Page 1 of 3 123 LastLast
Results 1 to 10 of 27
  1. #1
    jmk
    jmk is offline
    Member
    Join Date
    Dec 2011
    Posts
    17
    Points
    0

    Default Winsock 10050 error and rootkit

    Hello,
    I'm writing about a persistent problem I'm having ever since I removed, or thought I removed, the Windows XP Security ScareWare Trojan with Malewareytes.

    Now, I have 1) no internet connection, 2) Avast! finds a rootkit threat, and when I tried to diagnose the internet connection problem; it showed a 3) winsock 10050 error.

    Also, certain files will open, such as Malewarebytes and SuperantiSpyware, but other files will not open, such as TDSSkiller. The TDSSkiller would not even open after I renamed it "123abc.com" as was suggested in a previous thread initiated by turqoise22.

    Please advise
    and thank you.
    JMK
    Attached Files

  2. #2
    jmk
    jmk is offline
    Member
    Join Date
    Dec 2011
    Posts
    17
    Points
    0

    Default

    Hello,
    I've looked at some of the similar threads and tried to run the DDS diagnostic tool but the computer freezes up. This will be the third time I've tried to run it and each time the computer freezes up. Even the clock stops. In any event, I'll try some of the the other diagnostic tools suggested in the threads associated with lpmichaelson and turqoise22.
    Thanks again,
    jmk

  3. #3
    jmk
    jmk is offline
    Member
    Join Date
    Dec 2011
    Posts
    17
    Points
    0

    Default

    Hello,
    I ran the sawMBR tool.

    Here is the log:
    aswMBR version 0.9.9.1116 Copyright(c) 2011 AVAST Software
    Run date: 2011-12-21 20:41:58
    -----------------------------
    20:41:58.171 OS Version: Windows 5.1.2600 Service Pack 3
    20:41:58.171 Number of processors: 1 586 0x304
    20:41:58.171 ComputerName: KEATING-DESKTOP UserName: Administrator
    20:42:01.671 Initialze error 0 - driver not loaded
    20:42:05.031 AVAST engine defs: 11121102
    20:42:20.859 Service scanning
    20:42:21.562 Service ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys **LOCKED** 32
    20:42:22.296 Modules scanning
    20:42:22.296 Disk 0 trace - called modules:
    20:42:22.296
    20:42:23.078 AVAST engine scan C:\WINDOWS
    20:42:29.218 AVAST engine scan C:\WINDOWS\system32
    20:43:43.171 AVAST engine scan C:\WINDOWS\system32\drivers
    20:43:53.218 AVAST engine scan C:\Documents and Settings\Administrator
    20:48:45.859 AVAST engine scan C:\Documents and Settings\All Users
    20:49:11.718 Scan finished successfully
    20:50:44.062 The log file has been saved successfully to "F:\aswMBR.txt"

    Thank you,
    jmk

  4. #4
    jmk
    jmk is offline
    Member
    Join Date
    Dec 2011
    Posts
    17
    Points
    0

    Default

    Hello,
    I've also just preformed the following 3 tests to revive internet connection without success (this is copied from the turquise22 thread):

    1.

    Go to Start -> Control Panel -> Network and Internet Connection ->Network Connections.
    Right-click your default connection, usually Local Area Connection or Dial-up Connection (if you are using dial-up), and left-click on the Properties option.
    Double-click on the Internet Protocol (TCP/IP) item and select the radio button that says "Obtain DNS servers automatically".
    Click OK twice.
    spacer.gif
    Go to Start -> Run...
    In the Open: field type cmd and click OK or hit Enter.
    This will open a Command Prompt.
    At the DOS prompt screen, type in ipconfig /flushdns and then press Enter (notice the space between "ipconfig" and "/flushdns").
    Exit the Command Prompt.
    Reboot your PC and try to open any website.



    Go to Start -> Run...
    In the Open: field type cmd and click OK or hit Enter.
    This will open a Command Prompt.
    At the DOS prompt screen, type in netsh winsock reset and then press Enter (notice the space between each word)
    Exit the Command Prompt.
    Reboot your PC and try to open any website.


    2.
    We need to check your hard disk for errors.

    To check the volume for errors:

    Click start and then My Computer.
    Right click the drive C and select Properties.
    Under Tools tab press Check Now...
    Put a check mark in both items and press start.
    If you get a message click Yes to schedule the disk check and click OK and then restart your computer to start the disk check. Please be patient and let the system run. In some cases it might take a couple of hours and you don't have to sit there the whole time.

    *NOTE: This scan could take along time to complete, but let it finish.


    3.

    Go to Start -> Run...
    Type in sfc /scannow in the command window and press enter.
    Note the space between the c and the /
    If any files require replacing SFC will replace them. You may be asked to insert your Windows Xp disc for this process to continue. This can be done with a borrowed Xp disc if you don't have one.
    Be patient because the scan may take some time.
    Allow the scan to run and when completed, reboot the system.

    Thank you,
    jmk

  5. #5
    jmk
    jmk is offline
    Member
    Join Date
    Dec 2011
    Posts
    17
    Points
    0

    Default

    Did I forget to include something in my posts?

  6. #6
    Member Spyware Fighter
    Join Date
    Jun 2010
    Location
    Bement,Ill USA
    Posts
    1,340
    Points
    146

    Default

    Hello and welcome to Help2Go

    We apologize for the delay in responding to your request for help. Here at Help2Go we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

    Please take note:

    1. If you have since resolved the original problem you were having, we would appreciate you letting us know.
    2. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
      • If you are unsure about any of these characteristics just post what you can and we will guide you.
    3. Please tell us if you have your original Windows CD/DVD available.
    4. If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.
    5. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
    6. Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.
    7. If you have already posted a DDS log, please do so again, as your situation may have changed.
    8. Use the 'Add Reply' and add the new log to this thread.


    We need to see some information about what is happening in your machine. Please perform the following scan again:

    • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
    • Double click on the DDS icon, allow it to run.
    • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
    • Notepad will open with the results.
    • Follow the instructions that pop up for posting the results.
    • Close the program window, and delete the program from your desktop.
    Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

    Information on A/V control HERE


    We also need a new log from the GMER anti-rootkit Scanner.

    Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step. Then proceed to run aswMbr.exe as noted below.

    Please first disable any CD emulation programs using the steps found in this topic:

    Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:


    Note:
    If you are unable to run a Gmer scan due the fact you are running a 64bit machine please run the following tool and post its log.

    Please download aswMBR ( 511KB ) to your desktop.
    • Double click the aswMBR.exe icon to run it
    • Click the Scan button to start the scan
    • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.




    Thanks and again sorry for the delay.
    " Extinguishing Malware from the world"

    The Spware Help forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.
    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
    Thanks-




  7. #7
    jmk
    jmk is offline
    Member
    Join Date
    Dec 2011
    Posts
    17
    Points
    0

    Default

    Hello,
    Thank you for your response.
    The problem is not resolved. I don't have the Windows CD. I'll keep looking and post if I find it. The problems described in my first post have not changed. I burned about 2 hours trying to get the DDS scan to work. It did not. Each time I ran DDS the computer freezes. I disabled Avast, disabled the wireless connection but the scan would churn for 15 min or so and then the computer would freeze up. Each time I started the scan, the wireless connection would pop up in the system tray but I would close it.

    I ran the aswMBR:
    aswMBR version 0.9.9.1156 Copyright(c) 2011 AVAST Software
    Run date: 2012-01-03 21:09:45
    -----------------------------
    21:09:45.000 OS Version: Windows 5.1.2600 Service Pack 3
    21:09:45.000 Number of processors: 1 586 0x304
    21:09:45.000 ComputerName: KEATING-DESKTOP UserName: Administrator
    21:09:46.093 Initialze error 0 - driver not loaded
    21:09:46.234 AVAST engine defs: 11121102
    21:09:48.296 Service scanning
    21:09:49.750 Service ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys **LOCKED** 32
    21:09:50.781 Modules scanning
    21:09:50.781 Disk 0 trace - called modules:
    21:09:50.781
    21:09:51.593 AVAST engine scan C:\WINDOWS
    21:09:58.812 AVAST engine scan C:\WINDOWS\system32
    21:11:25.828 AVAST engine scan C:\WINDOWS\system32\drivers
    21:11:36.500 AVAST engine scan C:\Documents and Settings\Administrator
    21:18:01.703 AVAST engine scan C:\Documents and Settings\All Users
    21:18:23.578 Scan finished successfully
    21:18:41.390 The log file has been saved successfully to "E:\diagnostics\aswMBR.txt"

    My best wishes for 2012.
    jmk

  8. #8
    Member Spyware Fighter
    Join Date
    Jun 2010
    Location
    Bement,Ill USA
    Posts
    1,340
    Points
    146

    Default

    Hello,

    Try these 2 scanners. If they don't work try them in safemode.


