsoft Location Finder\LocationFinder.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 19:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-01-05 20:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2003-11-01 03:42 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2007-08-16 13:56 236016 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-09-25 06:11 132496 ----a-w- c:\program files\Java\jre1.6.0_03\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunKist]
2004-05-27 01:57 139264 ----a-w- c:\program files\Digital Media Reader\shwicon2k.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2005-10-03 08:41 180269 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Gateway\\HPA\\gwmenu.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Nortel Networks\\Extranet.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [4/5/2006 2:17 AM 642560]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [7/7/2011 9:01 AM 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [7/7/2011 9:01 AM 309848]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [7/7/2011 9:01 AM 19544]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12/3/2009 11:09 PM 366640]
R3 Eacfilt;Eacfilt Miniport;c:\windows\system32\drivers\eacfilt.sys [9/2/2007 7:34 PM 26137]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12/3/2009 11:08 PM 22712]
S2 gupdate1c98a7c3453a439;Google Update Service (gupdate1c98a7c3453a439);c:\program files\Google\Update\GoogleUpdate.exe [2/9/2009 2:03 AM 133104]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/9/2009 2:03 AM 133104]
S3 IPSECEXT;Nortel Extranet Access Protocol;c:\windows\system32\drivers\ipsecw2k.sys [9/2/2007 7:34 PM 155152]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [12/3/2009 11:09 PM 39984]
S3 MR97310_VGA_DUAL_CAMERA;MR97310 VGA Dual Mode Camera;c:\windows\system32\drivers\mr97310v.sys [9/3/2005 1:48 PM 116078]
S3 naecd;naecd;\??\c:\docume~1\Owner\LOCALS~1\Temp\naecd.sys --> c:\docume~1\Owner\LOCALS~1\Temp\naecd.sys [?]
S3 TNET1130x;Wireless-G Notebook Adapter v.2.0;c:\windows\system32\drivers\TNET1130x.sys [5/19/2005 3:41 PM 385536]
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-09 06:03]
.
2011-07-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-09 06:03]
.
2005-05-16 c:\windows\Tasks\ISP signup reminder 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-26 00:12]
.
2005-05-16 c:\windows\Tasks\ISP signup reminder 3.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-26 00:12]
.
.
------- Supplementary Scan -------
.
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/yme/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\simszfvn.default\
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-mcmscsvc
SafeBoot-MCODS
MSConfigStartUp-BearShare - c:\program files\BearShare\BearShare.exe
MSConfigStartUp-Cpue - c:\program files\sswp\cruu.exe
MSConfigStartUp-HostManager - c:\program files\Common Files\AOL\1139505582\ee\AOLSoftware.exe
MSConfigStartUp-MCAgentExe - c:\progra~1\mcafee.com\agent\mcagent.exe
MSConfigStartUp-MCUpdateExe - c:\progra~1\mcafee.com\agent\McUpdate.exe
MSConfigStartUp-_AntiSpyware - c:\progra~1\mcafee\mcafee antispyware\masalert.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-07 23:55
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3160568925-3770676213-1693977076-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1688)
c:\program files\Funk Software\Odyssey Client\odLogin.dll
.
- - - - - - - > 'explorer.exe'(1608)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-07-08 00:01:20 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-08 04:01
.
Pre-Run: 18,046,562,304 bytes free
Post-Run: 18,392,752,128 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 5FFF6EB9C9735E87D9FFE1B9C2A121E4

Back to top

#8 Broni Re: [RESOLVED] Friends old Win XP Gateway laptop madbly infected

Malware Annihilator

24,883 posts
Joined: October 04, 2004
1,860 topics
Age: 57
Skin: IPBoard wide
Local time: 06:16 PM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Online

Time Online: 57d 9h 20m 43s

Posted 08 July 2011 - 04:10 AM

1. Please open Notepad

Click Start , then Run
Type notepad .exe in the Run Box
Click OK

Windows Vista/7 users: click Start, in "Start search" type notepad and press Enter.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
c:\windows\is-KJGD9.exe
c:\docume~1\Owner\LOCALS~1\Temp\naecd.sys


DDS::
uInternet Settings,ProxyOverride = <local>


Driver::
naecd

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"=dword:00000001

3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt

Back to top

#9 ProblemsRBad Re: [RESOLVED] Friends old Win XP Gateway laptop madbly infected

Member

161 posts
Joined: June 23, 2011
15 topics
Skin: IP.Board
Local time: 08:16 PM

Zodiac:Aries
OS:Windows 7
Country:

Offline

Time Online: 3d 20h 16m 27s

Posted 08 July 2011 - 04:41 AM

ComboFix 11-07-07.05 - Owner 07/08/2011 0:18.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.479.144 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
FILE ::
"c:\docume~1\Owner\LOCALS~1\Temp\naecd.sys"
"c:\windows\is-KJGD9.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\is-KJGD9.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NAECD
-------\Service_naecd
.
.
((((((((((((((((((((((((( Files Created from 2011-06-08 to 2011-07-08 )))))))))))))))))))))))))))))))
.
.
2011-07-07 13:01 . 2011-07-04 11:36 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-07-07 13:01 . 2011-07-04 11:32 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-07-07 13:01 . 2011-07-04 11:32 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-07 13:01 . 2011-07-04 11:35 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-07-07 13:01 . 2011-07-04 11:36 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-07 13:01 . 2011-07-04 11:35 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-07-07 13:01 . 2011-07-04 11:35 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-07-07 13:01 . 2011-07-04 11:32 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-07-07 13:00 . 2011-07-04 11:43 40112 ----a-w- c:\windows\avastSS.scr
2011-07-07 13:00 . 2011-07-04 11:43 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-07-07 13:00 . 2011-07-07 13:00 -------- d-----w- c:\program files\AVAST Software
2011-07-07 13:00 . 2011-07-07 13:00 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2011-07-07 12:55 . 2008-04-13 23:11 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2011-07-07 12:55 . 2008-04-13 23:11 21504 ----a-w- c:\windows\system32\hidserv.dll
2011-07-05 03:49 . 2011-07-05 05:04 -------- d-----w- C:\Program Installers
2011-06-13 00:53 . 2011-06-13 00:53 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-29 13:11 . 2009-12-04 03:09 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 13:11 . 2009-12-04 03:08 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2011-07-08_03.56.26 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-08-26 16:12 . 2011-07-08 04:03 79392 c:\windows\system32\perfc009.dat
+ 2004-08-26 16:12 . 2011-07-08 04:03 426746 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-13 212992]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-03-27 98304]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-03-27 499712]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
.
c:\documents and settings\Owner\Start Menu\Programs\Startup\
Last.fm Helper.lnk - c:\program files\Last.fm\LastFMHelper.exe [2008-2-3 106496]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk
backup=c:\windows\pss\AutoCAD Startup Accelerator.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Last.fm Helper.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\Last.fm Helper.lnk
backup=c:\windows\pss\Last.fm Helper.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^RollerCoaster Tycoon 3 Registration.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\RollerCoaster Tycoon 3 Registration.lnk
backup=c:\windows\pss\RollerCoaster Tycoon 3 Registration.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gcasServ]
2005-07-12 20:35 473928 ----a-w- c:\program files\Microsoft AntiSpyware\gcasServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 16:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2003-07-10 08:13 114688 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2003-07-10 08:25 155648 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-03-11 17:52 342312 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Location Finder]
2005-08-24 23:25 101080 ----a-w- c:\program files\Microsoft Location Finder\LocationFinder.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 19:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-01-05 20:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2003-11-01 03:42 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2007-08-16 13:56 236016 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-09-25 06:11 132496 ----a-w- c:\program files\Java\jre1.6.0_03\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunKist]
2004-05-27 01:57 139264 ----a-w- c:\program files\Digital Media Reader\shwicon2k.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2005-10-03 08:41 180269 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Gateway\\HPA\\gwmenu.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Nortel Networks\\Extranet.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [4/5/2006 2:17 AM 642560]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [7/7/2011 9:01 AM 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [7/7/2011 9:01 AM 309848]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [7/7/2011 9:01 AM 19544]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12/3/2009 11:09 PM 366640]
R3 Eacfilt;Eacfilt Miniport;c:\windows\system32\drivers\eacfilt.sys [9/2/2007 7:34 PM 26137]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12/3/2009 11:08 PM 22712]
S2 gupdate1c98a7c3453a439;Google Update Service (gupdate1c98a7c3453a439);c:\program files\Google\Update\GoogleUpdate.exe [2/9/2009 2:03 AM 133104]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/9/2009 2:03 AM 133104]
S3 IPSECEXT;Nortel Extranet Access Protocol;c:\windows\system32\drivers\ipsecw2k.sys [9/2/2007 7:34 PM 155152]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [12/3/2009 11:09 PM 39984]
S3 MR97310_VGA_DUAL_CAMERA;MR97310 VGA Dual Mode Camera;c:\windows\system32\drivers\mr97310v.sys [9/3/2005 1:48 PM 116078]
S3 TNET1130x;Wireless-G Notebook Adapter v.2.0;c:\windows\system32\drivers\TNET1130x.sys [5/19/2005 3:41 PM 385536]
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-09 06:03]
.
2011-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-09 06:03]
.
2005-05-16 c:\windows\Tasks\ISP signup reminder 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-26 00:12]
.
2005-05-16 c:\windows\Tasks\ISP signup reminder 3.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-26 00:12]
.
.
------- Supplementary Scan -------
.
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/yme/*http://www.yahoo.com/ext/search/search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 68.87.77.134 68.87.72.134
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\simszfvn.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - Ext: Google Gears: {000a9d1c-beef-4f90-9363-039d445309b8} - c:\program files\Google\Google Gears\Firefox
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\AVAST Software\Avast\WebRep\FF
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-08 00:33
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3160568925-3770676213-1693977076-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(364)
c:\program files\Funk Software\Odyssey Client\odLogin.dll
.
- - - - - - - > 'explorer.exe'(3776)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-07-08 00:39:23 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-08 04:39
ComboFix2.txt 2011-07-08 04:01
.
Pre-Run: 18,398,248,960 bytes free
Post-Run: 18,383,532,032 bytes free
.
- - End Of File - - 982D1AB4514120EEA1B69CA7D4EACD69

Back to top

#10 Broni Re: [RESOLVED] Friends old Win XP Gateway laptop madbly infected

Malware Annihilator

24,883 posts
Joined: October 04, 2004
1,860 topics
Age: 57
Skin: IPBoard wide
Local time: 06:16 PM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Online

Time Online: 57d 9h 20m 43s

Posted 08 July 2011 - 04:47 AM

Looks good now :)

How is computer doing?

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Click the Scan All Users checkbox.
Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

Back to top

#11 ProblemsRBad Re: [RESOLVED] Friends old Win XP Gateway laptop madbly infected

Member

161 posts
Joined: June 23, 2011
15 topics
Skin: IP.Board
Local time: 08:16 PM

Zodiac:Aries
OS:Windows 7
Country:

Offline

Time Online: 3d 20h 16m 27s

Posted 08 July 2011 - 05:04 AM

The system is moving a lot more fast now!

OTL logfile created on: 7/8/2011 12:53:07 AM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

479.36 Mb Total Physical Memory | 145.37 Mb Available Physical Memory | 30.33% Memory free
1.10 Gb Paging File | 0.86 Gb Available in Paging File | 78.38% Paging File free
Paging file location(s): C:\pagefile.sys 720 1440 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 52.15 Gb Total Space | 17.15 Gb Free Space | 32.88% Space Free | Partition Type: NTFS
Drive D: | 3.72 Gb Total Space | 1.67 Gb Free Space | 44.89% Space Free | Partition Type: FAT32

Computer Name: MXF-M930916G | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/08 00:50:08 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2011/07/04 07:43:54 | 003,493,720 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/07/04 07:43:51 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/05/29 09:11:28 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/08 17:23:18 | 000,106,496 | ---- | M] (Last.fm) -- C:\Program Files\Last.fm\LastFMHelper.exe
PRC - [2005/03/03 13:32:53 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
PRC - [2004/03/26 21:20:28 | 000,098,304 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

========== Modules (SafeList) ==========

MOD - [2011/07/08 00:50:08 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
MOD - [2011/07/04 07:43:51 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2004/03/26 21:20:22 | 000,066,048 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/07/04 07:43:51 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2006/04/05 02:49:55 | 000,077,944 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2005/03/03 13:32:53 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Running] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2011/07/04 07:36:43 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/07/04 07:36:32 | 000,309,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/07/04 07:35:23 | 000,043,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/07/04 07:35:12 | 000,102,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/07/04 07:32:32 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/07/04 07:32:13 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/07/04 07:32:12 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2007/04/18 12:55:48 | 000,026,137 | ---- | M] (Nortel Networks) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\eacfilt.sys -- (Eacfilt)
DRV - [2007/04/18 12:55:30 | 000,155,152 | ---- | M] (Nortel Networks NA, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ipsecw2k.sys -- (IPSECSHM)
DRV - [2007/04/18 12:55:30 | 000,155,152 | ---- | M] (Nortel Networks NA, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ipsecw2k.sys -- (IPSECEXT)
DRV - [2006/04/05 02:20:40 | 000,223,128 | ---- | M] (DT Soft Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\dtscsi.sys -- (dtscsi)
DRV - [2006/04/05 02:17:15 | 000,642,560 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2005/09/02 17:06:35 | 000,042,240 | R--- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2plms.sys -- (ser2plms)
DRV - [2005/05/17 16:48:28 | 000,015,781 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2004/06/26 05:05:30 | 000,341,760 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2004/06/24 14:16:44 | 000,029,856 | ---- | M] (Alcor Micro Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EMCfilt.sys -- (EMCFILT)
DRV - [2004/03/12 07:26:00 | 000,116,078 | R--- | M] (Mars Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mr97310v.sys -- (MR97310_VGA_DUAL_CAMERA)
DRV - [2004/03/10 17:54:32 | 000,385,536 | ---- | M] (Cisco-Linksys LLC.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TNET1130x.sys -- (TNET1130x)
DRV - [2003/09/26 11:26:54 | 000,272,128 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camchal.sys -- (CAMCHALA)
DRV - [2003/09/26 11:25:06 | 000,291,712 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camcaud.sys -- (CAMCAUD)
DRV - [2003/09/06 09:37:22 | 000,062,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\prohlp02.sys -- (prohlp02)
DRV - [2003/09/06 08:27:06 | 000,004,832 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp01.sys -- (sfhlp01)
DRV - [2003/09/06 08:25:52 | 000,051,744 | ---- | M] (Protection Technology) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\prodrv06.sys -- (prodrv06)
DRV - [2003/09/06 08:22:08 | 000,006,944 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\prosync1.sys -- (prosync1)
DRV - [2003/07/16 22:28:02 | 000,017,142 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CBTNDIS5.sys -- (CBTNDIS5)
DRV - [2003/07/16 02:27:40 | 000,043,264 | R--- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2003/06/30 14:11:52 | 000,043,136 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2003/05/14 16:01:42 | 000,062,673 | R--- | M] (Funk Software, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\odysseyIM3.sys -- (odysseyIM3)
DRV - [2003/05/01 09:42:08 | 000,030,592 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\strmdisp.sys -- (StreamDispatcher)
DRV - [2003/05/01 09:40:56 | 000,165,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2003/05/01 09:38:56 | 000,622,848 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/05/01 09:37:46 | 001,107,200 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2001/08/17 16:49:32 | 000,019,968 | ---- | M] (Macronix International Co., Ltd. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxnic.sys -- (mxnic)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapp...rch/search.html

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie

IE - HKU\S-1-5-21-3160568925-3770676213-1693977076-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: wrc@avast.com:6.0.1203

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2105: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2163: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1212: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/03/06 00:04:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/07/07 09:00:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/11 20:15:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/31 21:45:47 | 000,000,000 | ---D | M]

[2009/10/25 10:29:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2009/02/16 20:09:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\simszfvn.default\extensions
[2011/07/08 00:02:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/12/10 05:01:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\Access Privileges Test
[2011/07/07 09:00:33 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2010/03/06 00:04:18 | 000,000,000 | ---D | M] (Google Gears) -- C:\PROGRAM FILES\GOOGLE\GOOGLE GEARS\FIREFOX

O1 HOSTS File: ([2011/07/08 00:32:11 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {4D1C4E89-A32A-416b-BCDB-33B3EF3617D3} - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found.
O3 - HKU\S-1-5-21-3160568925-3770676213-1693977076-1003\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-3160568925-3770676213-1693977076-1003\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\S-1-5-21-3160568925-3770676213-1693977076-1003\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-3160568925-3770676213-1693977076-1003\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-3160568925-3770676213-1693977076-1003\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe (Last.fm)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3160568925-3770676213-1693977076-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3160568925-3770676213-1693977076-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-3160568925-3770676213-1693977076-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-3160568925-3770676213-1693977076-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} http://asp.mathxl.co...GenXInstall.cab (TTestGenXInstallObject)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} http://asp.mathxl.co...nstallAsst2.cab (Pearson Installation Assistant 2)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} http://asp.mathxl.co.../MathPlayer.cab (Pearson MathXL Player)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.128.128.128
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {9EF34FF2-3396-4527-9D27-04C8C1C67806} - C:\Program Files\Microsoft AntiSpyware\shellextension.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/26 14:04:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/09/13 12:15:24 | 000,000,053 | -HS- | M] () - D:\AUTORUN.FCB -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-3160568925-3770676213-1693977076-1003\...exe [@ = exefile] -- Reg Error: Key error. File not found