    1.

    1. Please download OTL from one of the following mirrors:
    • This is THE Mirror
      2. Save it to your desktop.
      3. Double click on the icon on your desktop.
      4. Under the Custom Scan box paste this in
      netsvcs
      %SYSTEMDRIVE%\*.exe
      /md5start
      eventlog.dll
      scecli.dll
      netlogon.dll
      cngaudit.dll
      sceclt.dll
      ntelogon.dll
      logevent.dll
      iaStor.sys
      nvstor.sys
      atapi.sys
      IdeChnDr.sys
      viasraid.sys
      AGP440.sys
      vaxscsi.sys
      nvatabus.sys
      viamraid.sys
      nvata.sys
      nvgts.sys
      iastorv.sys
      ViPrt.sys
      eNetHook.dll
      ahcix86.sys
      KR10N.sys
      /md5stop
      %systemroot%\*. /mp /s
      CREATERESTOREPOINT

      5. Push the Quick Scan button.
      6. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized


    2.
    Please download MBRCheck to your desktop.

    1. Double click MBRCheck.exe to run it (Right click and run as Administrator for Vista).
    2. It will open a black window, please do not fix anything (if it gives you an option).
    3. Exit that window and it will produce a log (MBRCheck_date_time).
    4. Please post that log when you reply.
    " Extinguishing Malware from the world"

    The Spware Help forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.
    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
    Thanks-




  9. #9
    jmk
    jmk is offline
    Member
    Join Date
    Dec 2011
    Posts
    17
    Points
    0

    Default OTL, OTL extra, and MBRcheck logs

    Hello,

    OTL log:

    OTL logfile created on: 1/4/2012 8:40:43 AM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = E:\diagnostics
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.49 Gb Total Physical Memory | 1.67 Gb Available Physical Memory | 67.12% Memory free
    3.08 Gb Paging File | 2.40 Gb Available in Paging File | 77.76% Paging File free
    Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 232.88 Gb Total Space | 182.48 Gb Free Space | 78.36% Space Free | Partition Type: NTFS
    Drive D: | 6.71 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
    Drive E: | 245.27 Mb Total Space | 231.28 Mb Free Space | 94.29% Space Free | Partition Type: FAT

    Computer Name: KEATING-DESKTOP | User Name: Administrator | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/01/04 08:30:08 | 000,584,192 | ---- | M] (OldTimer Tools) -- E:\diagnostics\OTL.exe
    PRC - [2011/12/08 19:44:22 | 004,616,064 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    PRC - [2011/11/28 13:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
    PRC - [2011/11/28 13:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    PRC - [2011/08/22 05:22:47 | 000,028,672 | ---- | M] (DataViz, Inc.) -- C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
    PRC - [2011/08/11 18:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
    PRC - [2010/11/19 13:38:08 | 000,193,880 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
    PRC - [2010/11/19 13:29:00 | 004,916,568 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
    PRC - [2010/10/27 19:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    PRC - [2010/08/25 10:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
    PRC - [2010/05/04 16:49:32 | 002,942,608 | R--- | M] (Carbonite, Inc. (Online Backup)) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
    PRC - [2010/05/04 16:49:30 | 000,865,424 | R--- | M] (Carbonite, Inc.) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
    PRC - [2010/03/31 02:24:11 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    PRC - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    PRC - [2008/08/22 04:02:34 | 000,390,432 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
    PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2007/11/07 18:02:10 | 000,253,952 | ---- | M] () -- C:\Program Files\USB 2.0 WebCam Device\Monitor.exe
    PRC - [2003/05/12 14:02:26 | 000,270,336 | ---- | M] (Dell Computer Corporation) -- C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
    PRC - [2003/05/12 14:02:26 | 000,053,248 | ---- | M] (Dell Computer Corporation) -- C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
    PRC - [2003/01/31 19:49:34 | 000,098,304 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    PRC - [2003/01/17 14:58:40 | 000,024,576 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Compaq\Compaq Management Agents\cpqWebDmi\Webdmi.exe
    PRC - [2003/01/17 14:53:28 | 000,020,480 | ---- | M] (Compaq Computer Corporation) -- C:\Program Files\Compaq\Compaq Management Agents\Cpqdmi.exe
    PRC - [2003/01/17 14:53:12 | 000,081,920 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Compaq\Compaq Management Agents\Chkadmin.exe
    PRC - [2003/01/17 14:49:24 | 000,512,000 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Compaq\Compaq Management Agents\Cpqalert.exe
    PRC - [2002/09/20 19:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    PRC - [2002/05/28 05:37:16 | 000,069,632 | ---- | M] (adi) -- C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
    PRC - [2001/04/11 09:33:46 | 000,215,552 | ---- | M] (Intel) -- C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/01/04 08:38:51 | 000,063,488 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
    MOD - [2012/01/04 08:38:51 | 000,052,736 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
    MOD - [2011/12/21 08:18:31 | 000,117,760 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
    MOD - [2011/12/21 08:18:30 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
    MOD - [2011/12/11 12:44:22 | 001,646,080 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\11121102\algo.dll
    MOD - [2011/12/07 18:32:09 | 000,241,528 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\11121102\aswRep.dll
    MOD - [2010/01/31 22:52:12 | 008,347,648 | ---- | M] () -- C:\Program Files\LeapFrog\LeapFrog Connect\QtGui4.dll
    MOD - [2010/01/31 22:52:12 | 002,244,608 | ---- | M] () -- C:\Program Files\LeapFrog\LeapFrog Connect\QtCore4.dll
    MOD - [2008/04/13 19:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
    MOD - [2008/04/13 19:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
    MOD - [2007/11/07 18:02:10 | 000,253,952 | ---- | M] () -- C:\Program Files\USB 2.0 WebCam Device\Monitor.exe
    MOD - [2003/05/12 14:02:32 | 000,078,336 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\DLBKPP5C.DLL
    MOD - [2003/05/12 14:02:26 | 000,049,152 | ---- | M] () -- C:\Program Files\Dell AIO Printer A920\ConvDIB.dll
    MOD - [2003/01/17 14:55:02 | 000,143,360 | ---- | M] () -- C:\Program Files\Compaq\Compaq Management Agents\CpqAoLan.dll
    MOD - [2001/04/11 09:33:44 | 000,018,944 | ---- | M] () -- C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\bin\Dmiapi32.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Disabled | Stopped] -- -- (HidServ)
    SRV - [2011/11/28 13:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2011/08/11 18:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
    SRV - [2011/02/12 11:54:23 | 001,405,384 | ---- | M] (Lavasoft Limited) [Auto | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
    SRV - [2010/11/19 13:29:00 | 004,916,568 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
    SRV - [2010/05/04 16:49:32 | 002,942,608 | R--- | M] (Carbonite, Inc. (Online Backup)) [Auto | Running] -- C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe -- (CarboniteService)
    SRV - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
    SRV - [2003/01/17 14:58:40 | 000,024,576 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Compaq\Compaq Management Agents\cpqWebDmi\Webdmi.exe -- (cpqWebDmi)
    SRV - [2003/01/17 14:53:28 | 000,020,480 | ---- | M] (Compaq Computer Corporation) [Auto | Running] -- C:\Program Files\Compaq\Compaq Management Agents\Cpqdmi.exe -- (cpqdmi)
    SRV - [2003/01/17 14:49:24 | 000,512,000 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Compaq\Compaq Management Agents\Cpqalert.exe -- (CPQALERT)
    SRV - [2002/09/20 19:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))
    SRV - [2001/04/11 09:33:46 | 000,215,552 | ---- | M] (Intel) [Auto | Running] -- C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe -- (WIN32SL)


    ========== Driver Services (SafeList) ==========

    DRV - [2011/11/28 12:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
    DRV - [2011/11/28 12:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
    DRV - [2011/11/28 12:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
    DRV - [2011/11/28 12:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2011/11/28 12:52:02 | 000,111,320 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
    DRV - [2011/11/28 12:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV - [2011/11/28 12:48:49 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
    DRV - [2011/07/22 11:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
    DRV - [2011/07/12 16:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2011/02/12 11:54:27 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
    DRV - [2008/04/10 16:29:22 | 000,009,200 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
    DRV - [2008/04/10 16:29:22 | 000,009,072 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
    DRV - [2007/10/16 13:36:04 | 002,329,216 | ---- | M] (Digital Camera) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ca522Bv.sys -- (Ca522bv)
    DRV - [2007/07/28 03:10:18 | 000,483,968 | R--- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt61.sys -- (RT61)
    DRV - [2007/05/23 16:26:34 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
    DRV - [2006/05/02 12:38:42 | 000,110,720 | ---- | M] (Mars Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mr97310c.sys -- (MR97310_USB_DUAL_CAMERA)
    DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
    DRV - [2004/08/03 19:29:50 | 000,019,455 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wVchNTxx.sys -- (iAimFP4)
    DRV - [2004/08/03 19:29:48 | 000,012,063 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wSiINTxx.sys -- (iAimFP3)
    DRV - [2004/08/03 19:29:46 | 000,025,471 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV10nt.sys -- (iAimTV5)
    DRV - [2004/08/03 19:29:46 | 000,023,615 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys -- (iAimTV4)
    DRV - [2004/08/03 19:29:46 | 000,022,271 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV06nt.sys -- (iAimTV6)
    DRV - [2004/08/03 19:29:44 | 000,033,599 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV04nt.sys -- (iAimTV3)
    DRV - [2004/08/03 19:29:44 | 000,019,551 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV02NT.sys -- (iAimTV1)
    DRV - [2004/08/03 19:29:42 | 000,029,311 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV01nt.sys -- (iAimTV0)
    DRV - [2004/08/03 19:29:42 | 000,011,871 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV09NT.sys -- (iAimFP7)
    DRV - [2004/08/03 19:29:40 | 000,011,807 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV07nt.sys -- (iAimFP5)
    DRV - [2004/08/03 19:29:40 | 000,011,295 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV08NT.sys -- (iAimFP6)
    DRV - [2004/08/03 19:29:38 | 000,161,020 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\i81xnt5.sys -- (i81x)
    DRV - [2004/08/03 19:29:38 | 000,012,415 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV01nt.sys -- (iAimFP0)
    DRV - [2004/08/03 19:29:38 | 000,012,127 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV02NT.sys -- (iAimFP1)
    DRV - [2004/08/03 19:29:38 | 000,011,775 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV05NT.sys -- (iAimFP2)
    DRV - [2003/12/01 14:46:22 | 000,259,200 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\Cdudf_xp.sys -- (cdudf_xp)
    DRV - [2003/12/01 14:46:22 | 000,213,120 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\UdfReadr_xp.sys -- (UdfReadr_xp)
    DRV - [2003/12/01 14:46:22 | 000,146,560 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\DVDVRRdr_xp.sys -- (DVDVRRdr_xp)
    DRV - [2003/12/01 14:46:22 | 000,118,409 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\pwd_2K.sys -- (pwd_2k)
    DRV - [2003/12/01 14:46:22 | 000,022,745 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Mmc_2k.sys -- (mmc_2K)
    DRV - [2003/12/01 14:46:22 | 000,021,993 | ---- | M] (Roxio) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Dvd_2k.sys -- (dvd_2K)
    DRV - [2003/02/25 11:18:08 | 000,170,880 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
    DRV - [2003/02/05 15:22:32 | 000,050,816 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\baspxp32.sys -- (Blfp)
    DRV - [2002/08/19 13:35:44 | 000,019,845 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Cpqdfw.sys -- (cpqdfw)
    DRV - [2002/05/10 14:32:58 | 000,054,272 | ---- | M] (Hewlett-Packard) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Clntmgmt.sys -- (ClntMgmt)
    DRV - [2002/04/04 01:32:06 | 000,028,416 | R--- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symmpi.sys -- (Symmpi)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = HP Desktop web portal -- HP Small and Medium Business

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = HP Desktop web portal -- HP Small and Medium Business
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig?hl=en&amp;gl=us"
    FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
    FF - prefs.js..extensions.enabledItems: zotero@chnm.gmu.edu:2.1.5
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..network.proxy.type: 0


    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Administrator\Application Data\Move Networks\plugins\npqmp071503000010.dll (Move Networks)
    FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.732: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.732: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.732: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Administrator\Application Data\Move Networks\plugins\npqmp071503000010.dll (Move Networks)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/12/06 18:07:44 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/09 17:58:47 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/24 05:25:26 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Documents and Settings\Administrator\Application Data\Move Networks [2009/09/16 19:53:05 | 000,000,000 | ---D | M]

    [2010/07/11 19:52:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
    [2011/09/21 13:15:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\18aawjjq.default\extensions
    [2010/09/25 06:47:15 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\18aawjjq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2011/09/21 13:15:53 | 000,000,000 | ---D | M] (Zotero) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\18aawjjq.default\extensions\zotero@chnm.gmu.edu
    [2011/11/09 17:58:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2011/01/19 12:46:56 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
    [2011/11/09 17:58:47 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2011/01/19 12:46:56 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
    [2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2011/11/09 17:58:47 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.121\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
    CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
    CHR - plugin: Java Deployment Toolkit 6.0.230.5 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U23 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
    CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
    CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll
    CHR - plugin: RealPlayer Version Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpjplug.dll
    CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
    CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.121\pdf.dll
    CHR - plugin: Google Talk Plugin (Enabled) = C:\Documents and Settings\Administrator\Application Data\Mozilla\plugins\npgoogletalk.dll
    CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Documents and Settings\Administrator\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
    CHR - plugin: Move Streaming Media Player (Enabled) = C:\Documents and Settings\Administrator\Application Data\Move Networks\plugins\npqmp071503000010.dll
    CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll
    CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
    CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprjplug.dll
    CHR - plugin: Default Plug-in (Enabled) = default_plugin
    CHR - Extension: avast! WebRep = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1367_0\