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/07/08 00:50:09 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/07/08 00:39:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/07/07 23:36:40 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/07/07 23:29:01 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/07/07 23:29:01 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/07/07 23:29:01 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/07/07 23:29:01 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/07/07 23:28:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/07/07 23:28:33 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/07/07 23:28:25 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\Administrative Tools
[2011/07/07 23:26:27 | 004,136,056 | R--- | C] (Swearware) -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2011/07/07 22:45:23 | 001,458,992 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Owner\Desktop\tdsskiller.exe
[2011/07/07 09:01:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2011/07/07 09:01:20 | 000,309,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/07/07 09:01:20 | 000,019,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/07/07 09:01:15 | 000,025,432 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/07/07 09:01:14 | 000,043,608 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/07/07 09:01:13 | 000,441,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/07/07 09:01:12 | 000,102,616 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/07/07 09:01:12 | 000,096,344 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/07/07 09:01:11 | 000,030,808 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/07/07 09:00:30 | 000,040,112 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/07/07 09:00:29 | 000,199,304 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/07/07 09:00:10 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/07/07 09:00:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/07/05 00:07:22 | 000,607,017 | ---- | C] (Swearware) -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2011/07/04 23:57:30 | 001,904,128 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Owner\Desktop\aswMBR.exe
[2011/07/04 23:49:13 | 000,000,000 | ---D | C] -- C:\Program Installers
[3 C:\Documents and Settings\Owner\Desktop\*.tmp files -> C:\Documents and Settings\Owner\Desktop\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/08 00:50:08 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/07/08 00:37:13 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/08 00:34:29 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/08 00:32:11 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/07/08 00:32:08 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/08 00:31:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/08 00:31:45 | 502,714,368 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/08 00:03:55 | 000,426,746 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/07/08 00:03:55 | 000,079,392 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/07/07 23:36:50 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/07/07 23:26:41 | 004,136,056 | R--- | M] (Swearware) -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2011/07/07 23:19:20 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\RKUnhookerLE.EXE
[2011/07/07 22:46:15 | 001,458,992 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Owner\Desktop\tdsskiller.exe
[2011/07/07 09:22:35 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\MBR.dat
[2011/07/07 09:01:21 | 000,001,695 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/07/07 09:01:12 | 000,002,638 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/07/05 00:07:03 | 000,607,017 | ---- | M] (Swearware) -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2011/07/04 23:57:48 | 001,904,128 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Owner\Desktop\aswMBR.exe
[2011/07/04 23:55:52 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\5et0gqx0.exe
[2011/07/04 23:54:18 | 000,010,498 | ---- | M] () -- C:\WINDOWS\is-KJGD9.msg
[2011/07/04 23:54:18 | 000,000,360 | ---- | M] () -- C:\WINDOWS\is-KJGD9.lst
[2011/07/04 23:54:17 | 000,000,820 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/07/04 23:54:17 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/04 07:43:53 | 000,040,112 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/07/04 07:43:51 | 000,199,304 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/07/04 07:36:43 | 000,441,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/07/04 07:36:32 | 000,309,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/07/04 07:35:23 | 000,043,608 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/07/04 07:35:12 | 000,102,616 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/07/04 07:35:09 | 000,096,344 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/07/04 07:32:32 | 000,025,432 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/07/04 07:32:13 | 000,030,808 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/07/04 07:32:12 | 000,019,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/06/26 02:45:56 | 000,256,000 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2011/06/22 06:16:44 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Office Word 2007.lnk
[2011/06/09 14:37:02 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\{4279D8BB-6157-49CF-BA58-D37FBB9C48BA}
[2011/06/08 14:37:05 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\{FBFED212-FC76-43EF-A80E-7A322378D27F}
[3 C:\Documents and Settings\Owner\Desktop\*.tmp files -> C:\Documents and Settings\Owner\Desktop\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/07 23:36:49 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/07/07 23:36:47 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/07/07 23:29:01 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/07/07 23:29:01 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/07/07 23:29:01 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/07/07 23:29:01 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/07/07 23:29:01 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/07/07 23:19:12 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\RKUnhookerLE.EXE
[2011/07/07 09:22:35 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\MBR.dat
[2011/07/07 09:01:21 | 000,001,695 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/07/04 23:55:53 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\5et0gqx0.exe
[2011/07/04 23:54:18 | 000,010,498 | ---- | C] () -- C:\WINDOWS\is-KJGD9.msg
[2011/07/04 23:54:18 | 000,000,360 | ---- | C] () -- C:\WINDOWS\is-KJGD9.lst
[2011/07/04 23:54:17 | 000,000,820 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/07/04 23:54:17 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/09 14:37:02 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\{4279D8BB-6157-49CF-BA58-D37FBB9C48BA}
[2011/06/08 14:37:05 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\{FBFED212-FC76-43EF-A80E-7A322378D27F}
[2010/04/21 05:02:36 | 000,011,320 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\760y
[2010/04/21 05:02:36 | 000,011,320 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\760y
[2010/03/31 17:05:10 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2010/03/31 17:04:57 | 000,000,039 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2009/02/25 00:03:43 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2006/06/22 13:36:22 | 000,000,157 | ---- | C] () -- C:\WINDOWS\matlab.ini
[2006/06/22 13:26:16 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2006/04/05 02:51:21 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2006/04/05 02:17:15 | 000,096,384 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd5309.sys
[2006/02/09 13:14:27 | 000,000,028 | ---- | C] () -- C:\WINDOWS\atid.ini
[2005/09/26 22:18:45 | 000,000,192 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2005/09/26 06:10:17 | 000,000,053 | ---- | C] () -- C:\WINDOWS\System32\windll.ini
[2005/09/25 20:28:28 | 000,099,965 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2005/09/25 20:28:14 | 000,003,430 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2005/09/25 20:25:25 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\hndlt.ini
[2005/09/25 19:30:22 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2005/09/25 19:30:10 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2005/09/25 18:15:18 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/09/25 09:28:28 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2005/09/23 02:12:19 | 000,000,034 | ---- | C] () -- C:\WINDOWS\System32\msvsd.dll
[2005/09/13 23:18:30 | 000,000,073 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2005/09/10 20:40:47 | 000,001,662 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005/09/10 20:40:47 | 000,000,539 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2005/09/10 20:40:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2005/09/06 11:39:21 | 000,047,616 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/09/03 14:17:00 | 000,000,037 | ---- | C] () -- C:\WINDOWS\marscam.ini
[2005/09/03 13:51:36 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2005/09/03 13:51:24 | 000,000,567 | ---- | C] () -- C:\WINDOWS\videoimp.ini
[2005/09/03 13:49:45 | 000,000,021 | ---- | C] () -- C:\WINDOWS\CS_SETUP.ini
[2005/09/03 13:48:36 | 000,028,672 | R--- | C] () -- C:\WINDOWS\System32\mr310exd.dll
[2005/09/03 13:48:35 | 000,036,864 | R--- | C] () -- C:\WINDOWS\System32\mr310exv.dll
[2005/06/03 20:01:52 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/05/23 15:58:04 | 000,000,164 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat
[2005/05/17 16:55:31 | 000,084,644 | R--- | C] () -- C:\WINDOWS\System32\drivers\FwRad17.bin
[2005/05/17 16:55:31 | 000,083,024 | R--- | C] () -- C:\WINDOWS\System32\drivers\FwRad16.bin
[2005/03/03 13:32:56 | 000,471,298 | ---- | C] () -- C:\WINDOWS\wallpg.exe
[2005/03/03 13:30:33 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2005/03/03 13:26:55 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2004/08/27 06:50:59 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/27 05:54:47 | 000,516,096 | ---- | C] () -- C:\WINDOWS\System32\HotlineClient.exe
[2004/08/26 14:07:50 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/26 14:01:37 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/26 12:12:43 | 000,001,168 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/08/26 12:12:43 | 000,000,461 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2004/08/26 12:12:13 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/26 12:12:10 | 000,426,746 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/26 12:12:10 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/26 12:12:10 | 000,079,392 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/26 12:12:10 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/26 12:12:08 | 000,005,151 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/26 12:12:07 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/26 12:12:05 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/26 12:12:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/26 12:11:59 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/26 12:11:54 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/26 12:11:46 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/26 06:54:56 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/26 06:54:01 | 000,410,288 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== LOP Check ==========

[2006/04/05 02:51:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2011/07/07 09:00:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2010/04/24 02:20:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avG
[2005/09/25 18:33:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BullGuard
[2008/02/03 18:48:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Last.fm
[2011/02/09 12:30:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\oOpLk06300
[2010/06/16 21:29:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RapidTyping
[2010/12/11 14:08:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ten Thumbs Typing Tutor
[2007/04/02 03:38:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2005/09/25 18:41:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo
[2009/03/12 23:16:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2005/03/03 13:36:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\SampleView
[2006/02/09 13:21:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\acccore
[2005/09/26 22:09:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Aim
[2005/09/25 19:30:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Atari
[2006/04/05 03:26:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Autodesk
[2005/09/25 19:29:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2005/09/20 01:10:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Morpheus
[2005/05/30 06:20:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MSNInstaller
[2010/06/16 21:29:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\RapidTyping
[2009/02/25 00:03:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Research In Motion
[2005/03/03 13:36:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SampleView
[2005/11/02 13:53:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Template
[2010/12/11 14:08:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TypingMaster7
[2010/02/08 07:43:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\uTorrent
[2007/04/02 03:38:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Viewpoint
[2006/04/05 10:53:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\WhenU
[2005/05/16 17:46:08 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\ISP signup reminder 2.job
[2005/05/16 17:46:09 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\ISP signup reminder 3.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2011/07/07 10:11:55 | 000,011,644 | ---- | M] () -- C:\aaw7boot.log
[2004/08/26 14:04:39 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/12/06 10:26:11 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/07/07 23:36:50 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2005/09/10 20:40:49 | 000,000,103 | ---- | M] () -- C:\BootErr.log
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2011/07/08 00:39:26 | 000,013,622 | ---- | M] () -- C:\ComboFix.txt
[2004/08/26 14:04:39 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2011/07/08 00:31:45 | 502,714,368 | -HS- | M] () -- C:\hiberfil.sys
[2004/08/26 14:04:39 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2005/05/17 16:55:40 | 000,000,032 | ---- | M] () -- C:\IS0.log
[2004/08/26 14:04:39 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 15:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010/03/04 23:59:40 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/07/08 00:31:42 | 754,974,720 | -HS- | M] () -- C:\pagefile.sys
[2006/12/18 10:49:07 | 000,000,000 | ---- | M] () -- C:\palsound.txt
[2005/03/03 13:26:54 | 000,000,090 | ---- | M] () -- C:\setup.log
[2005/09/29 14:51:50 | 000,700,416 | ---- | M] (LimeWire) -- C:\StubInstaller.exe
[2011/07/07 23:19:30 | 000,112,560 | ---- | M] () -- C:\TDSSKiller.2.5.9.0_07.07.2011_22.54.44_log.txt
[2008/01/16 23:34:09 | 000,000,333 | ---- | M] () -- C:\xinstall.log
[2005/09/15 17:30:36 | 000,020,912 | ---- | M] () -- C:\ymp.crash.log
[2005/09/15 17:30:42 | 000,016,330 | ---- | M] () -- C:\ymp.dmp

< %systemroot%\Fonts\*.com >

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2004/08/26 14:03:59 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2011/07/04 07:43:53 | 000,040,112 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >
[2005/09/29 20:25:10 | 000,001,578 | -H-- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\LastFlashConfig.WFC

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2004/08/26 06:53:19 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2004/08/26 06:53:18 | 000,634,880 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2004/08/26 06:53:18 | 000,864,256 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2010/03/05 00:11:01 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/03/05 19:27:45 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2010/03/05 19:27:45 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2011/07/04 23:55:52 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\5et0gqx0.exe
[2011/07/04 23:57:48 | 001,904,128 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Owner\Desktop\aswMBR.exe
[2011/07/07 23:26:41 | 004,136,056 | R--- | M] (Swearware) -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2009/11/21 20:18:51 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Owner\Desktop\HijackThis.exe
[2010/09/23 21:08:45 | 016,883,056 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Owner\Desktop\IE8-WindowsXP-x86-ENU.exe
[2011/07/08 00:50:08 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/07/07 23:19:20 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\RKUnhookerLE.EXE
[2010/03/01 20:11:21 | 002,121,432 | ---- | M] (Hewlett-Packard Company ) -- C:\Documents and Settings\Owner\Desktop\sp32144.exe
[2010/03/01 20:11:08 | 004,494,456 | ---- | M] (Hewlett-Packard Company ) -- C:\Documents and Settings\Owner\Desktop\sp34152.exe
[2008/11/06 18:47:51 | 015,083,520 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Owner\Desktop\spybotsd160.exe
[2011/07/07 22:46:15 | 001,458,992 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Owner\Desktop\tdsskiller.exe
[2009/12/30 19:06:08 | 001,362,010 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\wrar391.exe
[2010/01/06 21:50:09 | 000,897,431 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\wxpboot.exe
[3 C:\Documents and Settings\Owner\Desktop\*.tmp files -> C:\Documents and Settings\Owner\Desktop\*.tmp -> ]

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >
[2005/10/05 21:52:40 | 000,353,298 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\LimeWireWin.exe

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/03/05 19:27:47 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Owner\Favorites\Desktop.ini
[2006/02/09 13:20:35 | 000,001,513 | ---- | M] () -- C:\Documents and Settings\Owner\Favorites\Try AOL for 50 days free!.lnk

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2011/07/08 00:40:16 | 000,229,376 | ---- | M] () -- C:\Documents and Settings\Owner\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2004/08/11 05:45:04 | 000,192,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008/04/13 20:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2004/08/04 11:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2004/08/04 11:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2008/05/02 10:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/13 13:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/13 20:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2004/08/04 11:06:36 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2004/08/04 11:06:36 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2004/08/04 11:06:36 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2004/08/04 11:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004/08/04 11:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-10-15 07:19:01

========== Files - Unicode (All) ==========
[2009/12/04 09:05:41 | 000,000,000 | ---D | M](C:\WINDOWS\??sks) -- C:\WINDOWS\Τаsks
[2009/11/29 01:53:08 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\My Documents\??crosoft) -- C:\Documents and Settings\Owner\My Documents\Μіcrosoft
[2006/02/17 02:39:44 | 000,000,000 | ---D | M](C:\WINDOWS\System32\M?crosoft.NET) -- C:\WINDOWS\System32\Mіcrosoft.NET
[2006/02/17 02:39:44 | 000,000,000 | ---D | C](C:\WINDOWS\System32\M?crosoft.NET) -- C:\WINDOWS\System32\Mіcrosoft.NET
[2006/02/17 02:33:45 | 000,000,000 | ---D | M](C:\Program Files\Common Files\?icrosoft.NET) -- C:\Program Files\Common Files\Μicrosoft.NET
[2006/02/17 02:33:45 | 000,000,000 | ---D | M](C:\Program Files\Common Files\?icrosoft.NET) -- C:\Program Files\Common Files\Μicrosoft.NET
[2006/02/17 02:32:40 | 000,000,000 | ---D | M](C:\Program Files\Common Files\??crosoft.NET) -- C:\Program Files\Common Files\Μіcrosoft.NET
[2006/02/17 02:32:40 | 000,000,000 | ---D | M](C:\Program Files\Common Files\??crosoft.NET) -- C:\Program Files\Common Files\Μіcrosoft.NET
[2006/02/17 02:31:22 | 000,000,000 | ---D | M](C:\WINDOWS\??crosoft.NET) -- C:\WINDOWS\Μіcrosoft.NET
[2006/02/17 02:31:22 | 000,000,000 | ---D | C](C:\WINDOWS\??crosoft.NET) -- C:\WINDOWS\Μіcrosoft.NET
[2006/02/17 02:29:52 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\Application Data\?ystem) -- C:\Documents and Settings\Owner\Application Data\ѕystem
[2006/02/17 02:29:52 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\Application Data\?ystem) -- C:\Documents and Settings\Owner\Application Data\ѕystem
[2006/02/17 02:28:38 | 000,000,000 | ---D | M](C:\WINDOWS\System32\??sembly) -- C:\WINDOWS\System32\аѕsembly
[2006/02/17 02:28:38 | 000,000,000 | ---D | C](C:\WINDOWS\System32\??sembly) -- C:\WINDOWS\System32\аѕsembly
[2006/02/17 02:27:59 | 000,000,000 | ---D | M](C:\Program Files\?icrosoft.NET) -- C:\Program Files\Μicrosoft.NET
[2006/02/17 02:27:59 | 000,000,000 | ---D | M](C:\Program Files\?icrosoft.NET) -- C:\Program Files\Μicrosoft.NET
[2006/02/17 02:27:58 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\My Documents\?asks) -- C:\Documents and Settings\Owner\My Documents\Тasks
[2006/02/17 02:27:58 | 000,000,000 | ---D | C](C:\Documents and Settings\Owner\My Documents\?asks) -- C:\Documents and Settings\Owner\My Documents\Тasks
[2006/02/17 02:27:56 | 000,000,000 | ---D | M](C:\WINDOWS\?ymbols) -- C:\WINDOWS\ѕymbols
[2006/02/17 02:27:56 | 000,000,000 | ---D | C](C:\WINDOWS\?ymbols) -- C:\WINDOWS\ѕymbols
[2006/02/17 02:27:36 | 000,000,000 | ---D | M](C:\Program Files\Common Files\s?curity) -- C:\Program Files\Common Files\sеcurity
[2006/02/17 02:27:36 | 000,000,000 | ---D | M](C:\Program Files\Common Files\s?curity) -- C:\Program Files\Common Files\sеcurity
[2006/02/17 02:27:02 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\Application Data\??crosoft) -- C:\Documents and Settings\Owner\Application Data\Μіcrosoft
[2006/02/17 02:27:02 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\Application Data\??crosoft) -- C:\Documents and Settings\Owner\Application Data\Μіcrosoft
[2006/02/17 02:25:45 | 000,000,000 | ---D | M](C:\Program Files\Common Files\??pPatch) -- C:\Program Files\Common Files\ΑрpPatch
[2006/02/17 02:25:45 | 000,000,000 | ---D | M](C:\Program Files\Common Files\??pPatch) -- C:\Program Files\Common Files\ΑрpPatch
[2006/02/17 02:25:33 | 000,000,000 | ---D | M](C:\Program Files\??crosoft.NET) -- C:\Program Files\Μіcrosoft.NET
[2006/02/17 02:25:33 | 000,000,000 | ---D | M](C:\Program Files\??crosoft.NET) -- C:\Program Files\Μіcrosoft.NET
[2006/02/17 02:25:29 | 000,000,000 | ---D | M](C:\Program Files\S?mantec) -- C:\Program Files\Sуmantec
[2006/02/17 02:25:29 | 000,000,000 | ---D | M](C:\Program Files\S?mantec) -- C:\Program Files\Sуmantec
[2006/02/17 02:25:10 | 000,000,000 | ---D | M](C:\WINDOWS\System32\F?nts) -- C:\WINDOWS\System32\Fоnts
[2006/02/17 02:25:10 | 000,000,000 | ---D | C](C:\WINDOWS\System32\F?nts) -- C:\WINDOWS\System32\Fоnts
[2006/02/17 02:24:55 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\My Documents\s?mbols) -- C:\Documents and Settings\Owner\My Documents\sуmbols
[2006/02/17 02:24:55 | 000,000,000 | ---D | C](C:\Documents and Settings\Owner\My Documents\s?mbols) -- C:\Documents and Settings\Owner\My Documents\sуmbols
[2006/02/17 02:24:41 | 000,000,000 | ---D | M](C:\WINDOWS\System32\??crosoft.NET) -- C:\WINDOWS\System32\Міcrosoft.NET
[2006/02/17 02:24:41 | 000,000,000 | ---D | C](C:\WINDOWS\System32\??crosoft.NET) -- C:\WINDOWS\System32\Міcrosoft.NET
[2006/02/17 02:23:54 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\My Documents\??crosoft.NET) -- C:\Documents and Settings\Owner\My Documents\Міcrosoft.NET
[2006/02/17 02:23:54 | 000,000,000 | ---D | C](C:\Documents and Settings\Owner\My Documents\??crosoft.NET) -- C:\Documents and Settings\Owner\My Documents\Міcrosoft.NET
[2006/02/17 02:23:21 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\Application Data\s?curity) -- C:\Documents and Settings\Owner\Application Data\sеcurity
[2006/02/17 02:23:21 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\Application Data\s?curity) -- C:\Documents and Settings\Owner\Application Data\sеcurity
[2006/02/17 02:23:18 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\My Documents\?icrosoft) -- C:\Documents and Settings\Owner\My Documents\Μicrosoft
[2006/02/17 02:23:18 | 000,000,000 | ---D | C](C:\Documents and Settings\Owner\My Documents\?icrosoft) -- C:\Documents and Settings\Owner\My Documents\Μicrosoft
[2006/02/17 02:23:09 | 000,000,000 | ---D | M](C:\Program Files\Common Files\A?pPatch) -- C:\Program Files\Common Files\AрpPatch
[2006/02/17 02:23:09 | 000,000,000 | ---D | M](C:\Program Files\Common Files\A?pPatch) -- C:\Program Files\Common Files\AрpPatch
[2006/02/17 02:22:59 | 000,000,000 | ---D | M](C:\Program Files\F?nts) -- C:\Program Files\Fοnts
[2006/02/17 02:22:59 | 000,000,000 | ---D | M](C:\Program Files\F?nts) -- C:\Program Files\Fοnts
[2006/02/17 02:22:58 | 000,000,000 | ---D | M](C:\Program Files\Common Files\??mantec) -- C:\Program Files\Common Files\Ѕуmantec
[2006/02/17 02:22:58 | 000,000,000 | ---D | M](C:\Program Files\Common Files\??mantec) -- C:\Program Files\Common Files\Ѕуmantec
[2006/02/17 02:22:57 | 000,000,000 | ---D | M](C:\Program Files\M?crosoft.NET) -- C:\Program Files\Mіcrosoft.NET
[2006/02/17 02:22:57 | 000,000,000 | ---D | M](C:\Program Files\M?crosoft.NET) -- C:\Program Files\Mіcrosoft.NET
[2006/02/17 02:22:55 | 000,000,000 | ---D | M](C:\WINDOWS\System32\?ymbols) -- C:\WINDOWS\System32\ѕymbols
[2006/02/17 02:22:55 | 000,000,000 | ---D | C](C:\WINDOWS\System32\?ymbols) -- C:\WINDOWS\System32\ѕymbols
[2006/02/17 02:22:47 | 000,000,000 | ---D | M](C:\Program Files\M?crosoft) -- C:\Program Files\Mіcrosoft
[2006/02/17 02:22:47 | 000,000,000 | ---D | M](C:\Program Files\M?crosoft) -- C:\Program Files\Mіcrosoft
[2006/02/17 02:22:38 | 000,000,000 | ---D | M](C:\WINDOWS\??sembly) -- C:\WINDOWS\аѕsembly
[2006/02/17 02:22:38 | 000,000,000 | ---D | C](C:\WINDOWS\??sembly) -- C:\WINDOWS\аѕsembly
[2006/02/17 02:22:33 | 000,000,000 | ---D | M](C:\WINDOWS\F?nts) -- C:\WINDOWS\Fоnts
[2006/02/17 02:22:33 | 000,000,000 | ---D | C](C:\WINDOWS\F?nts) -- C:\WINDOWS\Fоnts
[2006/02/17 02:22:22 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\Application Data\A?pPatch) -- C:\Documents and Settings\Owner\Application Data\AрpPatch
[2006/02/17 02:22:22 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\Application Data\A?pPatch) -- C:\Documents and Settings\Owner\Application Data\AрpPatch
[2006/02/17 02:22:20 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\My Documents\??curity) -- C:\Documents and Settings\Owner\My Documents\ѕеcurity
[2006/02/17 02:22:20 | 000,000,000 | ---D | C](C:\Documents and Settings\Owner\My Documents\??curity) -- C:\Documents and Settings\Owner\My Documents\ѕеcurity
[2006/02/17 02:22:10 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\My Documents\M?crosoft.NET) -- C:\Documents and Settings\Owner\My Documents\Mіcrosoft.NET
[2006/02/17 02:22:10 | 000,000,000 | ---D | C](C:\Documents and Settings\Owner\My Documents\M?crosoft.NET) -- C:\Documents and Settings\Owner\My Documents\Mіcrosoft.NET
[2006/02/17 02:22:09 | 000,000,000 | ---D | M](C:\Program Files\Common Files\?ystem32) -- C:\Program Files\Common Files\ѕystem32
[2006/02/17 02:22:09 | 000,000,000 | ---D | M](C:\Program Files\Common Files\?ystem32) -- C:\Program Files\Common Files\ѕystem32
[2006/02/17 02:22:07 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\Application Data\?asks) -- C:\Documents and Settings\Owner\Application Data\Τasks
[2006/02/17 02:22:07 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\Application Data\?asks) -- C:\Documents and Settings\Owner\Application Data\Τasks
[2006/02/17 02:22:01 | 000,000,000 | ---D | M](C:\WINDOWS\System32\??mbols) -- C:\WINDOWS\System32\ѕуmbols
[2006/02/17 02:22:01 | 000,000,000 | ---D | C](C:\WINDOWS\System32\??mbols) -- C:\WINDOWS\System32\ѕуmbols
[2006/02/17 02:22:00 | 000,000,000 | ---D | M](C:\WINDOWS\System32\M?crosoft) -- C:\WINDOWS\System32\Mіcrosoft
[2006/02/17 02:22:00 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\Application Data\M?crosoft) -- C:\Documents and Settings\Owner\Application Data\Mіcrosoft
[2006/02/17 02:22:00 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\Application Data\M?crosoft) -- C:\Documents and Settings\Owner\Application Data\Mіcrosoft
[2006/02/17 02:22:00 | 000,000,000 | ---D | C](C:\WINDOWS\System32\M?crosoft) -- C:\WINDOWS\System32\Mіcrosoft
[2006/02/17 02:21:50 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\Application Data\a?sembly) -- C:\Documents and Settings\Owner\Application Data\aѕsembly
[2006/02/17 02:21:50 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\Application Data\a?sembly) -- C:\Documents and Settings\Owner\Application Data\aѕsembly
[2006/02/17 02:21:42 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\My Documents\??sks) -- C:\Documents and Settings\Owner\My Documents\Таsks
[2006/02/17 02:21:42 | 000,000,000 | ---D | C](C:\Documents and Settings\Owner\My Documents\??sks) -- C:\Documents and Settings\Owner\My Documents\Таsks
[2006/02/17 02:21:18 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\My Documents\?icrosoft.NET) -- C:\Documents and Settings\Owner\My Documents\Мicrosoft.NET
[2006/02/17 02:21:18 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\Application Data\?icrosoft.NET) -- C:\Documents and Settings\Owner\Application Data\Мicrosoft.NET
[2006/02/17 02:21:18 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\Application Data\?icrosoft.NET) -- C:\Documents and Settings\Owner\Application Data\Мicrosoft.NET
[2006/02/17 02:21:18 | 000,000,000 | ---D | C](C:\Documents and Settings\Owner\My Documents\?icrosoft.NET) -- C:\Documents and Settings\Owner\My Documents\Мicrosoft.NET
[2006/02/17 02:21:13 | 000,000,000 | ---D | M](C:\Program Files\Common Files\??crosoft) -- C:\Program Files\Common Files\Μіcrosoft
[2006/02/17 02:21:13 | 000,000,000 | ---D | M](C:\Program Files\Common Files\??crosoft) -- C:\Program Files\Common Files\Μіcrosoft
[2006/02/17 02:21:05 | 000,000,000 | ---D | M](C:\WINDOWS\??stem) -- C:\WINDOWS\ѕуstem
[2006/02/17 02:21:05 | 000,000,000 | ---D | C](C:\WINDOWS\??stem) -- C:\WINDOWS\ѕуstem
[2006/02/17 02:20:54 | 000,000,000 | ---D | M](C:\WINDOWS\??crosoft.NET) -- C:\WINDOWS\Міcrosoft.NET
[2006/02/17 02:20:54 | 000,000,000 | ---D | C](C:\WINDOWS\??crosoft.NET) -- C:\WINDOWS\Міcrosoft.NET
[2006/02/17 02:20:53 | 000,000,000 | ---D | M](C:\WINDOWS\S?mantec) -- C:\WINDOWS\Sуmantec
[2006/02/17 02:20:53 | 000,000,000 | ---D | C](C:\WINDOWS\S?mantec) -- C:\WINDOWS\Sуmantec
[2006/02/17 02:20:52 | 000,000,000 | ---D | M](C:\WINDOWS\M?crosoft.NET) -- C:\WINDOWS\Mіcrosoft.NET
[2006/02/17 02:20:52 | 000,000,000 | ---D | C](C:\WINDOWS\M?crosoft.NET) -- C:\WINDOWS\Mіcrosoft.NET
[2006/02/17 02:20:50 | 000,000,000 | ---D | M](C:\Program Files\??curity) -- C:\Program Files\ѕеcurity
[2006/02/17 02:20:50 | 000,000,000 | ---D | M](C:\Program Files\??curity) -- C:\Program Files\ѕеcurity
[2006/02/17 02:20:48 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\My Documents\?racle) -- C:\Documents and Settings\Owner\My Documents\Оracle
[2006/02/17 02:20:48 | 000,000,000 | ---D | C](C:\Documents and Settings\Owner\My Documents\?racle) -- C:\Documents and Settings\Owner\My Documents\Оracle
[2006/02/17 02:20:47 | 000,000,000 | ---D | M](C:\WINDOWS\?icrosoft) -- C:\WINDOWS\Μicrosoft
[2006/02/17 02:20:47 | 000,000,000 | ---D | M](C:\Program Files\Common Files\?icrosoft) -- C:\Program Files\Common Files\Μicrosoft
[2006/02/17 02:20:47 | 000,000,000 | ---D | M](C:\Program Files\Common Files\?icrosoft) -- C:\Program Files\Common Files\Μicrosoft
[2006/02/17 02:20:47 | 000,000,000 | ---D | C](C:\WINDOWS\?icrosoft) -- C:\WINDOWS\Μicrosoft
[2006/02/17 02:20:45 | 000,000,000 | ---D | M](C:\Program Files\?ymbols) -- C:\Program Files\ѕymbols
[2006/02/17 02:20:45 | 000,000,000 | ---D | M](C:\Program Files\?ymbols) -- C:\Program Files\ѕymbols
[2006/02/17 02:20:40 | 000,000,000 | ---D | M](C:\Program Files\??stem) -- C:\Program Files\ѕуstem
[2006/02/17 02:20:40 | 000,000,000 | ---D | M](C:\Program Files\??stem) -- C:\Program Files\ѕуstem
[2006/02/17 02:20:35 | 000,000,000 | ---D | M](C:\WINDOWS\System32\?ystem) -- C:\WINDOWS\System32\ѕystem
[2006/02/17 02:20:35 | 000,000,000 | ---D | C](C:\WINDOWS\System32\?ystem) -- C:\WINDOWS\System32\ѕystem
[2006/02/17 02:20:34 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\My Documents\M?crosoft) -- C:\Documents and Settings\Owner\My Documents\Mіcrosoft
[2006/02/17 02:20:34 | 000,000,000 | ---D | C](C:\Documents and Settings\Owner\My Documents\M?crosoft) -- C:\Documents and Settings\Owner\My Documents\Mіcrosoft
[2006/02/17 02:20:20 | 000,000,000 | ---D | M](C:\Program Files\Common Files\?asks) -- C:\Program Files\Common Files\Тasks
[2006/02/17 02:20:20 | 000,000,000 | ---D | M](C:\Program Files\Common Files\?asks) -- C:\Program Files\Common Files\Тasks
[2006/02/17 02:20:17 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\My Documents\A?pPatch) -- C:\Documents and Settings\Owner\My Documents\AрpPatch
[2006/02/17 02:20:17 | 000,000,000 | ---D | C](C:\Documents and Settings\Owner\My Documents\A?pPatch) -- C:\Documents and Settings\Owner\My Documents\AрpPatch
[2006/02/17 02:20:16 | 000,000,000 | ---D | M](C:\WINDOWS\System32\??crosoft) -- C:\WINDOWS\System32\Μіcrosoft
[2006/02/17 02:20:16 | 000,000,000 | ---D | C](C:\WINDOWS\System32\??crosoft) -- C:\WINDOWS\System32\Μіcrosoft
[2006/02/17 02:20:16 | 000,000,000 | ---D | C](C:\Documents and Settings\Owner\My Documents\??crosoft) -- C:\Documents and Settings\Owner\My Documents\Μіcrosoft
[2006/02/17 02:20:10 | 000,000,000 | ---D | M](C:\Program Files\Common Files\?asks) -- C:\Program Files\Common Files\Τasks
[2006/02/17 02:20:10 | 000,000,000 | ---D | M](C:\Program Files\Common Files\?asks) -- C:\Program Files\Common Files\Τasks
[2006/02/17 02:20:08 | 000,000,000 | ---D | M](C:\Program Files\Common Files\?dobe) -- C:\Program Files\Common Files\Αdobe
[2006/02/17 02:20:08 | 000,000,000 | ---D | M](C:\Program Files\Common Files\?dobe) -- C:\Program Files\Common Files\Αdobe
[2006/02/17 02:20:05 | 000,000,000 | ---D | M](C:\WINDOWS\System32\?asks) -- C:\WINDOWS\System32\Тasks
[2006/02/17 02:20:05 | 000,000,000 | ---D | M](C:\WINDOWS\?asks) -- C:\WINDOWS\Тasks
[2006/02/17 02:20:05 | 000,000,000 | ---D | C](C:\WINDOWS\System32\?asks) -- C:\WINDOWS\System32\Тasks
[2006/02/17 02:20:05 | 000,000,000 | ---D | C](C:\WINDOWS\?asks) -- C:\WINDOWS\Тasks
[2006/02/17 02:20:00 | 000,000,000 | ---D | M](C:\Program Files\Common Files\?icrosoft.NET) -- C:\Program Files\Common Files\Мicrosoft.NET