    Hosts file not found
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
    O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
    O4 - HKLM..\Run: [ChkAdmin] C:\Program Files\Compaq\Compaq Management Agents\Chkadmin.exe (Hewlett-Packard Company)
    O4 - HKLM..\Run: [Dell AIO Printer A920] C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe (Dell Computer Corporation)
    O4 - HKLM..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe (adi)
    O4 - HKLM..\Run: [Monitor] C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
    O4 - HKLM..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe (Hewlett-Packard Company)
    O4 - HKLM..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe (Analog Devices, Inc.)
    O4 - HKLM..\Run: [srmclean] C:\cpqs\scom\srmclean.exe ()
    O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
    O4 - HKLM..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u File not found
    O4 - HKCU..\Run: [9Fu7vaQKCGlaGo] C:\Documents and Settings\All Users\Application Data\9Fu7vaQKCGlaGo.exe File not found
    O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
    O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Palm Registration.lnk = C:\Program Files\Palm\register.exe (Palm/Leader Technologies)
    O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe (DataViz, Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HOTSYNCSHORTCUTNAME.lnk = File not found
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Monitor.lnk = C:\Program Files\USB 2.0 WebCam Device\Monitor.exe ()
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
    O15 - HKCU\..Trusted Domains: localhost ([]* in Local intranet)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get...irector/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www2.snapfish.com/SnapfishActivia.cab (Snapfish Activia)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_23)
    O16 - DPF: {CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA} Java Plug-in Technology (Java Plug-in 1.4.2_01)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_07)
    O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_23)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_23)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C2882F54-1432-4F9B-88C6-23193D80B676}: DhcpNameServer = 192.168.1.1
    O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
    O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2011/12/02 16:21:58 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O32 - AutoRun File - [2003/09/23 14:57:56 | 000,000,073 | R--- | M] () - D:\AUTORUN.INF -- [ UDF ]
    O33 - MountPoints2\{159757e5-a4bb-11dd-a720-806d6172696f}\Shell - "" = AutoRun
    O33 - MountPoints2\{159757e5-a4bb-11dd-a720-806d6172696f}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{159757e5-a4bb-11dd-a720-806d6172696f}\Shell\AutoRun\command - "" = D:\install.EXE id= ver=1.0.0.0
    O33 - MountPoints2\{ecf77659-6249-11de-b910-001fd00ee6a3}\Shell - "" = AutoRun
    O33 - MountPoints2\{ecf77659-6249-11de-b910-001fd00ee6a3}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{ecf77659-6249-11de-b910-001fd00ee6a3}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: HidServ - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/01/03 14:08:03 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
    [2011/12/21 19:11:27 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Administrative Tools
    [2011/12/21 08:18:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
    [2011/12/21 08:17:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
    [2011/12/21 08:17:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    [2011/12/21 08:17:19 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
    [2011/12/20 23:17:59 | 000,035,871 | ---- | C] (Winbond Electronics Corp.) -- C:\WINDOWS\System32\dllcache\wbfirdma.sys
    [2011/12/20 23:17:52 | 000,016,925 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w940nd.sys
    [2011/12/20 23:17:47 | 000,019,016 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w926nd.sys
    [2011/12/20 23:17:43 | 000,019,528 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w840nd.sys
    [2011/12/20 23:17:38 | 000,064,605 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vvoice.sys
    [2011/12/20 23:17:33 | 000,397,502 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vpctcom.sys
    [2011/12/20 23:17:28 | 000,604,253 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\vmodem.sys
    [2011/12/20 23:17:25 | 000,249,402 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\vinwm.sys
    [2011/12/20 23:17:11 | 000,765,884 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usrti.sys
    [2011/12/20 23:16:54 | 000,794,399 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806v.sys
    [2011/12/20 23:16:50 | 000,793,598 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806.sys
    [2011/12/20 23:16:47 | 000,794,654 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1801.sys
    [2011/12/20 23:16:41 | 000,032,384 | ---- | C] (KLSI USA, Inc.) -- C:\WINDOWS\System32\dllcache\usb101et.sys
    [2011/12/20 23:16:20 | 000,050,688 | ---- | C] (UMAX DATA SYSTEMS INC.) -- C:\WINDOWS\System32\dllcache\umaxscan.dll
    [2011/12/20 23:16:05 | 000,211,968 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um54scan.dll
    [2011/12/20 23:16:02 | 000,216,064 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um34scan.dll
    [2011/12/20 23:15:47 | 000,166,784 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxpm.sys
    [2011/12/20 23:15:44 | 000,525,568 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxp.dll
    [2011/12/20 23:15:40 | 000,159,232 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkbm.sys
    [2011/12/20 23:15:36 | 000,440,576 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkb.dll
    [2011/12/20 23:15:33 | 000,222,336 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3dm.sys
    [2011/12/20 23:15:29 | 000,315,520 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3d.dll
    [2011/12/20 23:14:56 | 000,123,995 | ---- | C] (Tiger Jet Network) -- C:\WINDOWS\System32\dllcache\tjisdn.sys
    [2011/12/20 23:14:50 | 000,138,528 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiulnt5.sys
    [2011/12/20 23:14:47 | 000,081,408 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiul50.dll
    [2011/12/20 23:14:45 | 000,149,376 | ---- | C] (M-Systems) -- C:\WINDOWS\System32\dllcache\tffsport.sys
    [2011/12/20 23:14:41 | 000,017,129 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdkcd31.sys
    [2011/12/20 23:14:38 | 000,037,961 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdk100b.sys
    [2011/12/20 23:14:25 | 000,036,640 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\t2r4mini.sys
    [2011/12/20 23:14:22 | 000,172,768 | ---- | C] (Number Nine Visual Technology) -- C:\WINDOWS\System32\dllcache\t2r4disp.dll
    [2011/12/20 23:13:51 | 000,155,648 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnprop.dll
    [2011/12/20 23:13:48 | 000,053,248 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlncoin.dll
    [2011/12/20 23:13:45 | 000,285,760 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnata.sys
    [2011/12/20 23:13:41 | 000,016,896 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\stcusb.sys
    [2011/12/20 23:13:35 | 000,048,736 | ---- | C] (3Com) -- C:\WINDOWS\System32\dllcache\srwlnd5.sys
    [2011/12/20 23:13:15 | 000,019,072 | ---- | C] (Adaptec, Inc.) -- C:\WINDOWS\System32\dllcache\sparrow.sys
    [2011/12/20 23:12:47 | 000,058,368 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smiminib.sys
    [2011/12/20 23:12:43 | 000,147,200 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smidispb.dll
    [2011/12/20 23:12:39 | 000,025,034 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smcpwr2n.sys
    [2011/12/20 23:12:36 | 000,035,913 | ---- | C] (SMC) -- C:\WINDOWS\System32\dllcache\smcirda.sys
    [2011/12/20 23:12:33 | 000,024,576 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smc8000n.sys
    [2011/12/20 23:12:07 | 000,063,547 | ---- | C] (Symbol Technologies) -- C:\WINDOWS\System32\dllcache\sla30nd5.sys
    [2011/12/20 23:12:04 | 000,091,294 | ---- | C] (SysKonnect, a business unit of Schneider & Koch & Co. Datensysteme GmbH.) -- C:\WINDOWS\System32\dllcache\skfpwin.sys
    [2011/12/20 23:12:00 | 000,094,698 | ---- | C] (SysKonnect GmbH.) -- C:\WINDOWS\System32\dllcache\sk98xwin.sys
    [2011/12/20 23:11:53 | 000,032,768 | ---- | C] (SiS Corporation) -- C:\WINDOWS\System32\dllcache\sisnic.sys
    [2011/12/20 23:11:24 | 000,161,568 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmusb.sys
    [2011/12/20 23:11:21 | 000,018,400 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmld.sys
    [2011/12/20 23:11:18 | 000,098,080 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiulnt5.sys
    [2011/12/20 23:11:14 | 000,386,560 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiul50.dll
    [2011/12/20 23:10:49 | 000,017,280 | ---- | C] (SCM Microsystems) -- C:\WINDOWS\System32\dllcache\scr111.sys
    [2011/12/20 23:10:42 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmusbm.sys
    [2011/12/20 23:10:39 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmn50m.sys
    [2011/12/20 23:10:23 | 000,077,824 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4m.sys
    [2011/12/20 23:10:20 | 000,198,400 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4.dll
    [2011/12/20 23:10:17 | 000,061,504 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3dm.sys
    [2011/12/20 23:10:13 | 000,179,264 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3d.dll
    [2011/12/20 23:10:10 | 000,210,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mvirge.dll
    [2011/12/20 23:10:07 | 000,062,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mtrio.dll
    [2011/12/20 23:10:03 | 000,041,216 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.sys
    [2011/12/20 23:10:00 | 000,182,272 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.dll
    [2011/12/20 23:09:57 | 000,166,720 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3m.sys
    [2011/12/20 23:09:50 | 000,082,432 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia450.dll
    [2011/12/20 23:09:47 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia430.dll
    [2011/12/20 23:09:46 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
    [2011/12/20 23:09:46 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
    [2011/12/20 23:09:45 | 000,029,696 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw450ext.dll
    [2011/12/20 23:09:44 | 000,027,648 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw430ext.dll
    [2011/12/20 23:09:31 | 000,009,216 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\rsmgrstr.dll
    [2011/12/20 23:09:24 | 000,079,104 | ---- | C] (Comtrol Corporation) -- C:\WINDOWS\System32\dllcache\rocket.sys
    [2011/12/20 23:09:21 | 000,037,563 | ---- | C] (RadioLAN) -- C:\WINDOWS\System32\dllcache\rlnet5.sys
    [2011/12/20 23:09:17 | 000,086,097 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\reslog32.dll
    [2011/12/20 23:09:05 | 000,714,762 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdmkxx.sys
    [2011/12/20 23:09:02 | 000,899,146 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdkxga.sys
    [2011/12/20 23:08:31 | 000,130,942 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlv.sys
    [2011/12/20 23:08:28 | 000,112,574 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlp.sys
    [2011/12/20 23:08:25 | 000,128,286 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserli.sys
    [2011/12/20 23:08:12 | 000,016,128 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\pscr.sys
    [2011/12/20 23:07:17 | 000,086,016 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\pctspk.exe
    [2011/12/20 23:07:04 | 000,026,153 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pcmlm56.sys
    [2011/12/20 23:07:03 | 000,029,502 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\pca200e.sys
    [2011/12/20 23:07:00 | 000,030,495 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pc100nds.sys
    [2011/12/20 23:06:18 | 000,054,186 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otcsercb.sys
    [2011/12/20 23:06:15 | 000,043,689 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otceth5.sys