[2006/02/17 02:20:00 | 000,000,000 | ---D | M](C:\Program Files\Common Files\?icrosoft.NET) -- C:\Program Files\Common Files\Мicrosoft.NET
[2006/02/17 02:19:59 | 000,000,000 | ---D | M](C:\Program Files\?asks) -- C:\Program Files\Тasks
[2006/02/17 02:19:59 | 000,000,000 | ---D | M](C:\Program Files\?asks) -- C:\Program Files\Тasks
[2006/02/17 02:19:55 | 000,000,000 | ---D | M](C:\WINDOWS\M?crosoft) -- C:\WINDOWS\Mіcrosoft
[2006/02/17 02:19:55 | 000,000,000 | ---D | C](C:\WINDOWS\M?crosoft) -- C:\WINDOWS\Mіcrosoft
[2006/02/17 02:19:53 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\My Documents\??mbols) -- C:\Documents and Settings\Owner\My Documents\ѕуmbols
[2006/02/17 02:19:53 | 000,000,000 | ---D | C](C:\Documents and Settings\Owner\My Documents\??mbols) -- C:\Documents and Settings\Owner\My Documents\ѕуmbols
[2006/02/17 02:19:51 | 000,000,000 | ---D | M](C:\Program Files\??pPatch) -- C:\Program Files\АрpPatch
[2006/02/17 02:19:51 | 000,000,000 | ---D | M](C:\Program Files\??pPatch) -- C:\Program Files\АрpPatch
[2006/02/17 02:19:50 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\Application Data\??crosoft) -- C:\Documents and Settings\Owner\Application Data\Міcrosoft
[2006/02/17 02:19:50 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\Application Data\??crosoft) -- C:\Documents and Settings\Owner\Application Data\Міcrosoft
[2006/02/17 02:19:45 | 000,000,000 | ---D | M](C:\Program Files\Common Files\s?stem32) -- C:\Program Files\Common Files\sуstem32
[2006/02/17 02:19:45 | 000,000,000 | ---D | M](C:\Program Files\Common Files\s?stem32) -- C:\Program Files\Common Files\sуstem32
[2006/02/17 02:19:44 | 000,000,000 | ---D | M](C:\WINDOWS\?dobe) -- C:\WINDOWS\Αdobe
[2006/02/17 02:19:44 | 000,000,000 | ---D | C](C:\WINDOWS\?dobe) -- C:\WINDOWS\Αdobe
[2006/02/17 02:19:43 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\My Documents\??stem32) -- C:\Documents and Settings\Owner\My Documents\ѕуstem32
[2006/02/17 02:19:43 | 000,000,000 | ---D | C](C:\Documents and Settings\Owner\My Documents\??stem32) -- C:\Documents and Settings\Owner\My Documents\ѕуstem32
[2006/02/17 02:19:40 | 000,000,000 | ---D | M](C:\Program Files\Common Files\S?mantec) -- C:\Program Files\Common Files\Sуmantec
[2006/02/17 02:19:40 | 000,000,000 | ---D | M](C:\Program Files\Common Files\S?mantec) -- C:\Program Files\Common Files\Sуmantec
[2006/02/17 02:19:39 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\Application Data\??crosoft.NET) -- C:\Documents and Settings\Owner\Application Data\Міcrosoft.NET
[2006/02/17 02:19:39 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\Application Data\??crosoft.NET) -- C:\Documents and Settings\Owner\Application Data\Міcrosoft.NET
[2006/02/17 02:19:37 | 000,000,000 | ---D | M](C:\Program Files\Common Files\?ecurity) -- C:\Program Files\Common Files\ѕecurity
[2006/02/17 02:19:37 | 000,000,000 | ---D | M](C:\Program Files\Common Files\?ecurity) -- C:\Program Files\Common Files\ѕecurity
[2006/02/17 02:19:34 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\Application Data\?asks) -- C:\Documents and Settings\Owner\Application Data\Тasks
[2006/02/17 02:19:34 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\Application Data\?asks) -- C:\Documents and Settings\Owner\Application Data\Тasks
[2006/02/17 02:19:29 | 000,000,000 | ---D | M](C:\Program Files\??crosoft) -- C:\Program Files\Міcrosoft
[2006/02/17 02:19:29 | 000,000,000 | ---D | M](C:\Program Files\??crosoft) -- C:\Program Files\Міcrosoft
[2006/02/17 02:19:27 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\Application Data\??mbols) -- C:\Documents and Settings\Owner\Application Data\ѕуmbols
[2006/02/17 02:19:27 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\Application Data\??mbols) -- C:\Documents and Settings\Owner\Application Data\ѕуmbols
[2006/02/17 02:19:25 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\Application Data\?ppPatch) -- C:\Documents and Settings\Owner\Application Data\АppPatch
[2006/02/17 02:19:25 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\Application Data\?ppPatch) -- C:\Documents and Settings\Owner\Application Data\АppPatch
[2006/02/17 02:19:24 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\My Documents\?ppPatch) -- C:\Documents and Settings\Owner\My Documents\АppPatch
[2006/02/17 02:19:24 | 000,000,000 | ---D | C](C:\Documents and Settings\Owner\My Documents\?ppPatch) -- C:\Documents and Settings\Owner\My Documents\АppPatch
[2006/02/17 02:19:23 | 000,000,000 | ---D | M](C:\WINDOWS\System32\??sks) -- C:\WINDOWS\System32\Τаsks
[2006/02/17 02:19:23 | 000,000,000 | ---D | C](C:\WINDOWS\System32\??sks) -- C:\WINDOWS\System32\Τаsks
[2006/02/17 02:19:22 | 000,000,000 | ---D | M](C:\Program Files\Common Files\?ystem) -- C:\Program Files\Common Files\ѕystem
[2006/02/17 02:19:22 | 000,000,000 | ---D | M](C:\Program Files\Common Files\?ystem) -- C:\Program Files\Common Files\ѕystem
[2006/02/17 02:19:20 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\My Documents\??pPatch) -- C:\Documents and Settings\Owner\My Documents\ΑрpPatch
[2006/02/17 02:19:20 | 000,000,000 | ---D | C](C:\Documents and Settings\Owner\My Documents\??pPatch) -- C:\Documents and Settings\Owner\My Documents\ΑрpPatch
[2006/02/17 02:19:19 | 000,000,000 | ---D | M](C:\WINDOWS\System32\?dobe) -- C:\WINDOWS\System32\Αdobe
[2006/02/17 02:19:19 | 000,000,000 | ---D | M](C:\Program Files\?dobe) -- C:\Program Files\Αdobe
[2006/02/17 02:19:19 | 000,000,000 | ---D | M](C:\Program Files\?dobe) -- C:\Program Files\Αdobe
[2006/02/17 02:19:19 | 000,000,000 | ---D | C](C:\WINDOWS\System32\?dobe) -- C:\WINDOWS\System32\Αdobe
[2006/02/17 02:19:18 | 000,000,000 | ---D | M](C:\WINDOWS\System32\?ppPatch) -- C:\WINDOWS\System32\ΑppPatch
[2006/02/17 02:19:18 | 000,000,000 | ---D | C](C:\WINDOWS\System32\?ppPatch) -- C:\WINDOWS\System32\ΑppPatch
[2006/02/17 02:19:16 | 000,000,000 | ---D | M](C:\WINDOWS\??curity) -- C:\WINDOWS\ѕеcurity
[2006/02/17 02:19:16 | 000,000,000 | ---D | C](C:\WINDOWS\??curity) -- C:\WINDOWS\ѕеcurity
[2006/02/17 02:19:15 | 000,000,000 | ---D | M](C:\Program Files\Common Files\a?sembly) -- C:\Program Files\Common Files\aѕsembly
[2006/02/17 02:19:15 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\My Documents\a?sembly) -- C:\Documents and Settings\Owner\My Documents\aѕsembly
[2006/02/17 02:19:15 | 000,000,000 | ---D | M](C:\Program Files\Common Files\a?sembly) -- C:\Program Files\Common Files\aѕsembly
[2006/02/17 02:19:15 | 000,000,000 | ---D | C](C:\Documents and Settings\Owner\My Documents\a?sembly) -- C:\Documents and Settings\Owner\My Documents\aѕsembly
[2006/02/17 02:19:10 | 000,000,000 | ---D | M](C:\Program Files\?ystem32) -- C:\Program Files\ѕystem32
[2006/02/17 02:19:10 | 000,000,000 | ---D | M](C:\Program Files\?ystem32) -- C:\Program Files\ѕystem32
[2006/02/17 02:19:08 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\My Documents\??crosoft\??crosoft.NET) -- C:\Documents and Settings\Owner\My Documents\Μіcrosoft\Μіcrosoft.NET
[2006/02/17 02:19:07 | 000,000,000 | ---D | M](C:\Program Files\??sks) -- C:\Program Files\Τаsks
[2006/02/17 02:19:07 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\My Documents\??sks) -- C:\Documents and Settings\Owner\My Documents\Τаsks
[2006/02/17 02:19:07 | 000,000,000 | ---D | M](C:\Program Files\??sks) -- C:\Program Files\Τаsks
[2006/02/17 02:19:07 | 000,000,000 | ---D | C](C:\Documents and Settings\Owner\My Documents\??sks) -- C:\Documents and Settings\Owner\My Documents\Τаsks
[2006/02/17 02:19:05 | 000,000,000 | ---D | M](C:\WINDOWS\System32\?ssembly) -- C:\WINDOWS\System32\аssembly
[2006/02/17 02:19:05 | 000,000,000 | ---D | C](C:\WINDOWS\System32\?ssembly) -- C:\WINDOWS\System32\аssembly
[2006/02/17 02:19:04 | 000,000,000 | ---D | M](C:\WINDOWS\?racle) -- C:\WINDOWS\Оracle
[2006/02/17 02:19:04 | 000,000,000 | ---D | C](C:\WINDOWS\?racle) -- C:\WINDOWS\Оracle
[2006/02/17 02:19:03 | 000,000,000 | ---D | M](C:\WINDOWS\??crosoft) -- C:\WINDOWS\Міcrosoft
[2006/02/17 02:19:03 | 000,000,000 | ---D | C](C:\WINDOWS\??crosoft) -- C:\WINDOWS\Міcrosoft
[2006/02/17 02:19:01 | 000,000,000 | ---D | M](C:\WINDOWS\A?pPatch) -- C:\WINDOWS\AрpPatch
[2006/02/17 02:19:01 | 000,000,000 | ---D | M](C:\Program Files\A?pPatch) -- C:\Program Files\AрpPatch
[2006/02/17 02:19:01 | 000,000,000 | ---D | M](C:\Program Files\A?pPatch) -- C:\Program Files\AрpPatch
[2006/02/17 02:19:01 | 000,000,000 | ---D | C](C:\WINDOWS\A?pPatch) -- C:\WINDOWS\AрpPatch
[2006/02/17 02:18:59 | 000,000,000 | ---D | M](C:\Program Files\Common Files\?ppPatch) -- C:\Program Files\Common Files\ΑppPatch
[2006/02/17 02:18:59 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\Application Data\?ppPatch) -- C:\Documents and Settings\Owner\Application Data\ΑppPatch
[2006/02/17 02:18:59 | 000,000,000 | ---D | M](C:\Program Files\Common Files\?ppPatch) -- C:\Program Files\Common Files\ΑppPatch
[2006/02/17 02:18:59 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\Application Data\?ppPatch) -- C:\Documents and Settings\Owner\Application Data\ΑppPatch
[2006/02/17 02:18:52 | 000,000,000 | ---D | M](C:\Program Files\T?sks) -- C:\Program Files\Tаsks
[2006/02/17 02:18:52 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\Application Data\T?sks) -- C:\Documents and Settings\Owner\Application Data\Tаsks
[2006/02/17 02:18:52 | 000,000,000 | ---D | M](C:\Program Files\T?sks) -- C:\Program Files\Tаsks
[2006/02/17 02:18:52 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\Application Data\T?sks) -- C:\Documents and Settings\Owner\Application Data\Tаsks
[2006/02/17 02:18:51 | 000,000,000 | ---D | M](C:\WINDOWS\?ppPatch) -- C:\WINDOWS\АppPatch
[2006/02/17 02:18:51 | 000,000,000 | ---D | M](C:\Program Files\?ppPatch) -- C:\Program Files\АppPatch
[2006/02/17 02:18:51 | 000,000,000 | ---D | M](C:\Program Files\?ppPatch) -- C:\Program Files\АppPatch
[2006/02/17 02:18:51 | 000,000,000 | ---D | C](C:\WINDOWS\?ppPatch) -- C:\WINDOWS\АppPatch
[2006/02/17 02:18:49 | 000,000,000 | ---D | M](C:\Program Files\Common Files\?ssembly) -- C:\Program Files\Common Files\аssembly
[2006/02/17 02:18:49 | 000,000,000 | ---D | M](C:\Program Files\Common Files\?ssembly) -- C:\Program Files\Common Files\аssembly
[2006/02/17 02:18:48 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\Application Data\?ymantec) -- C:\Documents and Settings\Owner\Application Data\Ѕymantec
[2006/02/17 02:18:48 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\Application Data\?ymantec) -- C:\Documents and Settings\Owner\Application Data\Ѕymantec
[2006/02/17 02:18:45 | 000,000,000 | ---D | M](C:\WINDOWS\s?curity) -- C:\WINDOWS\sеcurity
[2006/02/17 02:18:45 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\My Documents\s?curity) -- C:\Documents and Settings\Owner\My Documents\sеcurity
[2006/02/17 02:18:45 | 000,000,000 | ---D | C](C:\WINDOWS\s?curity) -- C:\WINDOWS\sеcurity
[2006/02/17 02:18:45 | 000,000,000 | ---D | C](C:\Documents and Settings\Owner\My Documents\s?curity) -- C:\Documents and Settings\Owner\My Documents\sеcurity
[2006/02/17 02:18:42 | 000,000,000 | ---D | M](C:\Program Files\Common Files\??crosoft.NET) -- C:\Program Files\Common Files\Міcrosoft.NET
[2006/02/17 02:18:42 | 000,000,000 | ---D | M](C:\Program Files\??crosoft.NET) -- C:\Program Files\Міcrosoft.NET
[2006/02/17 02:18:42 | 000,000,000 | ---D | M](C:\Program Files\Common Files\??crosoft.NET) -- C:\Program Files\Common Files\Міcrosoft.NET
[2006/02/17 02:18:42 | 000,000,000 | ---D | M](C:\Program Files\??crosoft.NET) -- C:\Program Files\Міcrosoft.NET
[2006/02/17 02:18:40 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\Application Data\s?mbols) -- C:\Documents and Settings\Owner\Application Data\sуmbols
[2006/02/17 02:18:40 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\Application Data\s?mbols) -- C:\Documents and Settings\Owner\Application Data\sуmbols
[2006/02/17 02:18:39 | 000,000,000 | ---D | M](C:\Program Files\Common Files\??sks) -- C:\Program Files\Common Files\Τаsks
[2006/02/17 02:18:39 | 000,000,000 | ---D | M](C:\Program Files\Common Files\??sks) -- C:\Program Files\Common Files\Τаsks
[2006/02/17 02:18:33 | 000,000,000 | ---D | M](C:\WINDOWS\System32\??pPatch) -- C:\WINDOWS\System32\ΑрpPatch
[2006/02/17 02:18:33 | 000,000,000 | ---D | C](C:\WINDOWS\System32\??pPatch) -- C:\WINDOWS\System32\ΑрpPatch
[2006/02/17 02:18:30 | 000,000,000 | ---D | M](C:\WINDOWS\System32\s?stem) -- C:\WINDOWS\System32\sуstem
[2006/02/17 02:18:30 | 000,000,000 | ---D | C](C:\WINDOWS\System32\s?stem) -- C:\WINDOWS\System32\sуstem
[2006/02/17 02:18:27 | 000,000,000 | ---D | M](C:\Program Files\?dobe) -- C:\Program Files\Аdobe
[2006/02/17 02:18:27 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\My Documents\?dobe) -- C:\Documents and Settings\Owner\My Documents\Аdobe
[2006/02/17 02:18:27 | 000,000,000 | ---D | M](C:\Program Files\?dobe) -- C:\Program Files\Аdobe
[2006/02/17 02:18:27 | 000,000,000 | ---D | C](C:\Documents and Settings\Owner\My Documents\?dobe) -- C:\Documents and Settings\Owner\My Documents\Аdobe
[2006/02/17 02:18:26 | 000,000,000 | ---D | M](C:\WINDOWS\?ymantec) -- C:\WINDOWS\Ѕymantec
[2006/02/17 02:18:26 | 000,000,000 | ---D | C](C:\WINDOWS\?ymantec) -- C:\WINDOWS\Ѕymantec
[2006/02/17 02:18:24 | 000,000,000 | ---D | M](C:\WINDOWS\?ecurity) -- C:\WINDOWS\ѕecurity
[2006/02/17 02:18:24 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\Application Data\?ecurity) -- C:\Documents and Settings\Owner\Application Data\ѕecurity
[2006/02/17 02:18:24 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\Application Data\?ecurity) -- C:\Documents and Settings\Owner\Application Data\ѕecurity
[2006/02/17 02:18:24 | 000,000,000 | ---D | C](C:\WINDOWS\?ecurity) -- C:\WINDOWS\ѕecurity
[2006/02/17 02:18:22 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\Application Data\??sks) -- C:\Documents and Settings\Owner\Application Data\Τаsks
[2006/02/17 02:18:22 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\Application Data\??sks) -- C:\Documents and Settings\Owner\Application Data\Τаsks
[2006/02/17 02:18:22 | 000,000,000 | ---D | C](C:\WINDOWS\??sks) -- C:\WINDOWS\Τаsks
[2006/02/17 02:18:19 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\Application Data\??curity) -- C:\Documents and Settings\Owner\Application Data\ѕеcurity
[2006/02/17 02:18:19 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\Application Data\??curity) -- C:\Documents and Settings\Owner\Application Data\ѕеcurity
[2006/02/17 02:18:18 | 000,000,000 | ---D | M](C:\Program Files\F?nts) -- C:\Program Files\Fоnts
[2006/02/17 02:18:18 | 000,000,000 | ---D | M](C:\Program Files\F?nts) -- C:\Program Files\Fоnts
[2006/02/17 02:18:17 | 000,000,000 | ---D | M](C:\WINDOWS\System32\?racle) -- C:\WINDOWS\System32\Оracle
[2006/02/17 02:18:17 | 000,000,000 | ---D | M](C:\Program Files\?racle) -- C:\Program Files\Оracle
[2006/02/17 02:18:17 | 000,000,000 | ---D | M](C:\Program Files\?racle) -- C:\Program Files\Оracle
[2006/02/17 02:18:17 | 000,000,000 | ---D | C](C:\WINDOWS\System32\?racle) -- C:\WINDOWS\System32\Оracle
[2006/02/17 02:18:16 | 000,000,000 | ---D | M](C:\WINDOWS\System32\?icrosoft.NET) -- C:\WINDOWS\System32\Мicrosoft.NET
[2006/02/17 02:18:16 | 000,000,000 | ---D | M](C:\WINDOWS\?icrosoft.NET) -- C:\WINDOWS\Мicrosoft.NET
[2006/02/17 02:18:16 | 000,000,000 | ---D | C](C:\WINDOWS\System32\?icrosoft.NET) -- C:\WINDOWS\System32\Мicrosoft.NET
[2006/02/17 02:18:16 | 000,000,000 | ---D | C](C:\WINDOWS\?icrosoft.NET) -- C:\WINDOWS\Мicrosoft.NET
[2006/02/17 02:18:15 | 000,000,000 | ---D | M](C:\WINDOWS\a?sembly) -- C:\WINDOWS\aѕsembly
[2006/02/17 02:18:15 | 000,000,000 | ---D | C](C:\WINDOWS\a?sembly) -- C:\WINDOWS\aѕsembly
[2006/02/17 02:18:13 | 000,000,000 | ---D | M](C:\Program Files\Common Files\??sks) -- C:\Program Files\Common Files\Таsks
[2006/02/17 02:18:13 | 000,000,000 | ---D | M](C:\Program Files\??sks) -- C:\Program Files\Таsks
[2006/02/17 02:18:13 | 000,000,000 | ---D | M](C:\Program Files\Common Files\??sks) -- C:\Program Files\Common Files\Таsks
[2006/02/17 02:18:13 | 000,000,000 | ---D | M](C:\Program Files\??sks) -- C:\Program Files\Таsks
[2006/02/17 02:18:12 | 000,000,000 | ---D | M](C:\Program Files\Common Files\??mbols) -- C:\Program Files\Common Files\ѕуmbols
[2006/02/17 02:18:12 | 000,000,000 | ---D | M](C:\Program Files\Common Files\??mbols) -- C:\Program Files\Common Files\ѕуmbols
[2006/02/17 02:18:11 | 000,000,000 | ---D | M](C:\Program Files\?icrosoft) -- C:\Program Files\Μicrosoft
[2006/02/17 02:18:11 | 000,000,000 | ---D | M](C:\Program Files\?icrosoft) -- C:\Program Files\Μicrosoft
[2006/02/17 02:18:09 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\Application Data\??stem) -- C:\Documents and Settings\Owner\Application Data\ѕуstem
[2006/02/17 02:18:09 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\Application Data\??stem) -- C:\Documents and Settings\Owner\Application Data\ѕуstem
[2006/02/17 02:18:08 | 000,000,000 | ---D | M](C:\Program Files\??mbols) -- C:\Program Files\ѕуmbols
[2006/02/17 02:18:08 | 000,000,000 | ---D | M](C:\Program Files\??mbols) -- C:\Program Files\ѕуmbols
[2006/02/17 02:18:06 | 000,000,000 | ---D | M](C:\WINDOWS\System32\?dobe) -- C:\WINDOWS\System32\Аdobe
[2006/02/17 02:18:06 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\Application Data\?dobe) -- C:\Documents and Settings\Owner\Application Data\Аdobe
[2006/02/17 02:18:06 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\Application Data\?dobe) -- C:\Documents and Settings\Owner\Application Data\Аdobe
[2006/02/17 02:18:06 | 000,000,000 | ---D | C](C:\WINDOWS\System32\?dobe) -- C:\WINDOWS\System32\Аdobe
[2006/02/17 02:18:05 | 000,000,000 | ---D | M](C:\Program Files\?ssembly) -- C:\Program Files\аssembly
[2006/02/17 02:18:05 | 000,000,000 | ---D | M](C:\Program Files\?ssembly) -- C:\Program Files\аssembly
[2006/02/17 02:18:00 | 000,000,000 | ---D | M](C:\WINDOWS\??pPatch) -- C:\WINDOWS\ΑрpPatch
[2006/02/17 02:18:00 | 000,000,000 | ---D | M](C:\Program Files\??pPatch) -- C:\Program Files\ΑрpPatch
[2006/02/17 02:18:00 | 000,000,000 | ---D | M](C:\Program Files\??pPatch) -- C:\Program Files\ΑрpPatch
[2006/02/17 02:18:00 | 000,000,000 | ---D | C](C:\WINDOWS\??pPatch) -- C:\WINDOWS\ΑрpPatch
[2006/02/17 02:17:58 | 000,000,000 | ---D | M](C:\Program Files\Common Files\??curity) -- C:\Program Files\Common Files\ѕеcurity
[2006/02/17 02:17:58 | 000,000,000 | ---D | M](C:\Program Files\Common Files\??curity) -- C:\Program Files\Common Files\ѕеcurity
[2006/02/17 02:17:57 | 000,000,000 | ---D | M](C:\WINDOWS\System32\a?sembly) -- C:\WINDOWS\System32\aѕsembly
[2006/02/17 02:17:57 | 000,000,000 | ---D | M](C:\Program Files\a?sembly) -- C:\Program Files\aѕsembly
[2006/02/17 02:17:57 | 000,000,000 | ---D | M](C:\Program Files\a?sembly) -- C:\Program Files\aѕsembly
[2006/02/17 02:17:57 | 000,000,000 | ---D | C](C:\WINDOWS\System32\a?sembly) -- C:\WINDOWS\System32\aѕsembly
[2006/02/17 02:17:55 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\Application Data\M?crosoft.NET) -- C:\Documents and Settings\Owner\Application Data\Mіcrosoft.NET
[2006/02/17 02:17:55 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\Application Data\M?crosoft.NET) -- C:\Documents and Settings\Owner\Application Data\Mіcrosoft.NET
[2006/02/17 02:17:54 | 000,000,000 | ---D | M](C:\WINDOWS\System32\??sks) -- C:\WINDOWS\System32\Таsks
[2006/02/17 02:17:54 | 000,000,000 | ---D | C](C:\WINDOWS\System32\??sks) -- C:\WINDOWS\System32\Таsks
[2006/02/17 02:17:52 | 000,000,000 | ---D | M](C:\WINDOWS\s?stem32) -- C:\WINDOWS\sуstem32
[2006/02/17 02:17:52 | 000,000,000 | ---D | C](C:\WINDOWS\s?stem32) -- C:\WINDOWS\sуstem32
[2006/02/17 02:17:51 | 000,000,000 | ---D | M](C:\WINDOWS\?racle) -- C:\WINDOWS\Οracle
[2006/02/17 02:17:51 | 000,000,000 | ---D | C](C:\WINDOWS\?racle) -- C:\WINDOWS\Οracle
[2006/02/17 02:17:48 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\My Documents\?ymbols) -- C:\Documents and Settings\Owner\My Documents\ѕymbols
[2006/02/17 02:17:48 | 000,000,000 | ---D | C](C:\Documents and Settings\Owner\My Documents\?ymbols) -- C:\Documents and Settings\Owner\My Documents\ѕymbols
[2006/02/17 02:17:47 | 000,000,000 | ---D | M](C:\WINDOWS\T?sks) -- C:\WINDOWS\Tаsks
[2006/02/17 02:17:47 | 000,000,000 | ---D | M](C:\Program Files\Common Files\T?sks) -- C:\Program Files\Common Files\Tаsks
[2006/02/17 02:17:47 | 000,000,000 | ---D | M](C:\Program Files\Common Files\T?sks) -- C:\Program Files\Common Files\Tаsks
[2006/02/17 02:17:47 | 000,000,000 | ---D | C](C:\WINDOWS\T?sks) -- C:\WINDOWS\Tаsks
[2006/02/17 02:17:46 | 000,000,000 | ---D | M](C:\WINDOWS\??pPatch) -- C:\WINDOWS\АрpPatch
[2006/02/17 02:17:46 | 000,000,000 | ---D | C](C:\WINDOWS\??pPatch) -- C:\WINDOWS\АрpPatch
[2006/02/17 02:17:45 | 000,000,000 | ---D | M](C:\WINDOWS\System32\??crosoft) -- C:\WINDOWS\System32\Міcrosoft
[2006/02/17 02:17:45 | 000,000,000 | ---D | C](C:\WINDOWS\System32\??crosoft) -- C:\WINDOWS\System32\Міcrosoft
[2006/02/17 02:17:44 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\Application Data\W?nSxS) -- C:\Documents and Settings\Owner\Application Data\WіnSxS
[2006/02/17 02:17:44 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\Application Data\W?nSxS) -- C:\Documents and Settings\Owner\Application Data\WіnSxS
[2006/02/17 02:17:42 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\My Documents\?dobe) -- C:\Documents and Settings\Owner\My Documents\Αdobe
[2006/02/17 02:17:42 | 000,000,000 | ---D | C](C:\Documents and Settings\Owner\My Documents\?dobe) -- C:\Documents and Settings\Owner\My Documents\Αdobe
[2006/02/17 02:17:40 | 000,000,000 | ---D | M](C:\WINDOWS\?ystem) -- C:\WINDOWS\ѕystem
[2006/02/17 02:17:40 | 000,000,000 | ---D | M](C:\Program Files\?ystem) -- C:\Program Files\ѕystem
[2006/02/17 02:17:40 | 000,000,000 | ---D | M](C:\Program Files\?ystem) -- C:\Program Files\ѕystem
[2006/02/17 02:17:40 | 000,000,000 | ---D | C](C:\WINDOWS\?ystem) -- C:\WINDOWS\ѕystem
[2006/02/17 02:17:39 | 000,000,000 | ---D | M](C:\WINDOWS\s?stem) -- C:\WINDOWS\sуstem
[2006/02/17 02:17:39 | 000,000,000 | ---D | C](C:\WINDOWS\s?stem) -- C:\WINDOWS\sуstem
[2006/02/17 02:17:38 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\My Documents\?ystem) -- C:\Documents and Settings\Owner\My Documents\ѕystem
[2006/02/17 02:17:38 | 000,000,000 | ---D | C](C:\Documents and Settings\Owner\My Documents\?ystem) -- C:\Documents and Settings\Owner\My Documents\ѕystem
[2006/02/17 02:17:37 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\My Documents\W?nSxS) -- C:\Documents and Settings\Owner\My Documents\WіnSxS
[2006/02/17 02:17:37 | 000,000,000 | ---D | C](C:\Documents and Settings\Owner\My Documents\W?nSxS) -- C:\Documents and Settings\Owner\My Documents\WіnSxS
[2006/02/17 02:17:35 | 000,000,000 | ---D | M](C:\WINDOWS\??mantec) -- C:\WINDOWS\Ѕуmantec
[2006/02/17 02:17:35 | 000,000,000 | ---D | C](C:\WINDOWS\??mantec) -- C:\WINDOWS\Ѕуmantec
[2006/02/17 02:17:34 | 000,000,000 | ---D | M](C:\WINDOWS\System32\s?stem32) -- C:\WINDOWS\System32\sуstem32
[2006/02/17 02:17:34 | 000,000,000 | ---D | C](C:\WINDOWS\System32\s?stem32) -- C:\WINDOWS\System32\sуstem32
[2006/02/17 02:17:32 | 000,000,000 | ---D | M](C:\WINDOWS\System32\s?curity) -- C:\WINDOWS\System32\sеcurity
[2006/02/17 02:17:32 | 000,000,000 | ---D | M](C:\Program Files\s?curity) -- C:\Program Files\sеcurity
[2006/02/17 02:17:32 | 000,000,000 | ---D | M](C:\Program Files\s?curity) -- C:\Program Files\sеcurity
[2006/02/17 02:17:32 | 000,000,000 | ---D | C](C:\WINDOWS\System32\s?curity) -- C:\WINDOWS\System32\sеcurity
[2006/02/17 02:17:28 | 000,000,000 | ---D | M](C:\WINDOWS\?asks) -- C:\WINDOWS\Τasks
[2006/02/17 02:17:28 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\My Documents\?asks) -- C:\Documents and Settings\Owner\My Documents\Τasks
[2006/02/17 02:17:28 | 000,000,000 | ---D | C](C:\WINDOWS\?asks) -- C:\WINDOWS\Τasks
[2006/02/17 02:17:28 | 000,000,000 | ---D | C](C:\Documents and Settings\Owner\My Documents\?asks) -- C:\Documents and Settings\Owner\My Documents\Τasks
[2006/02/17 02:17:27 | 000,000,000 | ---D | M](C:\WINDOWS\?ssembly) -- C:\WINDOWS\аssembly
[2006/02/17 02:17:27 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\My Documents\?ssembly) -- C:\Documents and Settings\Owner\My Documents\аssembly
[2006/02/17 02:17:27 | 000,000,000 | ---D | C](C:\WINDOWS\?ssembly) -- C:\WINDOWS\аssembly
[2006/02/17 02:17:27 | 000,000,000 | ---D | C](C:\Documents and Settings\Owner\My Documents\?ssembly) -- C:\Documents and Settings\Owner\My Documents\аssembly
[2006/02/17 02:17:26 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\My Documents\F?nts) -- C:\Documents and Settings\Owner\My Documents\Fоnts
[2006/02/17 02:17:26 | 000,000,000 | ---D | C](C:\Documents and Settings\Owner\My Documents\F?nts) -- C:\Documents and Settings\Owner\My Documents\Fоnts
[2006/02/17 02:17:24 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\Application Data\?icrosoft) -- C:\Documents and Settings\Owner\Application Data\Мicrosoft
[2006/02/17 02:17:24 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\Application Data\?icrosoft) -- C:\Documents and Settings\Owner\Application Data\Мicrosoft
[2006/02/17 02:17:22 | 000,000,000 | ---D | M](C:\Program Files\Common Files\s?mbols) -- C:\Program Files\Common Files\sуmbols
[2006/02/17 02:17:22 | 000,000,000 | ---D | M](C:\Program Files\Common Files\s?mbols) -- C:\Program Files\Common Files\sуmbols
[2006/02/17 02:17:21 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\Application Data\F?nts) -- C:\Documents and Settings\Owner\Application Data\Fоnts
[2006/02/17 02:17:21 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\Application Data\F?nts) -- C:\Documents and Settings\Owner\Application Data\Fоnts
[2006/02/17 02:17:20 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\My Documents\??pPatch) -- C:\Documents and Settings\Owner\My Documents\АрpPatch
[2006/02/17 02:17:20 | 000,000,000 | ---D | C](C:\Documents and Settings\Owner\My Documents\??pPatch) -- C:\Documents and Settings\Owner\My Documents\АрpPatch
[2006/02/17 02:17:19 | 000,000,000 | ---D | M](C:\Program Files\Common Files\M?crosoft) -- C:\Program Files\Common Files\Mіcrosoft
[2006/02/17 02:17:19 | 000,000,000 | ---D | M](C:\Program Files\Common Files\M?crosoft) -- C:\Program Files\Common Files\Mіcrosoft
[2006/02/17 02:17:17 | 000,000,000 | ---D | M](C:\Program Files\Common Files\F?nts) -- C:\Program Files\Common Files\Fοnts
[2006/02/17 02:17:17 | 000,000,000 | ---D | M](C:\Program Files\Common Files\F?nts) -- C:\Program Files\Common Files\Fοnts
[2006/02/17 02:17:16 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\Application Data\S?mantec) -- C:\Documents and Settings\Owner\Application Data\Sуmantec
[2006/02/17 02:17:16 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\Application Data\S?mantec) -- C:\Documents and Settings\Owner\Application Data\Sуmantec
[2006/02/17 02:17:14 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\Application Data\?dobe) -- C:\Documents and Settings\Owner\Application Data\Αdobe
[2006/02/17 02:17:14 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\Application Data\?dobe) -- C:\Documents and Settings\Owner\Application Data\Αdobe
[2006/02/17 02:17:13 | 000,000,000 | ---D | M](C:\WINDOWS\?icrosoft) -- C:\WINDOWS\Мicrosoft
[2006/02/17 02:17:13 | 000,000,000 | ---D | C](C:\WINDOWS\?icrosoft) -- C:\WINDOWS\Мicrosoft
[2006/02/17 02:17:12 | 000,000,000 | ---D | M](C:\WINDOWS\System32\?ecurity) -- C:\WINDOWS\System32\ѕecurity
[2006/02/17 02:17:12 | 000,000,000 | ---D | M](C:\Program Files\?ecurity) -- C:\Program Files\ѕecurity
[2006/02/17 02:17:12 | 000,000,000 | ---D | M](C:\Program Files\?ecurity) -- C:\Program Files\ѕecurity
[2006/02/17 02:17:12 | 000,000,000 | ---D | C](C:\WINDOWS\System32\?ecurity) -- C:\WINDOWS\System32\ѕecurity
[2006/02/17 02:17:11 | 000,000,000 | ---D | M](C:\Program Files\s?stem32) -- C:\Program Files\sуstem32
[2006/02/17 02:17:11 | 000,000,000 | ---D | M](C:\Program Files\s?stem32) -- C:\Program Files\sуstem32
[2006/02/17 02:17:10 | 000,000,000 | ---D | M](C:\Program Files\Common Files\??sembly) -- C:\Program Files\Common Files\аѕsembly
[2006/02/17 02:17:10 | 000,000,000 | ---D | M](C:\Program Files\??sembly) -- C:\Program Files\аѕsembly
[2006/02/17 02:17:10 | 000,000,000 | ---D | M](C:\Program Files\Common Files\??sembly) -- C:\Program Files\Common Files\аѕsembly
[2006/02/17 02:17:10 | 000,000,000 | ---D | M](C:\Program Files\??sembly) -- C:\Program Files\аѕsembly
[2006/02/17 02:17:09 | 000,000,000 | ---D | M](C:\Program Files\??mantec) -- C:\Program Files\Ѕуmantec
[2006/02/17 02:17:09 | 000,000,000 | ---D | M](C:\Program Files\??mantec) -- C:\Program Files\Ѕуmantec
[2006/02/17 02:17:08 | 000,000,000 | ---D | M](C:\Program Files\Common Files\?racle) -- C:\Program Files\Common Files\Οracle
[2006/02/17 02:17:08 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\My Documents\?racle) -- C:\Documents and Settings\Owner\My Documents\Οracle
[2006/02/17 02:17:08 | 000,000,000 | ---D | M](C:\Program Files\Common Files\?racle) -- C:\Program Files\Common Files\Οracle
[2006/02/17 02:17:08 | 000,000,000 | ---D | C](C:\Documents and Settings\Owner\My Documents\?racle) -- C:\Documents and Settings\Owner\My Documents\Οracle
[2006/02/17 02:17:07 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\My Documents\s?stem32) -- C:\Documents and Settings\Owner\My Documents\sуstem32
[2006/02/17 02:17:07 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\Application Data\s?stem32) -- C:\Documents and Settings\Owner\Application Data\sуstem32
[2006/02/17 02:17:07 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\Application Data\s?stem32) -- C:\Documents and Settings\Owner\Application Data\sуstem32
[2006/02/17 02:17:07 | 000,000,000 | ---D | C](C:\Documents and Settings\Owner\My Documents\s?stem32) -- C:\Documents and Settings\Owner\My Documents\sуstem32
[2006/02/17 02:17:06 | 000,000,000 | ---D | M](C:\Program Files\Common Files\??pPatch) -- C:\Program Files\Common Files\АрpPatch
[2006/02/17 02:17:06 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\Application Data\??pPatch) -- C:\Documents and Settings\Owner\Application Data\АрpPatch
[2006/02/17 02:17:06 | 000,000,000 | ---D | M](C:\Program Files\Common Files\??pPatch) -- C:\Program Files\Common Files\АрpPatch
[2006/02/17 02:17:06 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\Application Data\??pPatch) -- C:\Documents and Settings\Owner\Application Data\АрpPatch
[2006/02/17 02:17:04 | 000,000,000 | ---D | M](C:\WINDOWS\System32\?ymantec) -- C:\WINDOWS\System32\Ѕymantec
[2006/02/17 02:17:04 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\My Documents\?ymantec) -- C:\Documents and Settings\Owner\My Documents\Ѕymantec
[2006/02/17 02:17:04 | 000,000,000 | ---D | C](C:\WINDOWS\System32\?ymantec) -- C:\WINDOWS\System32\Ѕymantec
[2006/02/17 02:17:04 | 000,000,000 | ---D | C](C:\Documents and Settings\Owner\My Documents\?ymantec) -- C:\Documents and Settings\Owner\My Documents\Ѕymantec
[2006/02/17 02:17:02 | 000,000,000 | ---D | M](C:\WINDOWS\System32\?asks) -- C:\WINDOWS\System32\Τasks
[2006/02/17 02:17:02 | 000,000,000 | ---D | M](C:\Program Files\?asks) -- C:\Program Files\Τasks
[2006/02/17 02:17:02 | 000,000,000 | ---D | M](C:\Program Files\?asks) -- C:\Program Files\Τasks
[2006/02/17 02:17:02 | 000,000,000 | ---D | C](C:\WINDOWS\System32\?asks) -- C:\WINDOWS\System32\Τasks
[2006/02/17 02:17:01 | 000,000,000 | ---D | M](C:\Program Files\s?stem) -- C:\Program Files\sуstem