    [2011/12/20 23:06:12 | 000,027,209 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otc06x5.sys
    [2011/12/20 23:06:09 | 000,054,528 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\opl3sax.sys
    [2011/12/20 23:05:50 | 000,051,552 | ---- | C] (Kensington Technology Group) -- C:\WINDOWS\System32\dllcache\ntgrip.sys
    [2011/12/20 23:05:37 | 000,087,040 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm6wdm.sys
    [2011/12/20 23:05:34 | 000,126,080 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm5a2wdm.sys
    [2011/12/20 23:05:29 | 000,132,695 | ---- | C] (802.11b) -- C:\WINDOWS\System32\dllcache\netwlan5.sys
    [2011/12/20 23:05:19 | 000,039,264 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.sys
    [2011/12/20 23:05:16 | 000,060,480 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.dll
    [2011/12/20 23:05:09 | 000,091,488 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3disp.dll
    [2011/12/20 23:05:05 | 000,027,936 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3d.sys
    [2011/12/20 23:05:02 | 000,033,088 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.sys
    [2011/12/20 23:04:59 | 000,059,104 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.dll
    [2011/12/20 23:04:56 | 000,013,664 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.sys
    [2011/12/20 23:04:52 | 000,035,392 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.dll
    [2011/12/20 23:04:43 | 000,075,520 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxport.sys
    [2011/12/20 23:04:40 | 000,007,168 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxport.dll
    [2011/12/20 23:04:37 | 000,019,968 | ---- | C] (Macronix International Co., Ltd. ) -- C:\WINDOWS\System32\dllcache\mxnic.sys
    [2011/12/20 23:04:34 | 000,019,968 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxicfg.dll
    [2011/12/20 23:04:31 | 000,021,888 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxcard.sys
    [2011/12/20 23:03:51 | 000,017,280 | ---- | C] (American Megatrends Inc.) -- C:\WINDOWS\System32\dllcache\mraid35x.sys
    [2011/12/20 23:03:18 | 000,164,586 | ---- | C] (Madge Networks Ltd) -- C:\WINDOWS\System32\dllcache\mdgndis5.sys
    [2011/12/20 23:02:58 | 000,797,500 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltsmt.sys
    [2011/12/20 23:02:55 | 000,802,683 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\ltsm.sys
    [2011/12/20 23:02:54 | 000,420,992 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntt.sys
    [2011/12/20 23:02:51 | 000,576,746 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntl.sys
    [2011/12/20 23:02:50 | 000,606,684 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmnt.sys
    [2011/12/20 23:02:47 | 000,727,786 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ltck000c.sys
    [2011/12/20 23:02:39 | 000,070,730 | ---- | C] (Linksys Group, Inc.) -- C:\WINDOWS\System32\dllcache\lne100tx.sys
    [2011/12/20 23:02:36 | 000,020,573 | ---- | C] (The Linksts Group ) -- C:\WINDOWS\System32\dllcache\lne100.sys
    [2011/12/20 23:02:33 | 000,025,065 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\lmndis3.sys
    [2011/12/20 23:02:31 | 000,015,744 | ---- | C] (Litronic Industries) -- C:\WINDOWS\System32\dllcache\lit220p.sys
    [2011/12/20 23:02:27 | 000,026,442 | ---- | C] (SMSC) -- C:\WINDOWS\System32\dllcache\lanepic5.sys
    [2011/12/20 23:02:24 | 000,019,016 | ---- | C] (Kingston Technology Company ) -- C:\WINDOWS\System32\dllcache\ktc111.sys
    [2011/12/20 23:01:39 | 000,023,552 | ---- | C] (MKNet Corporation) -- C:\WINDOWS\System32\dllcache\irmk7.sys
    [2011/12/20 23:00:54 | 000,372,824 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\iconf32.dll
    [2011/12/20 22:59:18 | 000,068,608 | ---- | C] (Avisioin) -- C:\WINDOWS\System32\dllcache\hpgt53tk.dll
    [2011/12/20 22:59:09 | 000,126,976 | ---- | C] (Hewlett Packard) -- C:\WINDOWS\System32\dllcache\hpgt34tk.dll
    [2011/12/20 22:58:42 | 000,028,288 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grserial.sys
    [2011/12/20 22:58:40 | 000,082,304 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grclass.sys
    [2011/12/20 22:58:38 | 000,017,408 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\gpr400.sys
    [2011/12/20 22:58:25 | 000,454,912 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fxusbase.sys
    [2011/12/20 22:58:14 | 000,455,296 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fusbbase.sys
    [2011/12/20 22:58:12 | 000,455,680 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fus2base.sys
    [2011/12/20 22:58:08 | 000,442,240 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpnpbase.sys
    [2011/12/20 22:58:06 | 000,441,728 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcmbase.sys
    [2011/12/20 22:58:04 | 000,444,416 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcibase.sys
    [2011/12/20 22:58:02 | 000,034,173 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\forehe.sys
    [2011/12/20 22:57:48 | 000,024,618 | ---- | C] (NETGEAR) -- C:\WINDOWS\System32\dllcache\fa410nd5.sys
    [2011/12/20 22:57:44 | 000,011,850 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xj.sys
    [2011/12/20 22:57:42 | 000,012,362 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xi.sys
    [2011/12/20 22:56:19 | 000,334,208 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\ds1wdm.sys
    [2011/12/20 22:56:16 | 000,028,062 | ---- | C] (National Semiconductor Coproration) -- C:\WINDOWS\System32\dllcache\dp83820.sys
    [2011/12/20 22:56:09 | 000,029,696 | ---- | C] (CNet Technology, Inc. ) -- C:\WINDOWS\System32\dllcache\dm9pci5.sys
    [2011/12/20 22:56:07 | 000,026,698 | ---- | C] (D-Link Corporation) -- C:\WINDOWS\System32\dllcache\dlh5xnd5.sys
    [2011/12/20 22:56:06 | 000,952,007 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diwan.sys
    [2011/12/20 22:56:01 | 000,236,060 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\ditrace.exe
    [2011/12/20 22:56:00 | 000,038,985 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvsu.dll
    [2011/12/20 22:55:59 | 000,031,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvpp.dll
    [2011/12/20 22:55:57 | 000,006,729 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvci.dll
    [2011/12/20 22:55:56 | 000,091,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\dimaint.sys
    [2011/12/20 22:55:35 | 000,024,649 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650d.sys
    [2011/12/20 22:55:34 | 000,024,648 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650.sys
    [2011/12/20 22:55:30 | 000,020,928 | ---- | C] (Digital Networks, LLC) -- C:\WINDOWS\System32\dllcache\defpa.sys
    [2011/12/20 22:55:08 | 000,048,640 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwrwdm.sys
    [2011/12/20 22:55:07 | 000,093,952 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcwdm.sys
    [2011/12/20 22:55:06 | 000,111,872 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcspud.sys
    [2011/12/20 22:55:05 | 000,003,584 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcosnt5.sys
    [2011/12/20 22:55:04 | 000,072,832 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbwdm.sys
    [2011/12/20 22:55:02 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbmidi.sys
    [2011/12/20 22:55:01 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbase.sys
    [2011/12/20 22:55:00 | 000,249,856 | ---- | C] (ComtrolŪ Corporation) -- C:\WINDOWS\System32\dllcache\ctmasetp.dll
    [2011/12/20 22:54:52 | 000,216,064 | ---- | C] (COMPAQ Inc.) -- C:\WINDOWS\System32\dllcache\cpscan.dll
    [2011/12/20 22:54:40 | 000,020,736 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\cmbp0wdm.sys
    [2011/12/20 22:54:32 | 000,980,034 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\cicap.sys
    [2011/12/20 22:54:27 | 000,049,182 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem56n5.sys
    [2011/12/20 22:54:27 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem33n5.sys
    [2011/12/20 22:54:26 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem28n5.sys
    [2011/12/20 22:54:25 | 000,027,164 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce3n5.sys
    [2011/12/20 22:54:25 | 000,021,530 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce2n5.sys
    [2011/12/20 22:54:22 | 000,714,698 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cbmdmkxx.sys
    [2011/12/20 22:54:22 | 000,046,108 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cben5.sys
    [2011/12/20 22:54:21 | 000,039,680 | ---- | C] (Silicom Ltd.) -- C:\WINDOWS\System32\dllcache\cb325.sys
    [2011/12/20 22:54:20 | 000,037,916 | ---- | C] (Fast Ethernet Controller Provider) -- C:\WINDOWS\System32\dllcache\cb102.sys
    [2011/12/20 22:54:18 | 000,032,256 | ---- | C] (Eicon Technology Corporation) -- C:\WINDOWS\System32\dllcache\diapi2NT.dll
    [2011/12/20 22:54:17 | 000,164,923 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diapi2.sys
    [2011/12/20 22:54:17 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
    [2011/12/20 22:53:54 | 000,031,529 | ---- | C] (BreezeCOM) -- C:\WINDOWS\System32\dllcache\brzwlan.sys
    [2011/12/20 22:53:53 | 000,011,008 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbmdm.sys
    [2011/12/20 22:53:53 | 000,010,368 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbscn.sys
    [2011/12/20 22:53:52 | 000,060,416 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brserwdm.sys
    [2011/12/20 22:53:52 | 000,009,728 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brserif.dll
    [2011/12/20 22:53:51 | 000,005,120 | ---- | C] (Brother Industries,Ltd.) -- C:\WINDOWS\System32\dllcache\brscnrsm.dll
    [2011/12/20 22:53:50 | 000,039,552 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparwdm.sys
    [2011/12/20 22:53:49 | 000,003,168 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparimg.sys
    [2011/12/20 22:53:48 | 000,041,472 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfusb.dll
    [2011/12/20 22:53:47 | 000,032,256 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfrsmg.exe
    [2011/12/20 22:53:47 | 000,029,696 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmflpt.dll
    [2011/12/20 22:53:46 | 000,015,360 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfbidi.dll
    [2011/12/20 22:53:45 | 000,003,968 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltup.sys
    [2011/12/20 22:53:44 | 000,012,160 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltlo.sys
    [2011/12/20 22:53:44 | 000,002,944 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brfilt.sys
    [2011/12/20 22:53:43 | 000,012,800 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brevif.dll
    [2011/12/20 22:53:43 | 000,009,728 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brcoinst.dll
    [2011/12/20 22:53:42 | 000,019,456 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brbidiif.dll
    [2011/12/20 22:53:31 | 000,871,388 | ---- | C] (BCM) -- C:\WINDOWS\System32\dllcache\bcmdm.sys
    [2011/12/20 22:53:28 | 000,036,128 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.sys
    [2011/12/20 22:53:27 | 000,342,336 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.dll
    [2011/12/20 22:53:26 | 000,089,952 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\b1cbase.sys
    [2011/12/20 22:53:26 | 000,036,992 | ---- | C] (Aztech Systems Ltd) -- C:\WINDOWS\System32\dllcache\aztw2320.sys
    [2011/12/20 22:53:25 | 000,144,384 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmenum.dll
    [2011/12/20 22:53:25 | 000,037,568 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmwan.sys
    [2011/12/20 22:53:24 | 000,087,552 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmcoxp.dll
    [2011/12/20 22:53:06 | 000,097,354 | ---- | C] (Bay Networks, Inc.) -- C:\WINDOWS\System32\dllcache\aspndis3.sys
    [2011/12/20 22:53:01 | 000,016,969 | ---- | C] (AmbiCom, Inc.) -- C:\WINDOWS\System32\dllcache\amb8002.sys
    [2011/12/20 22:52:52 | 000,046,112 | ---- | C] (Adaptec, Inc ) -- C:\WINDOWS\System32\dllcache\adptsf50.sys
    [2011/12/20 22:52:51 | 000,010,880 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\admjoy.sys
    [2011/12/20 22:52:50 | 000,747,392 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8830.sys