[2006/02/17 02:17:01 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\My Documents\s?stem) -- C:\Documents and Settings\Owner\My Documents\sуstem
[2006/02/17 02:17:01 | 000,000,000 | ---D | M](C:\Program Files\s?stem) -- C:\Program Files\sуstem
[2006/02/17 02:17:01 | 000,000,000 | ---D | C](C:\Documents and Settings\Owner\My Documents\s?stem) -- C:\Documents and Settings\Owner\My Documents\sуstem
[2006/02/17 02:17:00 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\My Documents\?icrosoft.NET) -- C:\Documents and Settings\Owner\My Documents\Μicrosoft.NET
[2006/02/17 02:17:00 | 000,000,000 | ---D | C](C:\Documents and Settings\Owner\My Documents\?icrosoft.NET) -- C:\Documents and Settings\Owner\My Documents\Μicrosoft.NET
[2006/02/17 02:16:59 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\Application Data\?racle) -- C:\Documents and Settings\Owner\Application Data\Оracle
[2006/02/17 02:16:59 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\Application Data\?racle) -- C:\Documents and Settings\Owner\Application Data\Оracle
[2006/02/17 02:16:58 | 000,000,000 | ---D | M](C:\Program Files\Common Files\??crosoft) -- C:\Program Files\Common Files\Міcrosoft
[2006/02/17 02:16:58 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\My Documents\??crosoft) -- C:\Documents and Settings\Owner\My Documents\Міcrosoft
[2006/02/17 02:16:58 | 000,000,000 | ---D | M](C:\Program Files\Common Files\??crosoft) -- C:\Program Files\Common Files\Міcrosoft
[2006/02/17 02:16:58 | 000,000,000 | ---D | C](C:\Documents and Settings\Owner\My Documents\??crosoft) -- C:\Documents and Settings\Owner\My Documents\Міcrosoft
[2006/02/17 02:16:56 | 000,000,000 | ---D | M](C:\WINDOWS\s?mbols) -- C:\WINDOWS\sуmbols
[2006/02/17 02:16:56 | 000,000,000 | ---D | M](C:\Program Files\s?mbols) -- C:\Program Files\sуmbols
[2006/02/17 02:16:56 | 000,000,000 | ---D | M](C:\Program Files\s?mbols) -- C:\Program Files\sуmbols
[2006/02/17 02:16:56 | 000,000,000 | ---D | C](C:\WINDOWS\s?mbols) -- C:\WINDOWS\sуmbols
[2006/02/17 02:16:54 | 000,000,000 | ---D | M](C:\Program Files\?ppPatch) -- C:\Program Files\ΑppPatch
[2006/02/17 02:16:54 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\My Documents\?ppPatch) -- C:\Documents and Settings\Owner\My Documents\ΑppPatch
[2006/02/17 02:16:54 | 000,000,000 | ---D | M](C:\Program Files\?ppPatch) -- C:\Program Files\ΑppPatch
[2006/02/17 02:16:54 | 000,000,000 | ---D | C](C:\Documents and Settings\Owner\My Documents\?ppPatch) -- C:\Documents and Settings\Owner\My Documents\ΑppPatch
[2006/02/17 02:16:53 | 000,000,000 | ---D | M](C:\Program Files\?icrosoft) -- C:\Program Files\Мicrosoft
[2006/02/17 02:16:53 | 000,000,000 | ---D | M](C:\Program Files\?icrosoft) -- C:\Program Files\Мicrosoft
[2006/02/17 02:16:49 | 000,000,000 | ---D | M](C:\WINDOWS\System32\?ppPatch) -- C:\WINDOWS\System32\АppPatch
[2006/02/17 02:16:49 | 000,000,000 | ---D | M](C:\Program Files\Common Files\?ppPatch) -- C:\Program Files\Common Files\АppPatch
[2006/02/17 02:16:49 | 000,000,000 | ---D | M](C:\Program Files\Common Files\?ppPatch) -- C:\Program Files\Common Files\АppPatch
[2006/02/17 02:16:49 | 000,000,000 | ---D | C](C:\WINDOWS\System32\?ppPatch) -- C:\WINDOWS\System32\АppPatch
[2006/02/17 02:16:48 | 000,000,000 | ---D | M](C:\Program Files\Common Files\?dobe) -- C:\Program Files\Common Files\Аdobe
[2006/02/17 02:16:48 | 000,000,000 | ---D | M](C:\Program Files\Common Files\?dobe) -- C:\Program Files\Common Files\Аdobe
[2006/02/17 02:16:46 | 000,000,000 | ---D | M](C:\WINDOWS\??stem32) -- C:\WINDOWS\ѕуstem32
[2006/02/17 02:16:46 | 000,000,000 | ---D | M](C:\Program Files\Common Files\??stem32) -- C:\Program Files\Common Files\ѕуstem32
[2006/02/17 02:16:46 | 000,000,000 | ---D | M](C:\Program Files\Common Files\??stem32) -- C:\Program Files\Common Files\ѕуstem32
[2006/02/17 02:16:46 | 000,000,000 | ---D | C](C:\WINDOWS\??stem32) -- C:\WINDOWS\ѕуstem32
[2006/02/17 02:16:45 | 000,000,000 | ---D | M](C:\Program Files\Common Files\?racle) -- C:\Program Files\Common Files\Оracle
[2006/02/17 02:16:45 | 000,000,000 | ---D | M](C:\Program Files\Common Files\?racle) -- C:\Program Files\Common Files\Оracle
[2006/02/17 02:16:44 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\My Documents\??sembly) -- C:\Documents and Settings\Owner\My Documents\аѕsembly
[2006/02/17 02:16:44 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\Application Data\??sembly) -- C:\Documents and Settings\Owner\Application Data\аѕsembly
[2006/02/17 02:16:44 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\Application Data\??sembly) -- C:\Documents and Settings\Owner\Application Data\аѕsembly
[2006/02/17 02:16:44 | 000,000,000 | ---D | C](C:\Documents and Settings\Owner\My Documents\??sembly) -- C:\Documents and Settings\Owner\My Documents\аѕsembly
[2006/02/17 02:16:43 | 000,000,000 | ---D | M](C:\WINDOWS\System32\S?mantec) -- C:\WINDOWS\System32\Sуmantec
[2006/02/17 02:16:43 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\My Documents\S?mantec) -- C:\Documents and Settings\Owner\My Documents\Sуmantec
[2006/02/17 02:16:43 | 000,000,000 | ---D | C](C:\WINDOWS\System32\S?mantec) -- C:\WINDOWS\System32\Sуmantec
[2006/02/17 02:16:43 | 000,000,000 | ---D | C](C:\Documents and Settings\Owner\My Documents\S?mantec) -- C:\Documents and Settings\Owner\My Documents\Sуmantec
[2006/02/17 02:16:42 | 000,000,000 | ---D | M](C:\WINDOWS\System32\?icrosoft.NET) -- C:\WINDOWS\System32\Μicrosoft.NET
[2006/02/17 02:16:42 | 000,000,000 | ---D | M](C:\WINDOWS\?icrosoft.NET) -- C:\WINDOWS\Μicrosoft.NET
[2006/02/17 02:16:42 | 000,000,000 | ---D | C](C:\WINDOWS\System32\?icrosoft.NET) -- C:\WINDOWS\System32\Μicrosoft.NET
[2006/02/17 02:16:42 | 000,000,000 | ---D | C](C:\WINDOWS\?icrosoft.NET) -- C:\WINDOWS\Μicrosoft.NET
[2006/02/17 02:16:41 | 000,000,000 | ---D | M](C:\WINDOWS\?ystem32) -- C:\WINDOWS\ѕystem32
[2006/02/17 02:16:41 | 000,000,000 | ---D | C](C:\WINDOWS\?ystem32) -- C:\WINDOWS\ѕystem32
[2006/02/17 02:16:40 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\My Documents\?ecurity) -- C:\Documents and Settings\Owner\My Documents\ѕecurity
[2006/02/17 02:16:40 | 000,000,000 | ---D | C](C:\Documents and Settings\Owner\My Documents\?ecurity) -- C:\Documents and Settings\Owner\My Documents\ѕecurity
[2006/02/17 02:16:39 | 000,000,000 | ---D | M](C:\WINDOWS\F?nts) -- C:\WINDOWS\Fοnts
[2006/02/17 02:16:39 | 000,000,000 | ---D | C](C:\WINDOWS\F?nts) -- C:\WINDOWS\Fοnts
[2006/02/17 02:16:38 | 000,000,000 | ---D | M](C:\WINDOWS\System32\??mantec) -- C:\WINDOWS\System32\Ѕуmantec
[2006/02/17 02:16:38 | 000,000,000 | ---D | C](C:\WINDOWS\System32\??mantec) -- C:\WINDOWS\System32\Ѕуmantec
[2006/02/17 02:16:37 | 000,000,000 | ---D | M](C:\Program Files\?icrosoft.NET) -- C:\Program Files\Мicrosoft.NET
[2006/02/17 02:16:37 | 000,000,000 | ---D | M](C:\Program Files\?icrosoft.NET) -- C:\Program Files\Мicrosoft.NET
[2006/02/17 02:16:36 | 000,000,000 | ---D | M](C:\WINDOWS\??sks) -- C:\WINDOWS\Таsks
[2006/02/17 02:16:36 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\Application Data\??sks) -- C:\Documents and Settings\Owner\Application Data\Таsks
[2006/02/17 02:16:36 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\Application Data\??sks) -- C:\Documents and Settings\Owner\Application Data\Таsks
[2006/02/17 02:16:36 | 000,000,000 | ---D | C](C:\WINDOWS\??sks) -- C:\WINDOWS\Таsks
[2006/02/17 02:16:35 | 000,000,000 | ---D | M](C:\WINDOWS\??mbols) -- C:\WINDOWS\ѕуmbols
[2006/02/17 02:16:35 | 000,000,000 | ---D | C](C:\WINDOWS\??mbols) -- C:\WINDOWS\ѕуmbols
[2006/02/17 02:16:34 | 000,000,000 | ---D | M](C:\Program Files\Common Files\F?nts) -- C:\Program Files\Common Files\Fоnts
[2006/02/17 02:16:34 | 000,000,000 | ---D | M](C:\Program Files\Common Files\F?nts) -- C:\Program Files\Common Files\Fоnts
[2006/02/17 02:16:32 | 000,000,000 | ---D | M](C:\WINDOWS\??crosoft) -- C:\WINDOWS\Μіcrosoft
[2006/02/17 02:16:32 | 000,000,000 | ---D | M](C:\Program Files\??crosoft) -- C:\Program Files\Μіcrosoft
[2006/02/17 02:16:32 | 000,000,000 | ---D | M](C:\Program Files\??crosoft) -- C:\Program Files\Μіcrosoft
[2006/02/17 02:16:32 | 000,000,000 | ---D | C](C:\WINDOWS\??crosoft) -- C:\WINDOWS\Μіcrosoft
[2006/02/17 02:16:31 | 000,000,000 | ---D | M](C:\Program Files\??stem32) -- C:\Program Files\ѕуstem32
[2006/02/17 02:16:31 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\Application Data\??stem32) -- C:\Documents and Settings\Owner\Application Data\ѕуstem32
[2006/02/17 02:16:31 | 000,000,000 | ---D | M](C:\Program Files\??stem32) -- C:\Program Files\ѕуstem32
[2006/02/17 02:16:31 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\Application Data\??stem32) -- C:\Documents and Settings\Owner\Application Data\ѕуstem32
[2006/02/17 02:16:30 | 000,000,000 | ---D | M](C:\Program Files\Common Files\?ymbols) -- C:\Program Files\Common Files\ѕymbols
[2006/02/17 02:16:30 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\Application Data\?ymbols) -- C:\Documents and Settings\Owner\Application Data\ѕymbols
[2006/02/17 02:16:30 | 000,000,000 | ---D | M](C:\Program Files\Common Files\?ymbols) -- C:\Program Files\Common Files\ѕymbols
[2006/02/17 02:16:30 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\Application Data\?ymbols) -- C:\Documents and Settings\Owner\Application Data\ѕymbols
[2006/02/17 02:16:28 | 000,000,000 | ---D | M](C:\WINDOWS\?ppPatch) -- C:\WINDOWS\ΑppPatch
[2006/02/17 02:16:28 | 000,000,000 | ---D | C](C:\WINDOWS\?ppPatch) -- C:\WINDOWS\ΑppPatch
[2006/02/17 02:16:27 | 000,000,000 | ---D | M](C:\WINDOWS\?dobe) -- C:\WINDOWS\Аdobe
[2006/02/17 02:16:27 | 000,000,000 | ---D | C](C:\WINDOWS\?dobe) -- C:\WINDOWS\Аdobe
[2006/02/17 02:16:26 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\My Documents\?icrosoft) -- C:\Documents and Settings\Owner\My Documents\Мicrosoft
[2006/02/17 02:16:26 | 000,000,000 | ---D | C](C:\Documents and Settings\Owner\My Documents\?icrosoft) -- C:\Documents and Settings\Owner\My Documents\Мicrosoft
[2006/02/17 02:16:25 | 000,000,000 | ---D | M](C:\Program Files\Common Files\??stem) -- C:\Program Files\Common Files\ѕуstem
[2006/02/17 02:16:25 | 000,000,000 | ---D | M](C:\Program Files\Common Files\??stem) -- C:\Program Files\Common Files\ѕуstem
[2006/02/17 02:16:24 | 000,000,000 | ---D | M](C:\WINDOWS\System32\??stem) -- C:\WINDOWS\System32\ѕуstem
[2006/02/17 02:16:24 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\My Documents\??stem) -- C:\Documents and Settings\Owner\My Documents\ѕуstem
[2006/02/17 02:16:24 | 000,000,000 | ---D | C](C:\WINDOWS\System32\??stem) -- C:\WINDOWS\System32\ѕуstem
[2006/02/17 02:16:24 | 000,000,000 | ---D | C](C:\Documents and Settings\Owner\My Documents\??stem) -- C:\Documents and Settings\Owner\My Documents\ѕуstem
[2006/02/17 02:16:23 | 000,000,000 | ---D | M](C:\WINDOWS\System32\A?pPatch) -- C:\WINDOWS\System32\AрpPatch
[2006/02/17 02:16:23 | 000,000,000 | ---D | C](C:\WINDOWS\System32\A?pPatch) -- C:\WINDOWS\System32\AрpPatch
[2006/02/17 02:16:22 | 000,000,000 | ---D | M](C:\Program Files\Common Files\s?stem) -- C:\Program Files\Common Files\sуstem
[2006/02/17 02:16:22 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\Application Data\s?stem) -- C:\Documents and Settings\Owner\Application Data\sуstem
[2006/02/17 02:16:22 | 000,000,000 | ---D | M](C:\Program Files\Common Files\s?stem) -- C:\Program Files\Common Files\sуstem
[2006/02/17 02:16:22 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\Application Data\s?stem) -- C:\Documents and Settings\Owner\Application Data\sуstem
[2006/02/17 02:16:21 | 000,000,000 | ---D | M](C:\WINDOWS\System32\W?nSxS) -- C:\WINDOWS\System32\WіnSxS
[2006/02/17 02:16:21 | 000,000,000 | ---D | M](C:\Program Files\Common Files\W?nSxS) -- C:\Program Files\Common Files\WіnSxS
[2006/02/17 02:16:21 | 000,000,000 | ---D | M](C:\Program Files\Common Files\W?nSxS) -- C:\Program Files\Common Files\WіnSxS
[2006/02/17 02:16:21 | 000,000,000 | ---D | C](C:\WINDOWS\System32\W?nSxS) -- C:\WINDOWS\System32\WіnSxS
[2006/02/17 02:16:20 | 000,000,000 | ---D | M](C:\WINDOWS\System32\??stem32) -- C:\WINDOWS\System32\ѕуstem32
[2006/02/17 02:16:20 | 000,000,000 | ---D | C](C:\WINDOWS\System32\??stem32) -- C:\WINDOWS\System32\ѕуstem32
[2006/02/17 02:16:19 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\Application Data\?racle) -- C:\Documents and Settings\Owner\Application Data\Οracle
[2006/02/17 02:16:19 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\Application Data\?racle) -- C:\Documents and Settings\Owner\Application Data\Οracle
[2006/02/17 02:16:18 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\My Documents\??mantec) -- C:\Documents and Settings\Owner\My Documents\Ѕуmantec
[2006/02/17 02:16:18 | 000,000,000 | ---D | C](C:\Documents and Settings\Owner\My Documents\??mantec) -- C:\Documents and Settings\Owner\My Documents\Ѕуmantec
[2006/02/17 02:16:17 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\My Documents\F?nts) -- C:\Documents and Settings\Owner\My Documents\Fοnts
[2006/02/17 02:16:17 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\Application Data\F?nts) -- C:\Documents and Settings\Owner\Application Data\Fοnts
[2006/02/17 02:16:17 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\Application Data\F?nts) -- C:\Documents and Settings\Owner\Application Data\Fοnts
[2006/02/17 02:16:17 | 000,000,000 | ---D | C](C:\Documents and Settings\Owner\My Documents\F?nts) -- C:\Documents and Settings\Owner\My Documents\Fοnts
[2006/02/17 02:16:16 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\Application Data\?icrosoft.NET) -- C:\Documents and Settings\Owner\Application Data\Μicrosoft.NET
[2006/02/17 02:16:16 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\Application Data\?icrosoft.NET) -- C:\Documents and Settings\Owner\Application Data\Μicrosoft.NET
[2006/02/17 02:16:15 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\My Documents\?ystem32) -- C:\Documents and Settings\Owner\My Documents\ѕystem32
[2006/02/17 02:16:15 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\Application Data\?ystem32) -- C:\Documents and Settings\Owner\Application Data\ѕystem32
[2006/02/17 02:16:15 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\Application Data\?ystem32) -- C:\Documents and Settings\Owner\Application Data\ѕystem32
[2006/02/17 02:16:15 | 000,000,000 | ---D | C](C:\Documents and Settings\Owner\My Documents\?ystem32) -- C:\Documents and Settings\Owner\My Documents\ѕystem32
[2006/02/17 02:16:14 | 000,000,000 | ---D | M](C:\WINDOWS\System32\??crosoft.NET) -- C:\WINDOWS\System32\Μіcrosoft.NET
[2006/02/17 02:16:14 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\Application Data\??crosoft.NET) -- C:\Documents and Settings\Owner\Application Data\Μіcrosoft.NET
[2006/02/17 02:16:14 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\Application Data\??crosoft.NET) -- C:\Documents and Settings\Owner\Application Data\Μіcrosoft.NET
[2006/02/17 02:16:14 | 000,000,000 | ---D | C](C:\WINDOWS\System32\??crosoft.NET) -- C:\WINDOWS\System32\Μіcrosoft.NET
[2006/02/17 02:16:13 | 000,000,000 | ---D | M](C:\WINDOWS\System32\F?nts) -- C:\WINDOWS\System32\Fοnts
[2006/02/17 02:16:13 | 000,000,000 | ---D | C](C:\WINDOWS\System32\F?nts) -- C:\WINDOWS\System32\Fοnts
[2006/02/17 02:16:12 | 000,000,000 | ---D | M](C:\WINDOWS\System32\?icrosoft) -- C:\WINDOWS\System32\Мicrosoft
[2006/02/17 02:16:12 | 000,000,000 | ---D | M](C:\Program Files\Common Files\?icrosoft) -- C:\Program Files\Common Files\Мicrosoft
[2006/02/17 02:16:12 | 000,000,000 | ---D | M](C:\Program Files\Common Files\?icrosoft) -- C:\Program Files\Common Files\Мicrosoft
[2006/02/17 02:16:12 | 000,000,000 | ---D | C](C:\WINDOWS\System32\?icrosoft) -- C:\WINDOWS\System32\Мicrosoft
[2006/02/17 02:16:11 | 000,000,000 | ---D | M](C:\Program Files\Common Files\M?crosoft.NET) -- C:\Program Files\Common Files\Mіcrosoft.NET