    [2011/12/20 22:52:50 | 000,553,984 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8820.sys
    [2011/12/20 22:52:49 | 000,584,448 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8810.sys
    [2011/12/20 22:52:47 | 000,061,440 | ---- | C] (Color Flatbed Scanner) -- C:\WINDOWS\System32\dllcache\acerscad.dll
    [2011/12/20 22:52:45 | 000,462,848 | ---- | C] (Aureal Inc.) -- C:\WINDOWS\System32\dllcache\a3dapi.dll
    [2011/12/20 22:52:43 | 000,689,216 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvs.dll
    [2011/12/20 22:52:43 | 000,148,352 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvsm.sys
    [2011/12/20 22:52:42 | 000,762,780 | ---- | C] (3Com, Inc.) -- C:\WINDOWS\System32\dllcache\3cwmcru.sys
    [2011/12/12 20:48:57 | 001,577,776 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Administrator\Desktop\123abc.com
    [2011/12/10 15:03:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Real
    [2011/12/07 23:42:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
    [2011/12/07 23:25:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
    [2011/12/06 18:08:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
    [2011/12/06 18:08:04 | 000,314,456 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
    [2011/12/06 18:08:04 | 000,020,568 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
    [2011/12/06 18:08:00 | 000,052,952 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
    [2011/12/06 18:08:00 | 000,034,392 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
    [2011/12/06 18:07:59 | 000,435,032 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
    [2011/12/06 18:07:58 | 000,111,320 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
    [2011/12/06 18:07:58 | 000,105,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
    [2011/12/06 18:07:58 | 000,030,808 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
    [2011/12/06 18:07:42 | 000,199,816 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
    [2011/12/06 18:07:42 | 000,041,184 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
    [2011/12/06 18:07:25 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
    [2011/12/06 18:07:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
    [2011/12/06 16:46:26 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
    [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/01/04 08:38:22 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2012/01/04 08:38:02 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-207668334-381256819-3078009527-500.job
    [2012/01/04 08:38:01 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2012/01/04 08:37:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2012/01/04 08:37:52 | 2675,494,912 | -HS- | M] () -- C:\hiberfil.sys
    [2012/01/04 01:02:12 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-207668334-381256819-3078009527-500UA.job
    [2012/01/04 00:51:12 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2012/01/03 14:06:37 | 000,183,808 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012/01/03 13:38:40 | 000,000,750 | ---- | M] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Palm Registration.lnk
    [2012/01/02 21:02:01 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-207668334-381256819-3078009527-500Core.job
    [2012/01/01 12:24:01 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
    [2011/12/31 22:07:23 | 000,000,273 | ---- | M] () -- C:\WINDOWS\dellstat.ini
    [2011/12/31 11:54:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
    [2011/12/28 13:14:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2011/12/26 11:07:34 | 002,378,740 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Christmas2.JPG
    [2011/12/26 07:57:22 | 002,378,383 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Christmas.JPG
    [2011/12/21 08:17:23 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2011/12/12 18:06:01 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-207668334-381256819-3078009527-500.job
    [2011/12/11 20:20:28 | 000,001,054 | ---- | M] () -- C:\WINDOWS\Cpqdiag.ini
    [2011/12/11 20:19:52 | 000,001,994 | ---- | M] () -- C:\WINDOWS\ACT_CFG.INI
    [2011/12/07 13:22:02 | 001,577,776 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Administrator\Desktop\123abc.com
    [2011/12/07 06:37:48 | 000,014,740 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\hyb623re4fsb5
    [2011/12/07 06:37:48 | 000,014,740 | -HS- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\hyb623re4fsb5
    [2011/12/06 18:08:05 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
    [2011/12/06 18:07:59 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
    [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011/12/26 11:07:31 | 002,378,740 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Christmas2.JPG
    [2011/12/26 07:45:29 | 002,378,383 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Christmas.JPG
    [2011/12/21 08:17:23 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2011/12/20 23:08:19 | 000,033,280 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisrndr.ax
    [2011/12/20 23:08:15 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisdecd.dll
    [2011/12/20 23:03:57 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdvbnp.ax
    [2011/12/20 23:02:20 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
    [2011/12/20 23:01:11 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
    [2011/12/20 22:59:16 | 000,165,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt53.dll
    [2011/12/20 22:59:11 | 000,093,696 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt42.dll
    [2011/12/20 22:59:06 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt34.dll
    [2011/12/20 22:59:01 | 000,089,088 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt33.dll
    [2011/12/20 22:58:57 | 000,083,968 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt21.dll
    [2011/12/20 22:58:44 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
    [2011/12/20 22:56:04 | 000,029,768 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divasu.dll
    [2011/12/20 22:56:03 | 000,037,962 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaprop.dll
    [2011/12/20 22:56:02 | 000,006,216 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaci.dll
    [2011/12/20 22:53:20 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atixbar.sys
    [2011/12/20 22:53:19 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativxbar.sys
    [2011/12/20 22:53:19 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativttxx.sys
    [2011/12/20 22:53:18 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitvsnd.sys
    [2011/12/20 22:53:18 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativmdcd.sys
    [2011/12/20 22:53:17 | 000,026,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtsnd.sys
    [2011/12/20 22:53:17 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitunep.sys
    [2011/12/20 22:53:16 | 000,049,920 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtcap.sys
    [2011/12/20 22:53:15 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atipcxxx.sys
    [2011/12/20 22:53:10 | 000,046,464 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atibt829.sys
    [2011/12/20 20:30:23 | 2675,494,912 | -HS- | C] () -- C:\hiberfil.sys
    [2011/12/07 01:12:47 | 000,014,740 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\hyb623re4fsb5
    [2011/12/07 01:12:47 | 000,014,740 | -HS- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\hyb623re4fsb5
    [2011/12/06 18:08:05 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
    [2011/12/01 06:17:06 | 000,013,250 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\i6x1llq4541
    [2011/12/01 06:17:06 | 000,013,250 | -HS- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\i6x1llq4541
    [2011/11/26 10:27:00 | 000,000,062 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\9Fu7vaQKCGlaGo.lic
    [2011/11/26 09:19:08 | 000,000,272 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~9Fu7vaQKCGlaGo
    [2011/11/26 09:19:08 | 000,000,184 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~9Fu7vaQKCGlaGor
    [2011/11/26 09:19:03 | 000,000,536 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\9Fu7vaQKCGlaGo
    [2011/10/29 18:46:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
    [2011/10/23 10:47:02 | 000,000,041 | ---- | C] () -- C:\WINDOWS\lexstat.ini
    [2011/10/21 08:49:36 | 000,000,273 | ---- | C] () -- C:\WINDOWS\dellstat.ini
    [2011/10/21 08:49:15 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbkvs.dll
    [2011/10/21 08:48:57 | 000,000,255 | ---- | C] () -- C:\WINDOWS\System32\dlbkcoin.ini
    [2011/06/26 20:52:23 | 000,091,712 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    [2011/02/18 13:06:32 | 000,016,162 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\m8vi0xb7s6a7oayasu67dcm6rw3l2ey1ta275
    [2011/02/18 13:06:32 | 000,016,162 | -HS- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\m8vi0xb7s6a7oayasu67dcm6rw3l2ey1ta275
    [2010/07/11 19:51:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
    [2010/04/09 17:36:48 | 000,000,044 | ---- | C] () -- C:\WINDOWS\SMWizard.INI
    [2009/12/14 17:22:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
    [2009/06/26 06:49:05 | 000,000,037 | ---- | C] () -- C:\WINDOWS\marscam.ini
    [2009/06/13 15:48:22 | 000,000,173 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
    [2009/02/01 16:56:41 | 000,002,926 | ---- | C] () -- C:\WINDOWS\Dext522b.ini
    [2009/01/27 07:47:32 | 000,183,808 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2008/10/29 19:23:15 | 000,001,994 | ---- | C] () -- C:\WINDOWS\ACT_CFG.INI
    [2008/10/29 19:23:09 | 000,019,845 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cpqdfw.sys
    [2008/10/29 19:23:09 | 000,001,054 | ---- | C] () -- C:\WINDOWS\Cpqdiag.ini
    [2008/10/28 03:21:05 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
    [2008/10/28 03:20:41 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
    [2008/10/28 03:20:36 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
    [2008/10/28 03:20:32 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
    [2008/10/28 03:18:55 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
    [2008/10/28 01:38:16 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2008/10/28 01:34:51 | 000,001,057 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
    [2008/10/28 01:33:34 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
    [2008/10/28 01:33:34 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
    [2008/10/28 01:33:34 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
    [2008/10/28 01:33:34 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
    [2008/10/28 01:33:33 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
    [2008/10/28 01:33:33 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
    [2008/10/28 01:32:59 | 000,005,025 | ---- | C] () -- C:\WINDOWS\System32\patterns.dat
    [2008/10/28 01:32:44 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
    [2007/09/27 14:48:10 | 000,014,100 | ---- | C] () -- C:\WINDOWS\twspmm.ini
    [2004/08/10 12:53:59 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2004/08/09 15:44:34 | 000,441,890 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
    [2004/08/09 15:44:34 | 000,071,700 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
    [2004/08/09 15:40:44 | 000,148,400 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2004/08/09 15:33:30 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2004/08/09 15:28:56 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2001/10/12 09:58:20 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\mr310exd.dll
    [2001/10/12 09:57:18 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\mr310exv.dll
    [2001/08/17 15:30:26 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
    [2001/08/17 15:30:26 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
    [2001/08/17 15:15:40 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
    [2001/07/21 16:36:50 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
    [2001/07/21 16:36:06 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
    [2000/12/07 09:13:58 | 000,015,164 | ---- | C] () -- C:\WINDOWS\mr310twc.ini

    ========== LOP Check ==========

    [2010/03/09 08:59:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\AVG9
    [2010/09/01 09:37:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\CVS
    [2011/09/10 18:00:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Elluminate
    [2011/08/22 05:18:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\HotSync
    [2009/02/26 00:43:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\InterVideo
    [2011/08/22 06:11:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Leadertech
    [2011/01/11 09:51:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\MSNInstaller
    [2009/11/14 13:47:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Snapfish
    [2011/12/06 18:07:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
    [2010/04/15 06:04:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
    [2011/11/07 21:32:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\b
    [2010/06/23 13:45:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Carbonite
    [2011/08/22 05:22:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DataViz
    [2011/08/22 05:22:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
    [2011/02/18 14:08:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
    [2010/12/25 11:50:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Leapfrog
    [2011/02/18 14:51:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
    [2011/12/31 11:54:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.exe >


    < MD5 for: AGP440.SYS >
    [2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys
    [2004/08/04 08:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
    [2008/10/28 07:46:00 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
    [2008/10/28 07:46:00 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
    [2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
    [2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\dllcache\agp440.sys
    [2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

    < MD5 for: ATAPI.SYS >
    [2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
    [2004/08/04 08:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
    [2008/10/28 07:46:00 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
    [2008/10/28 07:46:00 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
    [2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
    [2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
    [2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
    [2004/08/04 01:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
    [2004/08/04 00:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386\atapi.sys
    [2004/08/04 01:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys

    < MD5 for: EVENTLOG.DLL >
    [2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
    [2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll
    [2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
    [2004/08/04 02:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

    < MD5 for: NETLOGON.DLL >
    [2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
    [2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\netlogon.dll
    [2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
    [2004/08/04 02:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

    < MD5 for: SCECLI.DLL >
    [2004/08/04 02:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
    [2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
    [2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\scecli.dll
    [2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

    < End of report >





    OTL extra log:

    OTL Extras logfile created on: 1/4/2012 8:40:43 AM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = E:\diagnostics
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.49 Gb Total Physical Memory | 1.67 Gb Available Physical Memory | 67.12% Memory free
    3.08 Gb Paging File | 2.40 Gb Available in Paging File | 77.76% Paging File free
    Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 232.88 Gb Total Space | 182.48 Gb Free Space | 78.36% Space Free | Partition Type: NTFS
    Drive D: | 6.71 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
    Drive E: | 245.27 Mb Total Space | 231.28 Mb Free Space | 94.29% Space Free | Partition Type: FAT

    Computer Name: KEATING-DESKTOP | User Name: Administrator | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = htmlfile] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    htafile [open] -- "%1" %*
    InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 1
    "FirewallOverride" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]




    MBRcheck log:




    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows XP Professional
    Windows Information: Service Pack 3 (build 2600)
    Logical Drives Mask: 0x0000001d