[2006/02/17 02:16:11 | 000,000,000 | ---D | M](C:\Program Files\Common Files\M?crosoft.NET) -- C:\Program Files\Common Files\Mіcrosoft.NET
[2006/02/17 02:16:10 | 000,000,000 | ---D | M](C:\WINDOWS\System32\T?sks) -- C:\WINDOWS\System32\Tаsks
[2006/02/17 02:16:10 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\My Documents\T?sks) -- C:\Documents and Settings\Owner\My Documents\Tаsks
[2006/02/17 02:16:10 | 000,000,000 | ---D | C](C:\WINDOWS\System32\T?sks) -- C:\WINDOWS\System32\Tаsks
[2006/02/17 02:16:10 | 000,000,000 | ---D | C](C:\Documents and Settings\Owner\My Documents\T?sks) -- C:\Documents and Settings\Owner\My Documents\Tаsks
[2006/02/17 02:16:09 | 000,000,000 | ---D | M](C:\WINDOWS\System32\s?mbols) -- C:\WINDOWS\System32\sуmbols
[2006/02/17 02:16:09 | 000,000,000 | ---D | C](C:\WINDOWS\System32\s?mbols) -- C:\WINDOWS\System32\sуmbols
[2006/02/17 02:16:08 | 000,000,000 | ---D | M](C:\Program Files\Common Files\?ymantec) -- C:\Program Files\Common Files\Ѕymantec
[2006/02/17 02:16:08 | 000,000,000 | ---D | M](C:\Program Files\Common Files\?ymantec) -- C:\Program Files\Common Files\Ѕymantec
[2006/02/17 02:16:07 | 000,000,000 | ---D | M](C:\WINDOWS\System32\?racle) -- C:\WINDOWS\System32\Οracle
[2006/02/17 02:16:07 | 000,000,000 | ---D | M](C:\Program Files\?racle) -- C:\Program Files\Οracle
[2006/02/17 02:16:07 | 000,000,000 | ---D | M](C:\Program Files\?racle) -- C:\Program Files\Οracle
[2006/02/17 02:16:07 | 000,000,000 | ---D | C](C:\WINDOWS\System32\?racle) -- C:\WINDOWS\System32\Οracle
[2006/02/17 02:16:06 | 000,000,000 | ---D | M](C:\WINDOWS\System32\?icrosoft) -- C:\WINDOWS\System32\Μicrosoft
[2006/02/17 02:16:06 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\Application Data\?icrosoft) -- C:\Documents and Settings\Owner\Application Data\Μicrosoft
[2006/02/17 02:16:06 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\Application Data\?icrosoft) -- C:\Documents and Settings\Owner\Application Data\Μicrosoft
[2006/02/17 02:16:06 | 000,000,000 | ---D | C](C:\WINDOWS\System32\?icrosoft) -- C:\WINDOWS\System32\Μicrosoft
[2006/02/17 02:16:05 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\Application Data\??pPatch) -- C:\Documents and Settings\Owner\Application Data\ΑрpPatch
[2006/02/17 02:16:05 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\Application Data\??pPatch) -- C:\Documents and Settings\Owner\Application Data\ΑрpPatch
[2006/02/17 02:16:04 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\Application Data\??mantec) -- C:\Documents and Settings\Owner\Application Data\Ѕуmantec
[2006/02/17 02:16:04 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\Application Data\??mantec) -- C:\Documents and Settings\Owner\Application Data\Ѕуmantec
[2006/02/17 02:16:03 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\Application Data\?ssembly) -- C:\Documents and Settings\Owner\Application Data\аssembly
[2006/02/17 02:16:03 | 000,000,000 | ---D | M](C:\Documents and Settings\Owner\Application Data\?ssembly) -- C:\Documents and Settings\Owner\Application Data\аssembly
[2006/02/17 02:16:02 | 000,000,000 | ---D | M](C:\WINDOWS\W?nSxS) -- C:\WINDOWS\WіnSxS
[2006/02/17 02:16:02 | 000,000,000 | ---D | M](C:\Program Files\W?nSxS) -- C:\Program Files\WіnSxS
[2006/02/17 02:16:02 | 000,000,000 | ---D | M](C:\Program Files\W?nSxS) -- C:\Program Files\WіnSxS
[2006/02/17 02:16:02 | 000,000,000 | ---D | C](C:\WINDOWS\W?nSxS) -- C:\WINDOWS\WіnSxS
[2006/02/14 02:13:40 | 000,000,000 | ---D | M](C:\WINDOWS\System32\??pPatch) -- C:\WINDOWS\System32\АрpPatch
[2006/02/14 02:13:40 | 000,000,000 | ---D | C](C:\WINDOWS\System32\??pPatch) -- C:\WINDOWS\System32\АрpPatch
[2006/02/08 16:46:40 | 000,000,000 | ---D | M](C:\WINDOWS\System32\?ystem32) -- C:\WINDOWS\System32\ѕystem32
[2006/02/08 16:46:40 | 000,000,000 | ---D | C](C:\WINDOWS\System32\?ystem32) -- C:\WINDOWS\System32\ѕystem32
[2006/02/06 09:53:14 | 000,000,000 | ---D | M](C:\WINDOWS\System32\??curity) -- C:\WINDOWS\System32\ѕеcurity
[2006/02/06 09:53:14 | 000,000,000 | ---D | C](C:\WINDOWS\System32\??curity) -- C:\WINDOWS\System32\ѕеcurity
(C:\Program Files\W?nSxS) -- C:\Program Files\WіnSxS
(C:\Program Files\T?sks) -- C:\Program Files\Tаsks
(C:\Program Files\s?stem32) -- C:\Program Files\sуstem32
(C:\Program Files\s?stem) -- C:\Program Files\sуstem
(C:\Program Files\s?mbols) -- C:\Program Files\sуmbols
(C:\Program Files\S?mantec) -- C:\Program Files\Sуmantec
(C:\Program Files\s?curity) -- C:\Program Files\sеcurity
(C:\Program Files\M?crosoft.NET) -- C:\Program Files\Mіcrosoft.NET
(C:\Program Files\M?crosoft) -- C:\Program Files\Mіcrosoft
(C:\Program Files\F?nts) -- C:\Program Files\Fоnts
(C:\Program Files\F?nts) -- C:\Program Files\Fοnts
(C:\Program Files\Common Files\W?nSxS) -- C:\Program Files\Common Files\WіnSxS
(C:\Program Files\Common Files\T?sks) -- C:\Program Files\Common Files\Tаsks
(C:\Program Files\Common Files\s?stem32) -- C:\Program Files\Common Files\sуstem32
(C:\Program Files\Common Files\s?stem) -- C:\Program Files\Common Files\sуstem
(C:\Program Files\Common Files\s?mbols) -- C:\Program Files\Common Files\sуmbols
(C:\Program Files\Common Files\S?mantec) -- C:\Program Files\Common Files\Sуmantec
(C:\Program Files\Common Files\s?curity) -- C:\Program Files\Common Files\sеcurity
(C:\Program Files\Common Files\M?crosoft.NET) -- C:\Program Files\Common Files\Mіcrosoft.NET
(C:\Program Files\Common Files\M?crosoft) -- C:\Program Files\Common Files\Mіcrosoft
(C:\Program Files\Common Files\F?nts) -- C:\Program Files\Common Files\Fоnts
(C:\Program Files\Common Files\F?nts) -- C:\Program Files\Common Files\Fοnts
(C:\Program Files\Common Files\a?sembly) -- C:\Program Files\Common Files\aѕsembly
(C:\Program Files\Common Files\A?pPatch) -- C:\Program Files\Common Files\AрpPatch
(C:\Program Files\Common Files\?ystem32) -- C:\Program Files\Common Files\ѕystem32
(C:\Program Files\Common Files\?ystem) -- C:\Program Files\Common Files\ѕystem
(C:\Program Files\Common Files\?ymbols) -- C:\Program Files\Common Files\ѕymbols
(C:\Program Files\Common Files\?ymantec) -- C:\Program Files\Common Files\Ѕymantec
(C:\Program Files\Common Files\?ssembly) -- C:\Program Files\Common Files\аssembly
(C:\Program Files\Common Files\?racle) -- C:\Program Files\Common Files\Оracle
(C:\Program Files\Common Files\?racle) -- C:\Program Files\Common Files\Οracle
(C:\Program Files\Common Files\?ppPatch) -- C:\Program Files\Common Files\АppPatch
(C:\Program Files\Common Files\?ppPatch) -- C:\Program Files\Common Files\ΑppPatch
(C:\Program Files\Common Files\?icrosoft.NET) -- C:\Program Files\Common Files\Мicrosoft.NET
(C:\Program Files\Common Files\?icrosoft.NET) -- C:\Program Files\Common Files\Μicrosoft.NET
(C:\Program Files\Common Files\?icrosoft) -- C:\Program Files\Common Files\Мicrosoft
(C:\Program Files\Common Files\?icrosoft) -- C:\Program Files\Common Files\Μicrosoft
(C:\Program Files\Common Files\?ecurity) -- C:\Program Files\Common Files\ѕecurity
(C:\Program Files\Common Files\?dobe) -- C:\Program Files\Common Files\Аdobe
(C:\Program Files\Common Files\?dobe) -- C:\Program Files\Common Files\Αdobe
(C:\Program Files\Common Files\?asks) -- C:\Program Files\Common Files\Тasks
(C:\Program Files\Common Files\?asks) -- C:\Program Files\Common Files\Τasks
(C:\Program Files\Common Files\??stem32) -- C:\Program Files\Common Files\ѕуstem32
(C:\Program Files\Common Files\??stem) -- C:\Program Files\Common Files\ѕуstem
(C:\Program Files\Common Files\??sks) -- C:\Program Files\Common Files\Таsks
(C:\Program Files\Common Files\??sks) -- C:\Program Files\Common Files\Τаsks
(C:\Program Files\Common Files\??sembly) -- C:\Program Files\Common Files\аѕsembly
(C:\Program Files\Common Files\??pPatch) -- C:\Program Files\Common Files\АрpPatch
(C:\Program Files\Common Files\??pPatch) -- C:\Program Files\Common Files\ΑрpPatch
(C:\Program Files\Common Files\??mbols) -- C:\Program Files\Common Files\ѕуmbols
(C:\Program Files\Common Files\??mantec) -- C:\Program Files\Common Files\Ѕуmantec
(C:\Program Files\Common Files\??curity) -- C:\Program Files\Common Files\ѕеcurity
(C:\Program Files\Common Files\??crosoft.NET) -- C:\Program Files\Common Files\Міcrosoft.NET
(C:\Program Files\Common Files\??crosoft.NET) -- C:\Program Files\Common Files\Μіcrosoft.NET
(C:\Program Files\Common Files\??crosoft) -- C:\Program Files\Common Files\Міcrosoft
(C:\Program Files\Common Files\??crosoft) -- C:\Program Files\Common Files\Μіcrosoft
(C:\Program Files\a?sembly) -- C:\Program Files\aѕsembly
(C:\Program Files\A?pPatch) -- C:\Program Files\AрpPatch
(C:\Program Files\?ystem32) -- C:\Program Files\ѕystem32
(C:\Program Files\?ystem) -- C:\Program Files\ѕystem
(C:\Program Files\?ymbols) -- C:\Program Files\ѕymbols
(C:\Program Files\?ssembly) -- C:\Program Files\аssembly
(C:\Program Files\?racle) -- C:\Program Files\Оracle
(C:\Program Files\?racle) -- C:\Program Files\Οracle
(C:\Program Files\?ppPatch) -- C:\Program Files\АppPatch
(C:\Program Files\?ppPatch) -- C:\Program Files\ΑppPatch
(C:\Program Files\?icrosoft.NET) -- C:\Program Files\Мicrosoft.NET
(C:\Program Files\?icrosoft.NET) -- C:\Program Files\Μicrosoft.NET
(C:\Program Files\?icrosoft) -- C:\Program Files\Мicrosoft
(C:\Program Files\?icrosoft) -- C:\Program Files\Μicrosoft
(C:\Program Files\?ecurity) -- C:\Program Files\ѕecurity
(C:\Program Files\?dobe) -- C:\Program Files\Аdobe
(C:\Program Files\?dobe) -- C:\Program Files\Αdobe
(C:\Program Files\?asks) -- C:\Program Files\Тasks
(C:\Program Files\?asks) -- C:\Program Files\Τasks
(C:\Program Files\??stem32) -- C:\Program Files\ѕуstem32
(C:\Program Files\??stem) -- C:\Program Files\ѕуstem
(C:\Program Files\??sks) -- C:\Program Files\Таsks
(C:\Program Files\??sks) -- C:\Program Files\Τаsks
(C:\Program Files\??sembly) -- C:\Program Files\аѕsembly
(C:\Program Files\??pPatch) -- C:\Program Files\АрpPatch
(C:\Program Files\??pPatch) -- C:\Program Files\ΑрpPatch
(C:\Program Files\??mbols) -- C:\Program Files\ѕуmbols
(C:\Program Files\??mantec) -- C:\Program Files\Ѕуmantec
(C:\Program Files\??curity) -- C:\Program Files\ѕеcurity
(C:\Program Files\??crosoft.NET) -- C:\Program Files\Міcrosoft.NET
(C:\Program Files\??crosoft.NET) -- C:\Program Files\Μіcrosoft.NET
(C:\Program Files\??crosoft) -- C:\Program Files\Міcrosoft
(C:\Program Files\??crosoft) -- C:\Program Files\Μіcrosoft
(C:\Documents and Settings\Owner\Application Data\W?nSxS) -- C:\Documents and Settings\Owner\Application Data\WіnSxS
(C:\Documents and Settings\Owner\Application Data\T?sks) -- C:\Documents and Settings\Owner\Application Data\Tаsks
(C:\Documents and Settings\Owner\Application Data\s?stem32) -- C:\Documents and Settings\Owner\Application Data\sуstem32
(C:\Documents and Settings\Owner\Application Data\s?stem) -- C:\Documents and Settings\Owner\Application Data\sуstem
(C:\Documents and Settings\Owner\Application Data\s?mbols) -- C:\Documents and Settings\Owner\Application Data\sуmbols
(C:\Documents and Settings\Owner\Application Data\S?mantec) -- C:\Documents and Settings\Owner\Application Data\Sуmantec
(C:\Documents and Settings\Owner\Application Data\s?curity) -- C:\Documents and Settings\Owner\Application Data\sеcurity
(C:\Documents and Settings\Owner\Application Data\M?crosoft.NET) -- C:\Documents and Settings\Owner\Application Data\Mіcrosoft.NET
(C:\Documents and Settings\Owner\Application Data\M?crosoft) -- C:\Documents and Settings\Owner\Application Data\Mіcrosoft
(C:\Documents and Settings\Owner\Application Data\F?nts) -- C:\Documents and Settings\Owner\Application Data\Fоnts
(C:\Documents and Settings\Owner\Application Data\F?nts) -- C:\Documents and Settings\Owner\Application Data\Fοnts
(C:\Documents and Settings\Owner\Application Data\a?sembly) -- C:\Documents and Settings\Owner\Application Data\aѕsembly
(C:\Documents and Settings\Owner\Application Data\A?pPatch) -- C:\Documents and Settings\Owner\Application Data\AрpPatch
(C:\Documents and Settings\Owner\Application Data\?ystem32) -- C:\Documents and Settings\Owner\Application Data\ѕystem32
(C:\Documents and Settings\Owner\Application Data\?ystem) -- C:\Documents and Settings\Owner\Application Data\ѕystem
(C:\Documents and Settings\Owner\Application Data\?ymbols) -- C:\Documents and Settings\Owner\Application Data\ѕymbols
(C:\Documents and Settings\Owner\Application Data\?ymantec) -- C:\Documents and Settings\Owner\Application Data\Ѕymantec
(C:\Documents and Settings\Owner\Application Data\?ssembly) -- C:\Documents and Settings\Owner\Application Data\аssembly
(C:\Documents and Settings\Owner\Application Data\?racle) -- C:\Documents and Settings\Owner\Application Data\Оracle
(C:\Documents and Settings\Owner\Application Data\?racle) -- C:\Documents and Settings\Owner\Application Data\Οracle
(C:\Documents and Settings\Owner\Application Data\?ppPatch) -- C:\Documents and Settings\Owner\Application Data\АppPatch
(C:\Documents and Settings\Owner\Application Data\?ppPatch) -- C:\Documents and Settings\Owner\Application Data\ΑppPatch
(C:\Documents and Settings\Owner\Application Data\?icrosoft.NET) -- C:\Documents and Settings\Owner\Application Data\Мicrosoft.NET
(C:\Documents and Settings\Owner\Application Data\?icrosoft.NET) -- C:\Documents and Settings\Owner\Application Data\Μicrosoft.NET
(C:\Documents and Settings\Owner\Application Data\?icrosoft) -- C:\Documents and Settings\Owner\Application Data\Мicrosoft
(C:\Documents and Settings\Owner\Application Data\?icrosoft) -- C:\Documents and Settings\Owner\Application Data\Μicrosoft
(C:\Documents and Settings\Owner\Application Data\?ecurity) -- C:\Documents and Settings\Owner\Application Data\ѕecurity
(C:\Documents and Settings\Owner\Application Data\?dobe) -- C:\Documents and Settings\Owner\Application Data\Аdobe
(C:\Documents and Settings\Owner\Application Data\?dobe) -- C:\Documents and Settings\Owner\Application Data\Αdobe
(C:\Documents and Settings\Owner\Application Data\?asks) -- C:\Documents and Settings\Owner\Application Data\Тasks
(C:\Documents and Settings\Owner\Application Data\?asks) -- C:\Documents and Settings\Owner\Application Data\Τasks
(C:\Documents and Settings\Owner\Application Data\??stem32) -- C:\Documents and Settings\Owner\Application Data\ѕуstem32
(C:\Documents and Settings\Owner\Application Data\??stem) -- C:\Documents and Settings\Owner\Application Data\ѕуstem
(C:\Documents and Settings\Owner\Application Data\??sks) -- C:\Documents and Settings\Owner\Application Data\Таsks
(C:\Documents and Settings\Owner\Application Data\??sks) -- C:\Documents and Settings\Owner\Application Data\Τаsks
(C:\Documents and Settings\Owner\Application Data\??sembly) -- C:\Documents and Settings\Owner\Application Data\аѕsembly
(C:\Documents and Settings\Owner\Application Data\??pPatch) -- C:\Documents and Settings\Owner\Application Data\АрpPatch
(C:\Documents and Settings\Owner\Application Data\??pPatch) -- C:\Documents and Settings\Owner\Application Data\ΑрpPatch
(C:\Documents and Settings\Owner\Application Data\??mbols) -- C:\Documents and Settings\Owner\Application Data\ѕуmbols
(C:\Documents and Settings\Owner\Application Data\??mantec) -- C:\Documents and Settings\Owner\Application Data\Ѕуmantec
(C:\Documents and Settings\Owner\Application Data\??curity) -- C:\Documents and Settings\Owner\Application Data\ѕеcurity
(C:\Documents and Settings\Owner\Application Data\??crosoft.NET) -- C:\Documents and Settings\Owner\Application Data\Міcrosoft.NET
(C:\Documents and Settings\Owner\Application Data\??crosoft.NET) -- C:\Documents and Settings\Owner\Application Data\Μіcrosoft.NET
(C:\Documents and Settings\Owner\Application Data\??crosoft) -- C:\Documents and Settings\Owner\Application Data\Міcrosoft
(C:\Documents and Settings\Owner\Application Data\??crosoft) -- C:\Documents and Settings\Owner\Application Data\Μіcrosoft