    Kernel Drivers (total 131):
    0x804D7000 \WINDOWS\system32\ntoskrnl.exe
    0x806EF000 \WINDOWS\system32\hal.dll
    0xF7987000 \WINDOWS\system32\KDCOM.DLL
    0xF7897000 \WINDOWS\system32\BOOTVID.dll
    0xF75A8000 ACPI.sys
    0xF7989000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
    0xF7597000 pci.sys
    0xF75F7000 isapnp.sys
    0xF7A4F000 pciide.sys
    0xF7707000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
    0xF7607000 MountMgr.sys
    0xF74D8000 ftdisk.sys
    0xF798B000 dmload.sys
    0xF74B2000 dmio.sys
    0xF770F000 PartMgr.sys
    0xF7617000 VolSnap.sys
    0xF749A000 atapi.sys
    0xF7627000 disk.sys
    0xF7637000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    0xF747A000 fltmgr.sys
    0xF7468000 sr.sys
    0xF7647000 Lbd.sys
    0xF7657000 PxHelp20.sys
    0xF7451000 KSecDD.sys
    0xF7B52000 Ntfs.sys
    0xF7424000 NDIS.sys
    0xF740A000 Mup.sys
    0xB9C8A000 \SystemRoot\system32\DRIVERS\ialmnt5.sys
    0xB9C76000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    0xF778F000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0xB9C52000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0xF7797000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0xB9C28000 \SystemRoot\system32\DRIVERS\b57xp32.sys
    0xF7507000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0xF779F000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0xF77A7000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0xB9C14000 \SystemRoot\system32\DRIVERS\parport.sys
    0xF74F7000 \SystemRoot\system32\DRIVERS\serial.sys
    0xF7943000 \SystemRoot\system32\DRIVERS\serenum.sys
    0xF77AF000 \SystemRoot\system32\DRIVERS\fdc.sys
    0xBA78C000 \SystemRoot\system32\DRIVERS\imapi.sys
    0xF77B7000 \SystemRoot\system32\drivers\Afc.sys
    0xBA77C000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0xBA76C000 \SystemRoot\system32\DRIVERS\redbook.sys
    0xB9BF1000 \SystemRoot\system32\DRIVERS\ks.sys
    0xB9BD4000 \SystemRoot\System32\Drivers\pwd_2k.SYS
    0xB9B46000 \SystemRoot\system32\drivers\smwdm.sys
    0xB9B22000 \SystemRoot\system32\drivers\portcls.sys
    0xBA75C000 \SystemRoot\system32\drivers\drmk.sys
    0xB9B0A000 \SystemRoot\system32\drivers\aeaudio.sys
    0xBA74C000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0xBA7A2000 \SystemRoot\system32\DRIVERS\audstub.sys
    0xBA73C000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0xF7947000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0xB9AF3000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0xBA72C000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0xBA71C000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0xF77BF000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0xB9AE2000 \SystemRoot\system32\DRIVERS\psched.sys
    0xBA70C000 \SystemRoot\system32\DRIVERS\msgpc.sys
    0xF77C7000 \SystemRoot\system32\DRIVERS\ptilink.sys
    0xF77CF000 \SystemRoot\system32\DRIVERS\raspti.sys
    0xB9A12000 \SystemRoot\system32\DRIVERS\rdpdr.sys
    0xBA6FC000 \SystemRoot\system32\DRIVERS\termdd.sys
    0xF79B5000 \SystemRoot\system32\DRIVERS\swenum.sys
    0xB99B4000 \SystemRoot\system32\DRIVERS\update.sys
    0xBA7E8000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0xF77D7000 \SystemRoot\System32\Drivers\dvd_2K.SYS
    0xF7677000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0xF76A7000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0xF79DF000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0xF77EF000 \SystemRoot\system32\DRIVERS\flpydisk.sys
    0xB9DD0000 \SystemRoot\System32\Drivers\Cdr4_xp.SYS
    0xB9DCF000 \SystemRoot\System32\Drivers\Cdralw2k.SYS
    0xF79A5000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0xB9DCE000 \SystemRoot\System32\Drivers\Null.SYS
    0xF79A7000 \SystemRoot\System32\Drivers\Beep.SYS
    0xF7757000 \SystemRoot\System32\drivers\vga.sys
    0xF79A9000 \SystemRoot\System32\Drivers\mnmdd.SYS
    0xF79AB000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0xB17FB000 \SystemRoot\System32\Drivers\cdudf_xp.SYS
    0xB17C5000 \SystemRoot\System32\Drivers\DVDVRRdr_xp.SYS
    0xF775F000 \SystemRoot\System32\Drivers\Msfs.SYS
    0xF7767000 \SystemRoot\System32\Drivers\Npfs.SYS
    0xB177E000 \SystemRoot\System32\Drivers\UdfReadr_xp.SYS
    0xB187F000 \SystemRoot\system32\DRIVERS\rasacd.sys
    0xB1759000 \SystemRoot\system32\DRIVERS\ipsec.sys
    0xB1700000 \SystemRoot\system32\DRIVERS\tcpip.sys
    0xF7577000 \SystemRoot\System32\Drivers\aswTdi.SYS
    0xB16B0000 \SystemRoot\system32\DRIVERS\netbt.sys
    0xF776F000 \SystemRoot\System32\Drivers\aswRdr.SYS
    0xF7567000 \SystemRoot\system32\DRIVERS\netbios.sys
    0xB168E000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
    0xF7777000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
    0xB1663000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0xB15F3000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0xF7547000 \SystemRoot\System32\Drivers\Fips.SYS
    0xF7537000 \SystemRoot\System32\Drivers\ClntMgmt.sys
    0xB14F7000 \SystemRoot\System32\Drivers\aswSP.SYS
    0xB1462000 \SystemRoot\System32\Drivers\aswSnx.SYS
    0xB18C3000 \SystemRoot\System32\Drivers\Aavmker4.SYS
    0xBA7B8000 \SystemRoot\system32\DRIVERS\usbscan.sys
    0xB18BB000 \SystemRoot\system32\DRIVERS\usbprint.sys
    0xB1429000 \SystemRoot\System32\Drivers\Udfs.SYS
    0xB1411000 \SystemRoot\System32\Drivers\dump_atapi.sys
    0xF79B9000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
    0xBF800000 \SystemRoot\System32\win32k.sys
    0xBA422000 \SystemRoot\System32\drivers\Dxapi.sys
    0xB18AB000 \SystemRoot\System32\watchdog.sys
    0xB15E3000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0xBF000000 \SystemRoot\System32\drivers\dxg.sys
    0xF7AB0000 \SystemRoot\System32\drivers\dxgthk.sys
    0xBF020000 \SystemRoot\System32\ialmdnt5.dll
    0xBF012000 \SystemRoot\System32\ialmrnt5.dll
    0xBF042000 \SystemRoot\System32\ialmdev5.DLL
    0xBF077000 \SystemRoot\System32\ialmdd5.DLL
    0xBF159000 \SystemRoot\System32\ATMFD.DLL
    0xBA42A000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
    0xAEB24000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0xAD9D4000 \SystemRoot\System32\Drivers\aswMon2.SYS
    0xAD687000 \SystemRoot\system32\DRIVERS\mrxdav.sys
    0xAD64A000 \SystemRoot\system32\drivers\wdmaud.sys
    0xAD96C000 \SystemRoot\system32\drivers\sysaudio.sys
    0xF77DF000 \??\C:\WINDOWS\system32\drivers\cpqdfw.sys
    0xAD67F000 \??\C:\WINDOWS\system32\drivers\cqcpu.sys
    0xF79C7000 \??\C:\WINDOWS\system32\drivers\cq_mem.sys
    0xAD29B000 \SystemRoot\system32\DRIVERS\srv.sys
    0xB1883000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    0xACA57000 \SystemRoot\System32\Drivers\Fastfat.SYS
    0xACF33000 \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\aswMBR.sys
    0x7C900000 \WINDOWS\system32\ntdll.dll

    Processes (total 56):
    0 System Idle Process
    4 System
    500 C:\WINDOWS\system32\smss.exe
    656 csrss.exe
    764 C:\WINDOWS\system32\winlogon.exe
    808 C:\WINDOWS\system32\services.exe
    820 C:\WINDOWS\system32\lsass.exe
    980 C:\WINDOWS\system32\svchost.exe
    1056 svchost.exe
    1088 C:\WINDOWS\system32\svchost.exe
    1172 svchost.exe
    1496 C:\WINDOWS\explorer.exe
    1576 C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    1912 C:\WINDOWS\system32\LEXBCES.EXE
    1940 C:\WINDOWS\system32\spoolsv.exe
    1952 C:\WINDOWS\system32\LEXPPS.EXE
    192 svchost.exe
    272 C:\Program Files\Google\Update\GoogleUpdate.exe
    576 C:\Program Files\SUPERAntiSpyware\SASCore.exe
    592 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    640 C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
    676 C:\Program Files\Compaq\Compaq Management Agents\Cpqalert.exe
    700 C:\PROGRA~1\Compaq\COMPAQ~1\CPQWEB~1\Webdmi.exe
    1180 C:\Program Files\Java\jre6\bin\jqs.exe
    1400 C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
    1440 svchost.exe
    1668 C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    1256 C:\WINDOWS\system32\svchost.exe
    2072 C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe
    2092 C:\WINDOWS\system32\MsPMSPSv.exe
    2156 C:\PROGRA~1\Compaq\COMPAQ~1\Cpqdmi.exe
    2676 C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    2684 C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
    2712 C:\WINDOWS\system32\igfxtray.exe
    2720 C:\WINDOWS\system32\hkcmd.exe
    2728 C:\WINDOWS\system32\igfxpers.exe
    2736 C:\PROGRA~1\Compaq\COMPAQ~1\Chkadmin.exe
    2748 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    2812 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    2864 C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
    2896 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
    2916 C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
    2936 C:\Program Files\Common Files\Java\Java Update\jusched.exe
    2992 C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
    3028 C:\Program Files\AVAST Software\Avast\AvastUI.exe
    3044 C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
    3068 C:\Program Files\Messenger\msmsgs.exe
    3076 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    3096 C:\WINDOWS\system32\ctfmon.exe
    3124 C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    3236 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    3376 C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
    3520 C:\Program Files\USB 2.0 WebCam Device\Monitor.exe
    3552 C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    3608 C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
    608 C:\Documents and Settings\Administrator\Desktop\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

    PhysicalDrive0 Model Number: SAMSUNGSP2514N, Rev: VF100-41

    Size Device Name MBR Status
    --------------------------------------------
    232 GB \\.\PhysicalDrive0 MBR Code Faked!
    SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


    Found non-standard or infected MBR.
    Enter 'Y' and hit ENTER for more options, or 'N' to exit:
    Options:
    [1] Dump the MBR of a physical disk to file.
    [2] Restore the MBR of a physical disk with a standard boot code.
    [3] Exit.

    Enter your choice:

    Done!

  10. #10
    Member Spyware Fighter
    Join Date
    Jun 2010
    Location
    Bement,Ill USA
    Posts
    1,340
    Points
    146

    Default

    Re-Run MBRCheck.exe
    • Wait until you see the following line: Enter 'Y' and hit ENTER for more options, or 'N' to exit:
    • Please push the 'Y' key and then press Enter
    • When program ask you Enter your choice: enter
      [1] Dump the MBR of a physical disk to file.
      and press the Enter key
    • Next it will say Enter the physical disk number to dump <0-99, -1 to exit>
    • Type 0 and press Enter
    • The program will ask for the file name to dump to, type dump.dat and Press Enter. You should see Dumped successfully.
    • Next, type -1 and press Enter. Next press Enter again, and the program will exit.
    • Save it to your desktop then attach the resultant output in your next reply.
    " Extinguishing Malware from the world"

    The Spware Help forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.
    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
    Thanks-




Page 1 of 3 123 LastLast