< End of report >

=============================================================================================================================================

OTL Extras logfile created on: 7/8/2011 12:53:07 AM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

479.36 Mb Total Physical Memory | 145.37 Mb Available Physical Memory | 30.33% Memory free
1.10 Gb Paging File | 0.86 Gb Available in Paging File | 78.38% Paging File free
Paging file location(s): C:\pagefile.sys 720 1440 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 52.15 Gb Total Space | 17.15 Gb Free Space | 32.88% Space Free | Partition Type: NTFS
Drive D: | 3.72 Gb Total Space | 1.67 Gb Free Space | 44.89% Space Free | Partition Type: FAT32

Computer Name: MXF-M930916G | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-3160568925-3770676213-1693977076-1003\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015
"1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016
"500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015
"1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016
"500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- (America Online, Inc.)
"C:\Program Files\Gateway\HPA\gwmenu.exe" = C:\Program Files\Gateway\HPA\gwmenu.exe:*:Enabled:HPA/SCCD/SRCD New Code -- (Gateway Computers)
"C:\StubInstaller.exe" = C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer -- (LimeWire)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\Nortel Networks\Extranet.exe" = C:\Program Files\Nortel Networks\Extranet.exe:*:Enabled:Contivity VPN Client -- (Nortel Networks NA, Inc.)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- ()

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0D048BE8-AE02-4CB5-A428-616B9848E4A7}" = BlackBerry Desktop Software 4.3
"{162B71B8-8464-4680-A086-601D555B331D}" = Apple Mobile Device Support
"{1A0F7DFF-6F13-458C-8EC3-5386E8C251C6}" = BlackBerry Device Software Updater
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{536F7C74-844B-4683-B0C5-EA39E19A6FE3}" = Microsoft AntiSpyware
"{5783F2D7-4001-0409-0002-0060B0CE6BBA}" = AutoCAD 2006 - English
"{5EED93A8-33AD-46A7-A6AC-4DEAFBEFEEE1}" = Roxio Media Manager
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7148F0A8-6813-11D6-A77B-00B0D0142000}" = Java 2 Runtime Environment, SE v1.4.2
"{742A1782-5F1C-4663-A638-DA10E845A2F9}" = ArcSoft Camera Suite
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{83ED1E80-A1B7-4226-BCF1-AC4A88151A6B}" = Microsoft Streets & Trips 2006 with GPS Locator
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{98B6FB8A-8638-4037-AD44-CF7D0EEAB874}_is1" = TypingMaster TypingTest
"{98B6FB8A-8638-4037-AD44-CF7D0EEAB875}_is1" = TypingMaster Pro
"{99D42EC7-652B-4819-B3E6-6450C815E03F}" = Odyssey Client
"{9D18F7F8-B984-4249-8512-CC621BC59F12}" = Microsoft Location Finder
"{A607AC66-0C76-4519-9751-E12A93BF8EB2}" = Digital Media Reader
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-000000000001}" = Adobe Reader 6.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{E5145D2D-793B-4A16-BA42-3F13EEAA7D5E}" = iTunes
"{EF964A78-078C-11D1-B7A7-0000C0134CE6}" = Nortel Networks Contivity VPN Client
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"Ad-Aware SE Personal" = Ad-Aware SE Personal
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AOL Instant Messenger" = AOL Instant Messenger
"Autodesk DWF Viewer" = Autodesk DWF Viewer
"avast" = avast! Free Antivirus
"BlackBerry_{0D048BE8-AE02-4CB5-A428-616B9848E4A7}" = BlackBerry Desktop Software 4.3
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_8086&DEV_24C6&SUBSYS_202F161F" = SoftK56 Data Fax
"Conexant PCI Audio" = Conexant AC-Link Audio
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Gateway Drivers and Applications Recovery" = Gateway Drivers and Applications Recovery
"HijackThis" = HijackThis 2.0.2
"ie8" = Windows Internet Explorer 8
"InstallShield_{A607AC66-0C76-4519-9751-E12A93BF8EB2}" = Digital Media Reader
"InterActual Player" = InterActual Player
"LastFM_is1" = Last.fm 1.4.2.59470
"LimeWire" = LimeWire 4.9.30
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
"Matlab 6.5" = MATLAB 6.5
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Money2005b" = Microsoft Money 2005
"Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19)
"MSNINST" = MSN
"Nero - Burning Rom!UninstallKey" = Nero OEM
"Nero BurnRights!UninstallKey" = Nero BurnRights
"RapidTyping" = RapidTyping
"RealPlayer 6.0" = RealPlayer
"Rhapsody" = Rhapsody
"SpeedXP" = SpeedXP
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Ten Thumbs_is1" = Ten Thumbs 4.7
"ViewpointMediaPlayer" = Viewpoint Media Player
"Winamp" = Winamp (remove only)
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"Yahoo! Anti-Spy" = Yahoo! Anti-Spy
"YInstHelper" = Yahoo! Install Manager

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3160568925-3770676213-1693977076-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/7/2011 1:06:57 PM | Computer Name = MXF-M930916G | Source = LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. BaseIndex value from Performance
registry
is the first DWORD in Data section, LastCounter value is the second DWORD in Data
section, and LastHelp value is the third DWORD in Data section.

Error - 7/7/2011 1:06:57 PM | Computer Name = MXF-M930916G | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The Error code is the first DWORD in Data section.

Error - 7/7/2011 10:46:29 PM | Computer Name = MXF-M930916G | Source = LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. BaseIndex value from Performance
registry
is the first DWORD in Data section, LastCounter value is the second DWORD in Data
section, and LastHelp value is the third DWORD in Data section.

Error - 7/7/2011 10:46:29 PM | Computer Name = MXF-M930916G | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The Error code is the first DWORD in Data section.

Error - 7/7/2011 11:37:35 PM | Computer Name = MXF-M930916G | Source = LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. BaseIndex value from Performance
registry
is the first DWORD in Data section, LastCounter value is the second DWORD in Data
section, and LastHelp value is the third DWORD in Data section.

Error - 7/7/2011 11:37:35 PM | Computer Name = MXF-M930916G | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The Error code is the first DWORD in Data section.

Error - 7/7/2011 11:59:18 PM | Computer Name = MXF-M930916G | Source = LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. BaseIndex value from Performance
registry
is the first DWORD in Data section, LastCounter value is the second DWORD in Data
section, and LastHelp value is the third DWORD in Data section.

Error - 7/7/2011 11:59:18 PM | Computer Name = MXF-M930916G | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The Error code is the first DWORD in Data section.

Error - 7/8/2011 12:03:52 AM | Computer Name = MXF-M930916G | Source = LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. BaseIndex value from Performance
registry
is the first DWORD in Data section, LastCounter value is the second DWORD in Data
section, and LastHelp value is the third DWORD in Data section.

Error - 7/8/2011 12:03:52 AM | Computer Name = MXF-M930916G | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The Error code is the first DWORD in Data section.

[ OSession Events ]
Error - 6/13/2007 3:11:33 AM | Computer Name = MXF-M930916G | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 17899
seconds with 5760 seconds of active time. This session ended with a crash.

Error - 12/6/2007 8:39:56 PM | Computer Name = MXF-M930916G | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 74998
seconds with 2400 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 7/7/2011 10:47:54 PM | Computer Name = MXF-M930916G | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 7/7/2011 11:55:02 PM | Computer Name = MXF-M930916G | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Roxio Upnp Server 9 service
to connect.

Error - 7/7/2011 11:55:03 PM | Computer Name = MXF-M930916G | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the LiveShare P2P Server
9 service to connect.

Error - 7/7/2011 11:55:03 PM | Computer Name = MXF-M930916G | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher
9 service to connect.

Error - 7/7/2011 11:55:16 PM | Computer Name = MXF-M930916G | Source = RemoteAccess | ID = 20106
Description = Unable to add the interface {0362CF9D-0926-42A6-A629-46FF9B948725}
with the Router Manager for the IP protocol. The following error occurred: Cannot
complete this function.

Error - 7/8/2011 12:31:55 AM | Computer Name = MXF-M930916G | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.119 for the Network Card with network
address 00904BCB67B6 has been denied by the DHCP server 10.128.128.128 (The DHCP
Server sent a DHCPNACK message).

Error - 7/8/2011 12:32:47 AM | Computer Name = MXF-M930916G | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Roxio Upnp Server 9 service
to connect.

Error - 7/8/2011 12:32:47 AM | Computer Name = MXF-M930916G | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the LiveShare P2P Server
9 service to connect.

Error - 7/8/2011 12:32:47 AM | Computer Name = MXF-M930916G | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher
9 service to connect.

Error - 7/8/2011 12:33:33 AM | Computer Name = MXF-M930916G | Source = RemoteAccess | ID = 20106
Description = Unable to add the interface {0362CF9D-0926-42A6-A629-46FF9B948725}
with the Router Manager for the IP protocol. The following error occurred: Cannot
complete this function.

< End of report >

Back to top

#12 Broni Re: [RESOLVED] Friends old Win XP Gateway laptop madbly infected

Malware Annihilator

24,883 posts
Joined: October 04, 2004
1,860 topics
Age: 57
Skin: IPBoard wide
Local time: 06:16 PM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Online

Time Online: 57d 9h 20m 43s

Posted 08 July 2011 - 03:24 PM

Good news :)

Quote

479.36 Mb Total Physical Memory

That computer could use another 512MB of RAM for better performance.

1. Update your Java version here: http://www.java.com/...d/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
Accept any prompts.

=====================================================================

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapp...rch/search.html
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
O3 - HKLM\..\Toolbar: (no name) - {4D1C4E89-A32A-416b-BCDB-33B3EF3617D3} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found.
O3 - HKU\S-1-5-21-3160568925-3770676213-1693977076-1003\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-3160568925-3770676213-1693977076-1003\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\S-1-5-21-3160568925-3770676213-1693977076-1003\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-3160568925-3770676213-1693977076-1003\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-3160568925-3770676213-1693977076-1003\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O37 - HKU\S-1-5-21-3160568925-3770676213-1693977076-1003\...exe [@ = exefile] -- Reg Error: Key error. File not found
[3 C:\Documents and Settings\Owner\Desktop\*.tmp files -> C:\Documents and Settings\Owner\Desktop\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2010/04/21 05:02:36 | 000,011,320 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\760y
[2010/04/21 05:02:36 | 000,011,320 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\760y
[2007/04/02 03:38:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2007/04/02 03:38:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Viewpoint
[2005/05/16 17:46:08 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\ISP signup reminder 2.job
[2005/05/16 17:46:09 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\ISP signup reminder 3.job


:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
You will get a log that shows the results of the fix. Please post it.

==================================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe
Follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

3. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program
Tick the box next to YES, I accept the Terms of Use
Click Start
IMPORTANT! UN-check Remove found threats
Accept any security warnings from your browser.
Check Scan archives
Click Start
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, push List of found threats
Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
NOTE. If Eset won't find any threats, it won't produce any log.

Back to top

#13 ProblemsRBad Re: [RESOLVED] Friends old Win XP Gateway laptop madbly infected

Member

161 posts
Joined: June 23, 2011
15 topics
Skin: IP.Board
Local time: 08:16 PM

Zodiac:Aries
OS:Windows 7
Country:

Offline

Time Online: 3d 20h 16m 27s

Posted 08 July 2011 - 08:18 PM

Ok I will let him know he can upgrade the ram to maybe even 1 gb, i will have to see the max for this laptop. Thanks! Got the java updated.

All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\CustomSearch| /E : value set successfully!
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{4D1C4E89-A32A-416b-BCDB-33B3EF3617D3} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4D1C4E89-A32A-416b-BCDB-33B3EF3617D3}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4982D40A-C53B-4615-B15B-B5B5E98D167C}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4982D40A-C53B-4615-B15B-B5B5E98D167C}\ not found.
Registry value HKEY_USERS\S-1-5-21-3160568925-3770676213-1693977076-1003\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-21-3160568925-3770676213-1693977076-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
Registry value HKEY_USERS\S-1-5-21-3160568925-3770676213-1693977076-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-21-3160568925-3770676213-1693977076-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_USERS\S-1-5-21-3160568925-3770676213-1693977076-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
File oft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab not found.
Starting removal of ActiveX control Microsoft XML Parser for Java
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
Registry key HKEY_USERS\S-1-5-21-3160568925-3770676213-1693977076-1003_Classes\.exe\ not found.
Registry key HKEY_USERS\S-1-5-21-3160568925-3770676213-1693977076-1003_Classes\exefile\ not found.
HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!
File/Folder C:\Documents and Settings\Owner\Desktop\*.tmp not found.
File/Folder C:\WINDOWS\System32\*.tmp not found.
File/Folder C:\WINDOWS\*.tmp not found.
File C:\Documents and Settings\Owner\Local Settings\Application Data\760y not found.
File C:\Documents and Settings\All Users\Application Data\760y not found.
Folder C:\Documents and Settings\All Users\Application Data\Viewpoint\ not found.
Folder C:\Documents and Settings\Owner\Application Data\Viewpoint\ not found.
File C:\WINDOWS\Tasks\ISP signup reminder 2.job not found.
File C:\WINDOWS\Tasks\ISP signup reminder 3.job not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Owner
->Temp folder emptied: 79 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 3780316 bytes
->Flash cache emptied: 41139 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 664 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 36429 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 4.00 mb

[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService

User: Owner
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.26.1 log created on 07082011_122434

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

=======================================================================================================================================

Results of screen317's Security Check version 0.99.7
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
avast! Free Antivirus
ESET Online Scanner v3
```````````````````````````````
Anti-malware/Other Utilities Check:
Ad-Aware
Malwarebytes' Anti-Malware
HijackThis 2.0.2
CCleaner
Java™ 6 Update 26
Out of date Java installed!
Adobe Flash Player 10.0.22.87
Adobe Reader 6.0
Out of date Adobe Reader installed!
Mozilla Firefox (3.0.19) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast avastUI.exe
``````````End of Log````````````

=======================================================================================================================================

eset scan

C:\Documents and Settings\Owner\Desktop\Gateway Laptop\New Folder\Webroot SpySweeper v4.5.9.709.rar a variant of Win32/Keygen.AD application
C:\Program Files\SpeedXP\setup\gendel32.ex_ Win32/HackTool.Gendel.A trojan
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\720672f\18.mof.vir Win32/RogueAV.A trojan
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\dLhChKi06511\dLhChKi06511.exe.vir a variant of Win32/Kryptik.KUE trojan
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP834\A0434354.mof Win32/RogueAV.A trojan
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP834\A0434361.exe a variant of Win32/Kryptik.KUE trojan

Back to top

#14 Broni Re: [RESOLVED] Friends old Win XP Gateway laptop madbly infected

Malware Annihilator

24,883 posts
Joined: October 04, 2004
1,860 topics
Age: 57
Skin: IPBoard wide
Local time: 06:16 PM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Online

Time Online: 57d 9h 20m 43s

Posted 08 July 2011 - 08:21 PM

1 gig will be plenty for XP.

Update Firefox to the current 5.0 version.

Update Adobe Reader

You can download it from http://www.adobe.com.../readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or any other garbage.

==============================================================================

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL

:Services

:Reg

:Files
C:\Documents and Settings\Owner\Desktop\Gateway Laptop\New  Folder\Webroot SpySweeper v4.5.9.709.rar	
C:\Program Files\SpeedXP\setup\gendel32.ex_

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
You will get a log that shows the results of the fix. Please post it.

==========================================================================

Your computer is clean Posted Image

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following:

:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

Double-click OTL.exe to start the program.
Close all other programs apart from OTL as this step will require a reboot
On the OTL main screen, press the CLEANUP button
Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/v...ning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. (Windows XP only) Run defrag at your convenience.

11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingc.../topic2520.html

13. Please, let me know, how your computer is doing.

Back to top

#15 ProblemsRBad Re: [RESOLVED] Friends old Win XP Gateway laptop madbly infected

Member

161 posts
Joined: June 23, 2011
15 topics
Skin: IP.Board
Local time: 08:16 PM

Zodiac:Aries
OS:Windows 7
Country:

Offline

Time Online: 3d 20h 16m 27s

Posted 08 July 2011 - 10:52 PM

The laptop is running very good now! Doing windows updates and running Secunia now. Thanks!

All processes killed
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
File\Folder C:\Documents and Settings\Owner\Desktop\Gateway Laptop\New Folder\Webroot SpySweeper v4.5.9.709.rar not found.
C:\Program Files\SpeedXP\setup\gendel32.ex_ moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56468 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Owner
->Temp folder emptied: 4639677 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 7350182 bytes
->Flash cache emptied: 343 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 17048 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 12.00 mb

[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService

User: Owner
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.26.1 log created on 07082011_175937

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

=======================================================================================================================================

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Owner
->Temp folder emptied: 2898 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 7211219 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 664 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 7.00 mb

[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService

User: Owner
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.26.1 log created on 07082011_182621

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Back to top

#16 Broni Re: [RESOLVED] Friends old Win XP Gateway laptop madbly infected

Malware Annihilator

24,883 posts
Joined: October 04, 2004
1,860 topics
Age: 57
Skin: IPBoard wide
Local time: 06:16 PM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Online

Time Online: 57d 9h 20m 43s

Posted 08 July 2011 - 10:53 PM

Way to go!! Posted Image

Good luck and stay safe :)

Back to top

Back to Virus, Spyware and Malware Removal · Next Unread Topic →

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

[RESOLVED] Friends old Win XP Gateway laptop madbly infected

#1 ProblemsRBad

#2 Broni Re: [RESOLVED] Friends old Win XP Gateway laptop madbly infected

#3 ProblemsRBad Re: [RESOLVED] Friends old Win XP Gateway laptop madbly infected

#4 Broni Re: [RESOLVED] Friends old Win XP Gateway laptop madbly infected

#5 ProblemsRBad Re: [RESOLVED] Friends old Win XP Gateway laptop madbly infected

#6 Broni Re: [RESOLVED] Friends old Win XP Gateway laptop madbly infected

#7 ProblemsRBad Re: [RESOLVED] Friends old Win XP Gateway laptop madbly infected

#8 Broni Re: [RESOLVED] Friends old Win XP Gateway laptop madbly infected

#9 ProblemsRBad Re: [RESOLVED] Friends old Win XP Gateway laptop madbly infected

#10 Broni Re: [RESOLVED] Friends old Win XP Gateway laptop madbly infected

#11 ProblemsRBad Re: [RESOLVED] Friends old Win XP Gateway laptop madbly infected

#12 Broni Re: [RESOLVED] Friends old Win XP Gateway laptop madbly infected

#13 ProblemsRBad Re: [RESOLVED] Friends old Win XP Gateway laptop madbly infected

#14 Broni Re: [RESOLVED] Friends old Win XP Gateway laptop madbly infected

#15 ProblemsRBad Re: [RESOLVED] Friends old Win XP Gateway laptop madbly infected

#16 Broni Re: [RESOLVED] Friends old Win XP Gateway laptop madbly infected

1 user(s) are reading this topic

This topic has been visited by 0 user(s)